1 /* crypto/rsa/rsa_pmeth.c */ 2 /* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 2006. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60 #include <stdio.h> 61 #include "cryptlib.h" 62 #include <openssl/asn1t.h> 63 #include <openssl/x509.h> 64 #include <openssl/rsa.h> 65 #include <openssl/bn.h> 66 #include <openssl/evp.h> 67 #ifndef OPENSSL_NO_CMS 68 # include <openssl/cms.h> 69 #endif 70 #ifdef OPENSSL_FIPS 71 # include <openssl/fips.h> 72 #endif 73 #include "evp_locl.h" 74 #include "rsa_locl.h" 75 76 /* RSA pkey context structure */ 77 78 typedef struct { 79 /* Key gen parameters */ 80 int nbits; 81 BIGNUM *pub_exp; 82 /* Keygen callback info */ 83 int gentmp[2]; 84 /* RSA padding mode */ 85 int pad_mode; 86 /* message digest */ 87 const EVP_MD *md; 88 /* message digest for MGF1 */ 89 const EVP_MD *mgf1md; 90 /* PSS/OAEP salt length */ 91 int saltlen; 92 /* Temp buffer */ 93 unsigned char *tbuf; 94 } RSA_PKEY_CTX; 95 96 static int pkey_rsa_init(EVP_PKEY_CTX *ctx) 97 { 98 RSA_PKEY_CTX *rctx; 99 rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); 100 if (!rctx) 101 return 0; 102 rctx->nbits = 1024; 103 rctx->pub_exp = NULL; 104 rctx->pad_mode = RSA_PKCS1_PADDING; 105 rctx->md = NULL; 106 rctx->mgf1md = NULL; 107 rctx->tbuf = NULL; 108 109 rctx->saltlen = -2; 110 111 ctx->data = rctx; 112 ctx->keygen_info = rctx->gentmp; 113 ctx->keygen_info_count = 2; 114 115 return 1; 116 } 117 118 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 119 { 120 RSA_PKEY_CTX *dctx, *sctx; 121 if (!pkey_rsa_init(dst)) 122 return 0; 123 sctx = src->data; 124 dctx = dst->data; 125 dctx->nbits = sctx->nbits; 126 if (sctx->pub_exp) { 127 dctx->pub_exp = BN_dup(sctx->pub_exp); 128 if (!dctx->pub_exp) 129 return 0; 130 } 131 dctx->pad_mode = sctx->pad_mode; 132 dctx->md = sctx->md; 133 return 1; 134 } 135 136 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) 137 { 138 if (ctx->tbuf) 139 return 1; 140 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); 141 if (!ctx->tbuf) 142 return 0; 143 return 1; 144 } 145 146 static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) 147 { 148 RSA_PKEY_CTX *rctx = ctx->data; 149 if (rctx) { 150 if (rctx->pub_exp) 151 BN_free(rctx->pub_exp); 152 if (rctx->tbuf) 153 OPENSSL_free(rctx->tbuf); 154 OPENSSL_free(rctx); 155 } 156 } 157 158 #ifdef OPENSSL_FIPS 159 /* 160 * FIP checker. Return value indicates status of context parameters: 1 : 161 * redirect to FIPS. 0 : don't redirect to FIPS. -1 : illegal operation in 162 * FIPS mode. 163 */ 164 165 static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) 166 { 167 RSA_PKEY_CTX *rctx = ctx->data; 168 RSA *rsa = ctx->pkey->pkey.rsa; 169 int rv = -1; 170 if (!FIPS_mode()) 171 return 0; 172 if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) 173 rv = 0; 174 if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) 175 return -1; 176 if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS)) 177 return rv; 178 if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) 179 return rv; 180 return 1; 181 } 182 #endif 183 184 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, 185 size_t *siglen, const unsigned char *tbs, 186 size_t tbslen) 187 { 188 int ret; 189 RSA_PKEY_CTX *rctx = ctx->data; 190 RSA *rsa = ctx->pkey->pkey.rsa; 191 192 #ifdef OPENSSL_FIPS 193 ret = pkey_fips_check_ctx(ctx); 194 if (ret < 0) { 195 RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 196 return -1; 197 } 198 #endif 199 200 if (rctx->md) { 201 if (tbslen != (size_t)EVP_MD_size(rctx->md)) { 202 RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); 203 return -1; 204 } 205 #ifdef OPENSSL_FIPS 206 if (ret > 0) { 207 unsigned int slen; 208 ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, 209 