Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

rsa_pmeth.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago
prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新 ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新以下のOSSをアップデート・mruby-1.3.0 ・musl-1.1.18 ・onigmo-6.1.3 ・tcc-0.9.27 以下のOSSを追加・openssl-1.1.0e ・curl-7.57.0 ・zlib-1.2.11 以下のmrbgemsを追加・iij/mruby-digest ・iij/mruby-env ・iij/mruby-errno ・iij/mruby-iijson ・iij/mruby-ipaddr ・iij/mruby-mock ・iij/mruby-require ・iij/mruby-tls-openssl
Property svn:eol-style set to `native` Property svn:mime-type set to `text/x-csrc`
File size: 19.7 KB

Line
1	/*
2	* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the OpenSSL license (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <stdio.h>
11	#include "internal/cryptlib.h"
12	#include <openssl/asn1t.h>
13	#include <openssl/x509.h>
14	#include <openssl/rsa.h>
15	#include <openssl/bn.h>
16	#include <openssl/evp.h>
17	#include <openssl/x509v3.h>
18	#include <openssl/cms.h>
19	#include "internal/evp_int.h"
20	#include "rsa_locl.h"
21
22	/* RSA pkey context structure */
23
24	typedef struct {
25	/* Key gen parameters */
26	int nbits;
27	BIGNUM *pub_exp;
28	/* Keygen callback info */
29	int gentmp[2];
30	/* RSA padding mode */
31	int pad_mode;
32	/* message digest */
33	const EVP_MD *md;
34	/* message digest for MGF1 */
35	const EVP_MD *mgf1md;
36	/* PSS salt length */
37	int saltlen;
38	/* Temp buffer */
39	unsigned char *tbuf;
40	/* OAEP label */
41	unsigned char *oaep_label;
42	size_t oaep_labellen;
43	} RSA_PKEY_CTX;
44
45	static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
46	{
47	RSA_PKEY_CTX *rctx;
48	rctx = OPENSSL_zalloc(sizeof(*rctx));
49	if (rctx == NULL)
50	return 0;
51	rctx->nbits = 1024;
52	rctx->pad_mode = RSA_PKCS1_PADDING;
53	rctx->saltlen = -2;
54	ctx->data = rctx;
55	ctx->keygen_info = rctx->gentmp;
56	ctx->keygen_info_count = 2;
57
58	return 1;
59	}
60
61	static int pkey_rsa_copy(EVP_PKEY_CTX dst, EVP_PKEY_CTX src)
62	{
63	RSA_PKEY_CTX dctx, sctx;
64	if (!pkey_rsa_init(dst))
65	return 0;
66	sctx = src->data;
67	dctx = dst->data;
68	dctx->nbits = sctx->nbits;
69	if (sctx->pub_exp) {
70	dctx->pub_exp = BN_dup(sctx->pub_exp);
71	if (!dctx->pub_exp)
72	return 0;
73	}
74	dctx->pad_mode = sctx->pad_mode;
75	dctx->md = sctx->md;
76	dctx->mgf1md = sctx->mgf1md;
77	if (sctx->oaep_label) {
78	OPENSSL_free(dctx->oaep_label);
79	dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
80	if (!dctx->oaep_label)
81	return 0;
82	dctx->oaep_labellen = sctx->oaep_labellen;
83	}
84	return 1;
85	}
86
87	static int setup_tbuf(RSA_PKEY_CTX ctx, EVP_PKEY_CTX pk)
88	{
89	if (ctx->tbuf)
90	return 1;
91	ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
92	if (ctx->tbuf == NULL)
93	return 0;
94	return 1;
95	}
96
97	static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
98	{
99	RSA_PKEY_CTX *rctx = ctx->data;
100	if (rctx) {
101	BN_free(rctx->pub_exp);
102	OPENSSL_free(rctx->tbuf);
103	OPENSSL_free(rctx->oaep_label);
104	OPENSSL_free(rctx);
105	}
106	}
107
108	static int pkey_rsa_sign(EVP_PKEY_CTX ctx, unsigned char sig,
109	size_t siglen, const unsigned char tbs,
110	size_t tbslen)
111	{
112	int ret;
113	RSA_PKEY_CTX *rctx = ctx->data;
114	RSA *rsa = ctx->pkey->pkey.rsa;
115
116	if (rctx->md) {
117	if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
118	RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
119	return -1;
120	}
121
122	if (EVP_MD_type(rctx->md) == NID_mdc2) {
123	unsigned int sltmp;
124	if (rctx->pad_mode != RSA_PKCS1_PADDING)
125	return -1;
126	ret = RSA_sign_ASN1_OCTET_STRING(0,
