kris
/
boringssl
1
0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
262 коммитов
12 Ветки
38 MiB
 
 
 
 
 
 
Дерево: 794bf6e0ce
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '794bf6e0ce'
${ noResults }
boringssl/crypto/evp/p_rsa.c

612 строки
18 KiB
Исходник Вина История 

  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  2.  * project 2006.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer.

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <openssl/evp.h>

  57. 

  58. #include <openssl/bn.h>

  59. #include <openssl/buf.h>

  60. #include <openssl/digest.h>

  61. #include <openssl/err.h>

  62. #include <openssl/mem.h>

  63. #include <openssl/obj.h>

  64. #include <openssl/rsa.h>

  65. 

  66. #include "../rsa/internal.h"

  67. #include "internal.h"

  68. 

  69. 

  70. typedef struct {

  71.   /* Key gen parameters */

  72.   int nbits;

  73.   BIGNUM *pub_exp;

  74.   /* RSA padding mode */

  75.   int pad_mode;

  76.   /* message digest */

  77.   const EVP_MD *md;

  78.   /* message digest for MGF1 */

  79.   const EVP_MD *mgf1md;

  80.   /* PSS salt length */

  81.   int saltlen;

  82.   /* tbuf is a buffer which is either NULL, or is the size of the RSA modulus.

  83.    * It's used to store the output of RSA operations. */

  84.   uint8_t *tbuf;

  85.   /* OAEP label */

  86.   uint8_t *oaep_label;

  87.   size_t oaep_labellen;

  88. } RSA_PKEY_CTX;

  89. 

  90. static int pkey_rsa_init(EVP_PKEY_CTX *ctx) {

  91.   RSA_PKEY_CTX *rctx;

  92.   rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));

  93.   if (!rctx) {

  94.     return 0;

  95.   }

  96.   memset(rctx, 0, sizeof(RSA_PKEY_CTX));

  97. 

  98.   rctx->nbits = 2048;

  99.   rctx->pad_mode = RSA_PKCS1_PADDING;

  100.   rctx->saltlen = -2;

  101. 

  102.   ctx->data = rctx;

  103. 

  104.   return 1;

  105. }

  106. 

  107. static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) {

  108.   RSA_PKEY_CTX *dctx, *sctx;

  109.   if (!pkey_rsa_init(dst)) {

  110.     return 0;

  111.   }

  112.   sctx = src->data;

  113.   dctx = dst->data;

  114.   dctx->nbits = sctx->nbits;

  115.   if (sctx->pub_exp) {

  116.     dctx->pub_exp = BN_dup(sctx->pub_exp);

  117.     if (!dctx->pub_exp) {

  118.       return 0;

  119.     }

  120.   }

  121. 

  122.   dctx->pad_mode = sctx->pad_mode;

  123.   dctx->md = sctx->md;

  124.   dctx->mgf1md = sctx->mgf1md;

  125.   if (sctx->oaep_label) {

  126.     if (dctx->oaep_label) {

  127.       OPENSSL_free(dctx->oaep_label);

  128.     }

  129.     dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen);

  130.     if (!dctx->oaep_label) {

  131.       return 0;

  132.     }

  133.     dctx->oaep_labellen = sctx->oaep_labellen;

  134.   }

  135. 

  136.   return 1;

  137. }

  138. 

  139. static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) {

  140.   RSA_PKEY_CTX *rctx = ctx->data;

  141. 

  142.   if (rctx == NULL) {

  143.     return;

  144.   }

  145. 

  146.   if (rctx->pub_exp) {

  147.     BN_free(rctx->pub_exp);

  148.   }

  149.   if (rctx->tbuf) {

  150.     OPENSSL_free(rctx->tbuf);

  151.   }

  152.   if (rctx->oaep_label) {

  153.     OPENSSL_free(rctx->oaep_label);

  154.   }

  155.   OPENSSL_free(rctx);

  156. }

  157. 