rctx->pad_mode, 210 rctx->saltlen, 211 rctx->mgf1md, sig, &slen); 212 if (ret > 0) 213 *siglen = slen; 214 else 215 *siglen = 0; 216 return ret; 217 } 218 #endif 219 220 if (EVP_MD_type(rctx->md) == NID_mdc2) { 221 unsigned int sltmp; 222 if (rctx->pad_mode != RSA_PKCS1_PADDING) 223 return -1; 224 ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, 225 tbs, tbslen, sig, &sltmp, rsa); 226 227 if (ret <= 0) 228 return ret; 229 ret = sltmp; 230 } else if (rctx->pad_mode == RSA_X931_PADDING) { 231 if (!setup_tbuf(rctx, ctx)) 232 return -1; 233 memcpy(rctx->tbuf, tbs, tbslen); 234 rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); 235 ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, 236 sig, rsa, RSA_X931_PADDING); 237 } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { 238 unsigned int sltmp; 239 ret = RSA_sign(EVP_MD_type(rctx->md), 240 tbs, tbslen, sig, &sltmp, rsa); 241 if (ret <= 0) 242 return ret; 243 ret = sltmp; 244 } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { 245 if (!setup_tbuf(rctx, ctx)) 246 return -1; 247 if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, 248 rctx->tbuf, tbs, 249 rctx->md, rctx->mgf1md, 250 rctx->saltlen)) 251 return -1; 252 ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, 253 sig, rsa, RSA_NO_PADDING); 254 } else 255 return -1; 256 } else 257 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, 258 rctx->pad_mode); 259 if (ret < 0) 260 return ret; 261 *siglen = ret; 262 return 1; 263 } 264 265 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, 266 unsigned char *rout, size_t *routlen, 267 const unsigned char *sig, size_t siglen) 268 { 269 int ret; 270 RSA_PKEY_CTX *rctx = ctx->data; 271 272 if (rctx->md) { 273 if (rctx->pad_mode == RSA_X931_PADDING) { 274 if (!setup_tbuf(rctx, ctx)) 275 return -1; 276 ret = RSA_public_decrypt(siglen, sig, 277 rctx->tbuf, ctx->pkey->pkey.rsa, 278 RSA_X931_PADDING); 279 if (ret < 1) 280 return 0; 281 ret--; 282 if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) { 283 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, 284 RSA_R_ALGORITHM_MISMATCH); 285 return 0; 286 } 287 if (ret != EVP_MD_size(rctx->md)) { 288 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, 289 RSA_R_INVALID_DIGEST_LENGTH); 290 return 0; 291 } 292 if (rout) 293 memcpy(rout, rctx->tbuf, ret); 294 } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { 295 size_t sltmp; 296 ret = int_rsa_verify(EVP_MD_type(rctx->md), 297 NULL, 0, rout, &sltmp, 298 sig, siglen, ctx->pkey->pkey.rsa); 299 if (ret <= 0) 300 return 0; 301 ret = sltmp; 302 } else 303 return -1; 304 } else 305 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, 306 rctx->pad_mode); 307 if (ret < 0) 308 return ret; 309 *routlen = ret; 310 return 1; 311 } 312 313 static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, 314 const unsigned char *sig, size_t siglen, 315 const unsigned char *tbs, size_t tbslen) 316 { 317 RSA_PKEY_CTX *rctx = ctx->data; 318 RSA *rsa = ctx->pkey->pkey.rsa; 319 size_t rslen; 320 #ifdef OPENSSL_FIPS 321 int rv; 322 rv = pkey_fips_check_ctx(ctx); 323 if (rv < 0) { 324 RSAerr(RSA_F_PKEY_RSA_VERIFY, 325 RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 326 return -1; 327 } 328 #endif 329 if (rctx->md) { 330 #ifdef OPENSSL_FIPS 331 if (rv > 0) { 332 return FIPS_rsa_verify_digest(rsa, 333 tbs, tbslen, 334 rctx->md, 335 rctx->pad_mode, 336 rctx->saltlen, 337 rctx->mgf1md, sig, siglen); 338 339 } 340 #endif 341 if (rctx->pad_mode == RSA_PKCS1_PADDING) 342 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, 343 sig, siglen, rsa); 344 if (rctx->pad_mode == RSA_X931_PADDING) { 345 if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) 346 return 0; 347 } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { 348 int ret; 349 if (!setup_tbuf(rctx, ctx)) 350 return -1; 351 ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, 352 rsa, RSA_NO_PADDING); 353 if (ret <= 0) 354 return 0; 355 ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, 356 rctx->md, rctx->mgf1md, 357 rctx->tbuf, rctx->saltlen); 358 if (ret <= 0) 359 return 0; 360 return 1; 361 } else 362 return -1; 363 } else { 364 if (!setup_tbuf(rctx, ctx)) 365 return -1; 366 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, 367 rsa, rctx->pad_mode); 368 if (rslen == 0) 369 return 0; 370 } 371 372 if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) 373 return 0; 374 375 return 1; 376 377 } 378 379 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, 380 unsigned char *out, size_t *outlen, 381 const unsigned char *in, size_t inlen) 382 { 383 int ret; 384 RSA_PKEY_CTX *rctx = ctx->data; 385 ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, 386 rctx->pad_mode); 387 if (ret < 0) 388 return ret; 389 *outlen = ret; 390 return 1; 391 } 392 393 static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, 394 unsigned char *out, size_t *outlen, 395 const unsigned char *in, size_t inlen) 396 { 397 int ret; 398 RSA_PKEY_CTX *rctx = ctx->data; 399 ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, 400 rctx->pad_mode); 401 if (ret < 0) 402 return ret; 403 *outlen = ret; 404 return 1; 405 } 406 407 static int check_padding_md(const EVP_MD *md, int padding) 408 { 409 if (!md) 410 return 1; 411 412 if (padding == RSA_NO_PADDING) { 413 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); 414 return 0; 415 } 416 417 if (padding == RSA_X931_PADDING) { 418 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { 419 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); 420 return 0; 421 } 422 return 1; 423 } 424 425 return 1; 426 } 427 428 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 429 { 430 RSA_PKEY_CTX *rctx = ctx->data; 431 switch (type) { 432 case EVP_PKEY_CTRL_RSA_PADDING: 433 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) { 434 if (!check_padding_md(rctx->md, p1)) 435 return 0; 436 if (p1 == RSA_PKCS1_PSS_PADDING) { 437 if (!(ctx->operation & 438 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) 439 goto bad_pad; 440 if (!rctx->md) 441 rctx->md = EVP_sha1(); 442 } 443 if (p1 == RSA_PKCS1_OAEP_PADDING) { 444 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) 445 goto bad_pad; 446 if (!rctx->md) 447 rctx->md = EVP_sha1(); 448 } 449 rctx->pad_mode = p1; 450 return 1; 451 } 452 bad_pad: 453 RSAerr(RSA_F_PKEY_RSA_CTRL, 454 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); 455 return -2; 456 457 case EVP_PKEY_CTRL_GET_RSA_PADDING: 458 *(int *)p2 = rctx->pad_mode; 459 return 1; 460 461 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: 462 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: 463 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { 464 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); 465 return -2; 466 } 467 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) 468 *(int *)p2 = rctx->saltlen; 469 else { 470 if (p1 < -2) 471 return -2; 472 rctx->saltlen = p1; 473 } 474 return 1; 475 476 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: 477 if (p1 < 256) { 478 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); 479 return -2; 480 } 481 rctx->nbits = p1; 482 return 1; 483 484 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: 485 if (!p2) 486 return -2; 487 rctx->pub_exp = p2; 488 return 1; 489 490 case EVP_PKEY_CTRL_MD: 491 if (!check_padding_md(p2, rctx->pad_mode)) 492 return 0; 493 rctx->md = p2; 494 return 1; 495 496 case EVP_PKEY_CTRL_RSA_MGF1_MD: 497 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: 498 