127	tbs, tbslen, sig, &sltmp, rsa);
128
129	if (ret <= 0)
130	return ret;
131	ret = sltmp;
132	} else if (rctx->pad_mode == RSA_X931_PADDING) {
133	if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
134	RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL);
135	return -1;
136	}
137	if (!setup_tbuf(rctx, ctx)) {
138	RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE);
139	return -1;
140	}
141	memcpy(rctx->tbuf, tbs, tbslen);
142	rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
143	ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
144	sig, rsa, RSA_X931_PADDING);
145	} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
146	unsigned int sltmp;
147	ret = RSA_sign(EVP_MD_type(rctx->md),
148	tbs, tbslen, sig, &sltmp, rsa);
149	if (ret <= 0)
150	return ret;
151	ret = sltmp;
152	} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
153	if (!setup_tbuf(rctx, ctx))
154	return -1;
155	if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
156	rctx->tbuf, tbs,
157	rctx->md, rctx->mgf1md,
158	rctx->saltlen))
159	return -1;
160	ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
161	sig, rsa, RSA_NO_PADDING);
162	} else
163	return -1;
164	} else
165	ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
166	rctx->pad_mode);
167	if (ret < 0)
168	return ret;
169	*siglen = ret;
170	return 1;
171	}
172
173	static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
174	unsigned char rout, size_t routlen,
175	const unsigned char *sig, size_t siglen)
176	{
177	int ret;
178	RSA_PKEY_CTX *rctx = ctx->data;
179
180	if (rctx->md) {
181	if (rctx->pad_mode == RSA_X931_PADDING) {
182	if (!setup_tbuf(rctx, ctx))
183	return -1;
184	ret = RSA_public_decrypt(siglen, sig,
185	rctx->tbuf, ctx->pkey->pkey.rsa,
186	RSA_X931_PADDING);
187	if (ret < 1)
188	return 0;
189	ret--;
190	if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
191	RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
192	RSA_R_ALGORITHM_MISMATCH);
193	return 0;
194	}
195	if (ret != EVP_MD_size(rctx->md)) {
196	RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
197	RSA_R_INVALID_DIGEST_LENGTH);
198	return 0;
199	}
200	if (rout)
201	memcpy(rout, rctx->tbuf, ret);
202	} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
203	size_t sltmp;
204	ret = int_rsa_verify(EVP_MD_type(rctx->md),
205	NULL, 0, rout, &sltmp,
206	sig, siglen, ctx->pkey->pkey.rsa);
207	if (ret <= 0)
208	return 0;
209	ret = sltmp;
210	} else
211	return -1;
212	} else
213	ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
214	rctx->pad_mode);
215	if (ret < 0)
216	return ret;
217	*routlen = ret;
218	return 1;
219	}
220
221	static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
222	const unsigned char *sig, size_t siglen,
223	const unsigned char *tbs, size_t tbslen)
224	{
225	RSA_PKEY_CTX *rctx = ctx->data;
226	RSA *rsa = ctx->pkey->pkey.rsa;
227	size_t rslen;
228	if (rctx->md) {
229	if (rctx->pad_mode == RSA_PKCS1_PADDING)
230	return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
231	sig, siglen, rsa);
232	if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
233	RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
234	return -1;
235	}
236	if (rctx->pad_mode == RSA_X931_PADDING) {
237	if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
238	return 0;
239	} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
240	int ret;
241	if (!setup_tbuf(rctx, ctx))
242	return -1;
243	ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
244	rsa, RSA_NO_PADDING);
245	if (ret <= 0)
246	return 0;
247	ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
248	rctx->md, rctx->mgf1md,