  158. static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) {

  159.   if (ctx->tbuf) {

  160.     return 1;

  161.   }

  162.   ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));

  163.   if (!ctx->tbuf) {

  164.     return 0;

  165.   }

  166.   return 1;

  167. }

  168. 

  169. static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,

  170.                          const uint8_t *tbs, size_t tbslen) {

  171.   int ret;

  172.   RSA_PKEY_CTX *rctx = ctx->data;

  173.   RSA *rsa = ctx->pkey->pkey.rsa;

  174. 

  175.   if (!sig) {

  176.     *siglen = RSA_size(rsa);

  177.     return 1;

  178.   } else if (*siglen < (size_t)RSA_size(rsa)) {

  179.     OPENSSL_PUT_ERROR(EVP, pkey_rsa_sign, EVP_R_BUFFER_TOO_SMALL);

  180.     return 0;

  181.   }

  182. 

  183.   if (rctx->md) {

  184.     if (tbslen != EVP_MD_size(rctx->md)) {

  185.       OPENSSL_PUT_ERROR(EVP, pkey_rsa_sign, EVP_R_INVALID_DIGEST_LENGTH);

  186.       return -1;

  187.     }

  188. 

  189.     if (EVP_MD_type(rctx->md) == NID_mdc2) {

  190.       OPENSSL_PUT_ERROR(EVP, pkey_rsa_sign, EVP_R_NO_MDC2_SUPPORT);

  191.       ret = -1;

  192.     } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {

  193.       unsigned int sltmp;

  194.       ret = RSA_sign(EVP_MD_type(rctx->md), tbs, tbslen, sig, &sltmp, rsa);

  195.       if (ret <= 0) {

  196.         return ret;

  197.       }

  198.       ret = sltmp;

  199.     } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {

  200.       if (!setup_tbuf(rctx, ctx) ||

  201.           !RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs, rctx->md,

  202.                                           rctx->mgf1md, rctx->saltlen)) {

  203.         return -1;

  204.       }

  205.       /* TODO(fork): don't use private_encrypt. */

  206.       ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, sig, rsa,

  207.                                 RSA_NO_PADDING);

  208.     } else {

  209.       return -1;

  210.     }

  211.   } else {

  212.     /* TODO(fork): don't use private_encrypt. */

  213.     ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,

  214.                               rctx->pad_mode);

  215.   }

  216. 

  217.   if (ret < 0) {

  218.     return ret;

  219.   }

  220.   *siglen = ret;

  221. 

  222.   return 1;

  223. }

  224. 

  225. static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig,

  226.                            size_t siglen, const uint8_t *tbs,

  227.                            size_t tbslen) {

  228.   RSA_PKEY_CTX *rctx = ctx->data;

  229.   RSA *rsa = ctx->pkey->pkey.rsa;

  230.   size_t rslen;

  231. 

  232.   if (rctx->md) {

  233.     if (rctx->pad_mode == RSA_PKCS1_PADDING) {

  234.       return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa);

  235.     }

  236. 

  237.     if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {

  238.       int ret;

  239.       if (!setup_tbuf(rctx, ctx)) {

  240.         return -1;

  241.       }

  242.       /* TODO(fork): don't use public_decrypt. */

  243.       ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, RSA_NO_PADDING);

  244.       if (ret <= 0) {

  245.         return 0;

  246.       }

  247.       ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md, rctx->mgf1md,

  248.                                       rctx->tbuf, rctx->saltlen);

  249.       if (ret <= 0) {

  250.         return 0;

  251.       }

  252.       return 1;

  253.     } else {

  254.       return -1;

  255.     }

  256.   } else {

  257.     if (!setup_tbuf(rctx, ctx)) {

  258.       return -1;

  259.     }

  260.     rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, rctx->pad_mode);

  261.     if (rslen == 0) {

  262.       return 0;

  263.     }

  264.   }

  265. 

  266.   if (rslen != tbslen || CRYPTO_memcmp(tbs, rctx->tbuf, rslen) != 0) {

  267.     return 0;

  268.   }

  269. 