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { 499 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD); 500 return -2; 501 } 502 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { 503 if (rctx->mgf1md) 504 *(const EVP_MD **)p2 = rctx->mgf1md; 505 else 506 *(const EVP_MD **)p2 = rctx->md; 507 } else 508 rctx->mgf1md = p2; 509 return 1; 510 511 case EVP_PKEY_CTRL_DIGESTINIT: 512 case EVP_PKEY_CTRL_PKCS7_ENCRYPT: 513 case EVP_PKEY_CTRL_PKCS7_DECRYPT: 514 case EVP_PKEY_CTRL_PKCS7_SIGN: 515 return 1; 516 #ifndef OPENSSL_NO_CMS 517 case EVP_PKEY_CTRL_CMS_DECRYPT: 518 { 519 X509_ALGOR *alg = NULL; 520 ASN1_OBJECT *encalg = NULL; 521 if (p2) 522 CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg); 523 if (alg) 524 X509_ALGOR_get0(&encalg, NULL, NULL, alg); 525 if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep) 526 rctx->pad_mode = RSA_PKCS1_OAEP_PADDING; 527 } 528 case EVP_PKEY_CTRL_CMS_ENCRYPT: 529 case EVP_PKEY_CTRL_CMS_SIGN: 530 return 1; 531 #endif 532 case EVP_PKEY_CTRL_PEER_KEY: 533 RSAerr(RSA_F_PKEY_RSA_CTRL, 534 RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 535 return -2; 536 537 default: 538 return -2; 539 540 } 541 } 542 543 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, 544 const char *type, const char *value) 545 { 546 if (!value) { 547 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); 548 return 0; 549 } 550 if (!strcmp(type, "rsa_padding_mode")) { 551 int pm; 552 if (!strcmp(value, "pkcs1")) 553 pm = RSA_PKCS1_PADDING; 554 else if (!strcmp(value, "sslv23")) 555 pm = RSA_SSLV23_PADDING; 556 else if (!strcmp(value, "none")) 557 pm = RSA_NO_PADDING; 558 else if (!strcmp(value, "oeap")) 559 pm = RSA_PKCS1_OAEP_PADDING; 560 else if (!strcmp(value, "oaep")) 561 pm = RSA_PKCS1_OAEP_PADDING; 562 else if (!strcmp(value, "x931")) 563 pm = RSA_X931_PADDING; 564 else if (!strcmp(value, "pss")) 565 pm = RSA_PKCS1_PSS_PADDING; 566 else { 567 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); 568 return -2; 569 } 570 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); 571 } 572 573 if (!strcmp(type, "rsa_pss_saltlen")) { 574 int saltlen; 575 saltlen = atoi(value); 576 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); 577 } 578 579 if (!strcmp(type, "rsa_keygen_bits")) { 580 int nbits; 581 nbits = atoi(value); 582 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); 583 } 584 585 if (!strcmp(type, "rsa_keygen_pubexp")) { 586 int ret; 587 BIGNUM *pubexp = NULL; 588 if (!BN_asc2bn(&pubexp, value)) 589 return 0; 590 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); 591 if (ret <= 0) 592 BN_free(pubexp); 593 return ret; 594 } 595 596 return -2; 597 } 598 599 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 600 { 601 RSA *rsa = NULL; 602 RSA_PKEY_CTX *rctx = ctx->data; 603 BN_GENCB *pcb, cb; 604 int ret; 605 if (!rctx->pub_exp) { 606 rctx->pub_exp = BN_new(); 607 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) 608 return 0; 609 } 610 rsa = RSA_new(); 611 if (!rsa) 612 return 0; 613 if (ctx->pkey_gencb) { 614 pcb = &cb; 615 evp_pkey_set_cb_translate(pcb, ctx); 616 } else 617 pcb = NULL; 618 ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); 619 if (ret > 0) 620 EVP_PKEY_assign_RSA(pkey, rsa); 621 else 622 RSA_free(rsa); 623 return ret; 624 } 625 626 const EVP_PKEY_METHOD rsa_pkey_meth = { 627 EVP_PKEY_RSA, 628 EVP_PKEY_FLAG_AUTOARGLEN, 629 pkey_rsa_init, 630 pkey_rsa_copy, 631 pkey_rsa_cleanup, 632 633 0, 0, 634 635 0, 636 pkey_rsa_keygen, 637 638 0, 639 pkey_rsa_sign, 640 641 0, 642 pkey_rsa_verify, 643 644 0, 645 pkey_rsa_verifyrecover, 646 647 0, 0, 0, 0, 648 649 0, 650 pkey_rsa_encrypt, 651 652 0, 653 pkey_rsa_decrypt, 654 655 0, 0, 656 657 pkey_rsa_ctrl, 658 pkey_rsa_ctrl_str 659 }; 660