249	rctx->tbuf, rctx->saltlen);
250	if (ret <= 0)
251	return 0;
252	return 1;
253	} else
254	return -1;
255	} else {
256	if (!setup_tbuf(rctx, ctx))
257	return -1;
258	rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
259	rsa, rctx->pad_mode);
260	if (rslen == 0)
261	return 0;
262	}
263
264	if ((rslen != tbslen) \|\| memcmp(tbs, rctx->tbuf, rslen))
265	return 0;
266
267	return 1;
268
269	}
270
271	static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
272	unsigned char out, size_t outlen,
273	const unsigned char *in, size_t inlen)
274	{
275	int ret;
276	RSA_PKEY_CTX *rctx = ctx->data;
277	if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
278	int klen = RSA_size(ctx->pkey->pkey.rsa);
279	if (!setup_tbuf(rctx, ctx))
280	return -1;
281	if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
282	in, inlen,
283	rctx->oaep_label,
284	rctx->oaep_labellen,
285	rctx->md, rctx->mgf1md))
286	return -1;
287	ret = RSA_public_encrypt(klen, rctx->tbuf, out,
288	ctx->pkey->pkey.rsa, RSA_NO_PADDING);
289	} else
290	ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
291	rctx->pad_mode);
292	if (ret < 0)
293	return ret;
294	*outlen = ret;
295	return 1;
296	}
297
298	static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
299	unsigned char out, size_t outlen,
300	const unsigned char *in, size_t inlen)
301	{
302	int ret;
303	RSA_PKEY_CTX *rctx = ctx->data;
304	if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
305	int i;
306	if (!setup_tbuf(rctx, ctx))
307	return -1;
308	ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
309	ctx->pkey->pkey.rsa, RSA_NO_PADDING);
310	if (ret <= 0)
311	return ret;
312	for (i = 0; i < ret; i++) {
313	if (rctx->tbuf[i])
314	break;
315	}
316	ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf + i,
317	ret - i, ret,
318	rctx->oaep_label,
319	rctx->oaep_labellen,
320	rctx->md, rctx->mgf1md);
321	} else
322	ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
323	rctx->pad_mode);
324	if (ret < 0)
325	return ret;
326	*outlen = ret;
327	return 1;
328	}
329
330	static int check_padding_md(const EVP_MD *md, int padding)
331	{
332	int mdnid;
333	if (!md)
334	return 1;
335
336	mdnid = EVP_MD_type(md);
337
338	if (padding == RSA_NO_PADDING) {
339	RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
340	return 0;
341	}
342
343	if (padding == RSA_X931_PADDING) {
344	if (RSA_X931_hash_id(mdnid) == -1) {
345	RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST);
346	return 0;
347	}
348	} else {
349	switch(mdnid) {
350	/* List of all supported RSA digests */
351	case NID_sha1:
352	case NID_sha224:
353	case NID_sha256:
354	case NID_sha384:
355	case NID_sha512:
356	case NID_md5:
357	case NID_md5_sha1:
358	case NID_md2:
359	case NID_md4:
360	case NID_mdc2:
361	case NID_ripemd160:
362	return 1;
363
364	default:
365	RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST);
366	return 0;
367
368	}
369	}
370
371	return 1;
372	}
373
374	static int pkey_rsa_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
375	{
376	RSA_PKEY_CTX *rctx = ctx->data;
377	switch (type) {
378	case EVP_PKEY_CTRL_RSA_PADDING:
379	if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) {
380	if (!check_padding_md(rctx->md, p1))
381	return 0;
382	if (p1 == RSA_PKCS1_PSS_PADDING) {
383	if (!(ctx->operation &
384	(EVP_PKEY_OP_SIGN \| EVP_PKEY_OP_VERIFY)))
385	goto bad_pad;
386	if (!rctx->md)
387	rctx->md = EVP_sha1();
388	}
389	if (p1 == RSA_PKCS1_OAEP_PADDING) {
390	if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
391	goto bad_pad;
392	if (!rctx->md)
393	rctx->md = EVP_sha1();
394	}
395	rctx->pad_mode = p1;
396	return 1;
397	}