  270.   return 1;

  271. }

  272. 

  273. static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,

  274.                             const uint8_t *in, size_t inlen) {

  275.   int ret;

  276.   RSA_PKEY_CTX *rctx = ctx->data;

  277.   RSA *rsa = ctx->pkey->pkey.rsa;

  278. 

  279.   if (!out) {

  280.     *outlen = RSA_size(rsa);

  281.     return 1;

  282.   } else if (*outlen < (size_t)RSA_size(rsa)) {

  283.     OPENSSL_PUT_ERROR(EVP, pkey_rsa_encrypt, EVP_R_BUFFER_TOO_SMALL);

  284.     return 0;

  285.   }

  286. 

  287.   if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {

  288.     int klen = RSA_size(rsa);

  289.     if (!setup_tbuf(rctx, ctx)) {

  290.       return -1;

  291.     }

  292.     if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen, in, inlen,

  293.                                          rctx->oaep_label, rctx->oaep_labellen,

  294.                                          rctx->md, rctx->mgf1md)) {

  295.       return -1;

  296.     }

  297.     ret = RSA_public_encrypt(klen, rctx->tbuf, out, rsa, RSA_NO_PADDING);

  298.   } else {

  299.     ret = RSA_public_encrypt(inlen, in, out, rsa, rctx->pad_mode);

  300.   }

  301. 

  302.   if (ret < 0) {

  303.     return ret;

  304.   }

  305.   *outlen = ret;

  306. 

  307.   return 1;

  308. }

  309. 

  310. static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out,

  311.                             size_t *outlen, const uint8_t *in,

  312.                             size_t inlen) {

  313.   int ret;

  314.   RSA_PKEY_CTX *rctx = ctx->data;

  315.   RSA *rsa = ctx->pkey->pkey.rsa;

  316. 

  317.   if (!out) {

  318.     *outlen = RSA_size(rsa);

  319.     return 1;

  320.   } else if (*outlen < (size_t)RSA_size(rsa)) {

  321.     OPENSSL_PUT_ERROR(EVP, pkey_rsa_decrypt, EVP_R_BUFFER_TOO_SMALL);

  322.     return 0;

  323.   }

  324. 

  325.   if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {

  326.     if (!setup_tbuf(rctx, ctx)) {

  327.       return -1;

  328.     }

  329.     ret = RSA_private_decrypt(inlen, in, rctx->tbuf, rsa, RSA_NO_PADDING);

  330.     if (ret <= 0) {

  331.       return ret;

  332.     }

  333.     ret = RSA_padding_check_PKCS1_OAEP_mgf1(

  334.         out, ret, rctx->tbuf, ret, rctx->oaep_label,

  335.         rctx->oaep_labellen, rctx->md, rctx->mgf1md);

  336.   } else {

  337.     ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode);

  338.   }

  339. 

  340.   if (ret < 0) {

  341.     return ret;

  342.   }

  343.   *outlen = ret;

  344. 

  345.   return 1;

  346. }

  347. 

  348. static int check_padding_md(const EVP_MD *md, int padding) {

  349.   if (!md) {

  350.     return 1;

  351.   }

  352. 

  353.   if (padding == RSA_NO_PADDING) {

  354.     OPENSSL_PUT_ERROR(EVP, check_padding_md, EVP_R_INVALID_PADDING_MODE);

  355.     return 0;

  356.   }

  357. 

  358.   return 1;

  359. }

  360. 

  361. static int is_known_padding(int padding_mode) {

  362.   switch (padding_mode) {

  363.     case RSA_PKCS1_PADDING:

  364.     case RSA_NO_PADDING:

  365.     case RSA_PKCS1_OAEP_PADDING:

  366.     case RSA_PKCS1_PSS_PADDING:

  367.       return 1;

  368.     default:

  369.       return 0;

  370.   }

  371. }

  372. 

  373. static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {

  374.   RSA_PKEY_CTX *rctx = ctx->data;

  375.   switch (type) {

  376.     case EVP_PKEY_CTRL_RSA_PADDING:

  377.       if (!is_known_padding(p1) || !check_padding_md(rctx->md, p1) ||

  378.           (p1 == RSA_PKCS1_PSS_PADDING &&

  379.            0 == (ctx->operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) ||

  380.           (p1 == RSA_PKCS1_OAEP_PADDING &&

  381.            0 == (ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))) {

  382.         OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl,

  383.                           EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);

  384.         return -2;

  385.       }

  386.       if ((p1 == RSA_PKCS1_PSS_PADDING || p1 == RSA_PKCS1_OAEP_PADDING) &&

  387.           rctx->md == NULL) {

  388.         rctx->md = EVP_sha1();

  389.       }

  390.       rctx->pad_mode = p1;

  391.       return 1;

  392. 

  393.     case EVP_PKEY_CTRL_GET_RSA_PADDING:

  394.       *(int *)p2 = rctx->pad_mode;

  395.       return 1;

  396. 

  397.     case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:

  398.     case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:

  399.       if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {

  400.         OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PSS_SALTLEN);

  401.         return -2;

  402.       }

  403.       if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) {

  404.         *(int *)p2 = rctx->saltlen;

  405.       } else {

  406.         if (p1 < -2) {

  407.           return -2;

  408.         }

  409.         rctx->saltlen = p1;

  410.       }

  411.       return 1;

  412. 

  413.     case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:

  414.       if (p1 < 256) {

  415.         OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_KEYBITS);

  416.         return -2;

  417.       }

  418.       rctx->nbits = p1;

  419.       return 1;

  420. 

  421.     case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:

  422.       if (!p2) {

  423.         return -2;

  424.       }

  425.       BN_free(rctx->pub_exp);

  426.       rctx->pub_exp = p2;

  427.       return 1;

  428. 

  429.     case EVP_PKEY_CTRL_RSA_OAEP_MD:

  430.     case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:

  431.       if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {

  432.         OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE);

  433.         return -2;

  434.       }

  435.       if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) {

  436.         *(const EVP_MD **)p2 = rctx->md;

  437.       } else {

  438.         rctx->md = p2;

  439.       }

  440.       return 1;

  441. 

  442.     case EVP_PKEY_CTRL_MD:

  443.       if (!check_padding_md(p2, rctx->pad_mode)) {

  444.         return 0;

  445.       }

  446.       rctx->md = p2;

  447.       return 1;

  448. 

  449.     case EVP_PKEY_CTRL_GET_MD:

  450.       *(const EVP_MD **)p2 = rctx->md;

  451.       return 1;

  452. 

  453.     case EVP_PKEY_CTRL_RSA_MGF1_MD:

  454.     case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:

  455.       if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING &&

  456.           rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {

  457.         OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_MGF1_MD);

  458.         return -2;

  459.       }

  460.       if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {

  461.         if (rctx->mgf1md) {

  462.           *(const EVP_MD **)p2 = rctx->mgf1md;

  463.         } else {

  464.           *(const EVP_MD **)p2 = rctx->md;

  465.         }

  466.       } else {

  467.         rctx->mgf1md = p2;

  468.       }

  469.       return 1;

  470. 

  471.     case EVP_PKEY_CTRL_RSA_OAEP_LABEL:

  472.       if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {

  473.         OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE);

  474.         return -2;

  475.       }

  476.       if (rctx->oaep_label) {

  477.         OPENSSL_free(rctx->oaep_label);

  478.       }

  479.       if (p2 && p1 > 0) {

  480.         /* TODO(fork): this seems wrong. Shouldn't it take a copy of the

  481.          * buffer? */

  482.         rctx->oaep_label = p2;

  483.         rctx->oaep_labellen = p1;

  484.       } else {

  485.         rctx->oaep_label = NULL;

  486.         rctx->oaep_labellen = 0;

  487.       }

  488.       return 1;

  489. 

  490.     case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:

  491.       if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {

  492.         OPENSSL_PUT_ERROR(EVP, pkey_rsa_ctrl, EVP_R_INVALID_PADDING_MODE);

  493.         return -2;

  494.       }

  495.       *(uint8_t **)p2 = rctx->oaep_label;

  496.       return rctx->oaep_labellen;

  497. 

  498.     case EVP_PKEY_CTRL_DIGESTINIT:

  499.       return 1;

  500. 

  501.     default:

  502.       return -2;

  503.   }

  504. }

  505. 

  506. static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {

  507.   RSA *rsa = NULL;

  508.   RSA_PKEY_CTX *rctx = ctx->data;

  509. 

  510.   int ret;

  511.   if (!rctx->pub_exp) {

  512.     rctx->pub_exp = BN_new();

  513.     if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))

  514.       return 0;

  515.   }

  516.   rsa = RSA_new();

  517.   if (!rsa) {

  518.     return 0;

  519.   }

  520. 

  521.   ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, NULL);

  522.   if (ret > 0) {

  523.     EVP_PKEY_assign_RSA(pkey, rsa);

  524.   } else {

  525.     RSA_free(rsa);

  526.   }

  527.   return ret;

  528. }

  529. 

  530. const EVP_PKEY_METHOD rsa_pkey_meth = {

  531.     EVP_PKEY_RSA,           0 /* flags */,        pkey_rsa_init,

  532.     pkey_rsa_copy,          pkey_rsa_cleanup,     0 /* paramgen_init */,

  533.     0 /* paramgen */,       0 /* keygen_init */,  pkey_rsa_keygen,

  534.     0 /* sign_init */,      pkey_rsa_sign,        0 /* verify_init */,

  535.     pkey_rsa_verify,        0 /* signctx_init */, 0 /* signctx */,

  536.     0 /* verifyctx_init */, 0 /* verifyctx */,    0 /* encrypt_init */,

  537.     pkey_rsa_encrypt,       0 /* decrypt_init */, pkey_rsa_decrypt,

  538.     0 /* derive_init */,    0 /* derive */,       pkey_rsa_ctrl,

  539. };

  540. 

  541. int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding) {

  542.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING,

  543.                            padding, NULL);

  544. }

  545. 

  546. int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *out_padding) {

  547.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_GET_RSA_PADDING,

  548.                            0, out_padding);

  549. }

  550. 

  551. int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int salt_len) {

  552.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,

  553.                            (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY),

  554.                            EVP_PKEY_CTRL_RSA_PSS_SALTLEN, salt_len, NULL);

  555. }

  556. 

  557. int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *out_salt_len) {

  558.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,

  559.                            (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY),

  560.                            EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, out_salt_len);

  561. }

  562. 

  563. int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits) {

  564.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,

  565.                            EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL);

  566. }

  567. 

  568. int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *e) {

  569.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,

  570.                            EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, e);

  571. }

  572. 

  573. int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {

  574.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,

  575.                            EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md);

  576. }

  577. 

  578. int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) {

  579.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,

  580.                            EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void*) out_md);

  581. }

  582. 

  583. int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {

  584.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,

  585.                            EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,

  586.                            EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void*) md);

  587. }

  588. 

  589. int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) {

  590.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,

  591.                            EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,

  592.                            EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void*) out_md);

  593. }

  594. 

  595. int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t *label,

  596.                                      size_t label_len) {

  597.   int label_len_int = label_len;

  598.   if (((size_t) label_len_int) != label_len) {

  599.     return -2;

  600.   }

  601. 

  602.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,

  603.                            EVP_PKEY_CTRL_RSA_OAEP_LABEL, label_len,

  604.                            (void *)label);

  605. }

  606. 

  607. int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx,

  608.                                      const uint8_t **out_label) {

  609.   return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,

  610.                            EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *) out_label);

  611. }