398	bad_pad:
399	RSAerr(RSA_F_PKEY_RSA_CTRL,
400	RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
401	return -2;
402
403	case EVP_PKEY_CTRL_GET_RSA_PADDING:
404	(int )p2 = rctx->pad_mode;
405	return 1;
406
407	case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
408	case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
409	if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
410	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
411	return -2;
412	}
413	if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
414	(int )p2 = rctx->saltlen;
415	else {
416	if (p1 < -2)
417	return -2;
418	rctx->saltlen = p1;
419	}
420	return 1;
421
422	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
423	if (p1 < 512) {
424	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
425	return -2;
426	}
427	rctx->nbits = p1;
428	return 1;
429
430	case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
431	if (p2 == NULL \|\| !BN_is_odd((BIGNUM )p2) \|\| BN_is_one((BIGNUM )p2)) {
432	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE);
433	return -2;
434	}
435	BN_free(rctx->pub_exp);
436	rctx->pub_exp = p2;
437	return 1;
438
439	case EVP_PKEY_CTRL_RSA_OAEP_MD:
440	case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
441	if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
442	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
443	return -2;
444	}
445	if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD)
446	(const EVP_MD *)p2 = rctx->md;
447	else
448	rctx->md = p2;
449	return 1;
450
451	case EVP_PKEY_CTRL_MD:
452	if (!check_padding_md(p2, rctx->pad_mode))
453	return 0;
454	rctx->md = p2;
455	return 1;
456
457	case EVP_PKEY_CTRL_GET_MD:
458	(const EVP_MD *)p2 = rctx->md;
459	return 1;
460
461	case EVP_PKEY_CTRL_RSA_MGF1_MD:
462	case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
463	if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING
464	&& rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
465	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
466	return -2;
467	}
468	if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
469	if (rctx->mgf1md)
470	(const EVP_MD *)p2 = rctx->mgf1md;
471	else
472	(const EVP_MD *)p2 = rctx->md;
473	} else
474	rctx->mgf1md = p2;
475	return 1;
476
477	case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
478	if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
479	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
480	return -2;
481	}
482	OPENSSL_free(rctx->oaep_label);
483	if (p2 && p1 > 0) {
484	rctx->oaep_label = p2;
485	rctx->oaep_labellen = p1;
486	} else {
487	rctx->oaep_label = NULL;
488	rctx->oaep_labellen = 0;
489	}
490	return 1;
491
492	case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
493	if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
494	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
495	return -2;
496	}
497	(unsigned char *)p2 = rctx->oaep_label;
498	return rctx->oaep_labellen;
499
500	case EVP_PKEY_CTRL_DIGESTINIT:
501	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
502	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
503	case EVP_PKEY_CTRL_PKCS7_SIGN:
504	return 1;
505	#ifndef OPENSSL_NO_CMS
506	case EVP_PKEY_CTRL_CMS_DECRYPT:
507	case EVP_PKEY_CTRL_CMS_ENCRYPT:
508	case EVP_PKEY_CTRL_CMS_SIGN:
509	return 1;
510	#endif
511	case EVP_PKEY_CTRL_PEER_KEY:
512	RSAerr(RSA_F_PKEY_RSA_CTRL,
513	RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
514	return -2;
515
516	default:
517	return -2;
518
519	}
520	}
521
522	static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
523	const char type, const char value)
524	{
525	if (!value) {
526	RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
527	return 0;
528	}
529	if (strcmp(type, "rsa_padding_mode") == 0) {
530	int pm;
531	if (strcmp(value, "pkcs1") == 0)
532	pm = RSA_PKCS1_PADDING;
533	else if (strcmp(value, "sslv23") == 0)
534	pm = RSA_SSLV23_PADDING;
535	else if (strcmp(value, "none") == 0)
536	pm = RSA_NO_PADDING;
537	else if (strcmp(value, "oeap") == 0)
538	pm = RSA_PKCS1_OAEP_PADDING;
539	else if (strcmp(value, "oaep") == 0)
540	pm = RSA_PKCS1_OAEP_PADDING;
541	else if (strcmp(value, "x931") == 0)
542	pm = RSA_X931_PADDING;
543	else if (strcmp(value, "pss") == 0)
544	pm = RSA_PKCS1_PSS_PADDING;
545	else {
546	RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE);
547	return -2;
548	}
549	return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
550	}
551
552	if (strcmp(type, "rsa_pss_saltlen") == 0) {
553	int saltlen;
554	saltlen = atoi(value);
555	return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
556	}
557
558	if (strcmp(type, "rsa_keygen_bits") == 0) {
559	int nbits;
560	nbits = atoi(value);
561	return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
562	}
563
564	if (strcmp(type, "rsa_keygen_pubexp") == 0) {
565	int ret;
566	BIGNUM *pubexp = NULL;
567	if (!BN_asc2bn(&pubexp, value))
568	return 0;
569	ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
570	if (ret <= 0)
571	BN_free(pubexp);
572	return ret;
573	}
574
575	if (strcmp(type, "rsa_mgf1_md") == 0) {
576	const EVP_MD *md;
577	if ((md = EVP_get_digestbyname(value)) == NULL) {
578	RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
579	return 0;
580	}
581	return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md);
582	}
583
584	if (strcmp(type, "rsa_oaep_md") == 0) {
585	const EVP_MD *md;
586	if ((md = EVP_get_digestbyname(value)) == NULL) {
587	RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
588	return 0;
589	}
590	return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md);
591	}
592	if (strcmp(type, "rsa_oaep_label") == 0) {
593	unsigned char *lab;
594	long lablen;
595	int ret;
596	lab = OPENSSL_hexstr2buf(value, &lablen);
597	if (!lab)
598	return 0;
599	ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
600	if (ret <= 0)
601	OPENSSL_free(lab);
602	return ret;
603	}
604
605	return -2;
606	}
607
608	static int pkey_rsa_keygen(EVP_PKEY_CTX ctx, EVP_PKEY pkey)
609	{
610	RSA *rsa = NULL;
611	RSA_PKEY_CTX *rctx = ctx->data;
612	BN_GENCB *pcb;
613	int ret;
614	if (rctx->pub_exp == NULL) {
615	rctx->pub_exp = BN_new();
616	if (rctx->pub_exp == NULL \|\| !BN_set_word(rctx->pub_exp, RSA_F4))
617	return 0;
618	}
619	rsa = RSA_new();
620	if (rsa == NULL)
621	return 0;
622	if (ctx->pkey_gencb) {
623	pcb = BN_GENCB_new();
624	if (pcb == NULL) {
625	RSA_free(rsa);
626	return 0;
627	}
628	evp_pkey_set_cb_translate(pcb, ctx);
629	} else
630	pcb = NULL;
631	ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
632	BN_GENCB_free(pcb);
633	if (ret > 0)
634	EVP_PKEY_assign_RSA(pkey, rsa);
635	else
636	RSA_free(rsa);
637	return ret;
638	}
639
640	const EVP_PKEY_METHOD rsa_pkey_meth = {
641	EVP_PKEY_RSA,
642	EVP_PKEY_FLAG_AUTOARGLEN,
643	pkey_rsa_init,
644	pkey_rsa_copy,
645	pkey_rsa_cleanup,
646
647	0, 0,
648
649	0,
650	pkey_rsa_keygen,
651
652	0,
653	pkey_rsa_sign,
654
655	0,
656	pkey_rsa_verify,
657
658	0,
659	pkey_rsa_verifyrecover,
660
661	0, 0, 0, 0,
662
663	0,
664	pkey_rsa_encrypt,
665
666	0,
667	pkey_rsa_decrypt,
668
669	0, 0,
670
671	pkey_rsa_ctrl,
672	pkey_rsa_ctrl_str
673	};

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/rsa/rsa_pmeth.c@ 331

Download in other formats: