2016-05-17 18:51:34 +00:00
|
|
|
/*
|
2019-09-10 12:56:40 +00:00
|
|
|
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
1998-12-21 10:52:47 +00:00
|
|
|
*
|
2016-05-17 18:51:34 +00:00
|
|
|
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
1998-12-21 10:52:47 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
1999-04-23 22:13:45 +00:00
|
|
|
#include <openssl/crypto.h>
|
2015-05-14 14:56:48 +00:00
|
|
|
#include "internal/cryptlib.h"
|
2017-08-21 21:17:35 +00:00
|
|
|
#include "internal/refcount.h"
|
2019-09-27 21:57:58 +00:00
|
|
|
#include "crypto/bn.h"
|
2016-03-18 18:30:20 +00:00
|
|
|
#include <openssl/engine.h>
|
2016-11-21 00:44:01 +00:00
|
|
|
#include <openssl/evp.h>
|
2019-09-27 21:57:58 +00:00
|
|
|
#include "crypto/evp.h"
|
2019-09-27 21:58:06 +00:00
|
|
|
#include "rsa_local.h"
|
1998-12-21 10:52:47 +00:00
|
|
|
|
1999-04-19 21:31:43 +00:00
|
|
|
RSA *RSA_new(void)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2017-04-07 16:07:42 +00:00
|
|
|
return RSA_new_method(NULL);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1999-06-29 22:22:42 +00:00
|
|
|
|
2000-11-06 22:34:17 +00:00
|
|
|
const RSA_METHOD *RSA_get_method(const RSA *rsa)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
return rsa->meth;
|
|
|
|
}
|
2001-09-25 20:23:40 +00:00
|
|
|
|
|
|
|
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* NB: The caller is specifically setting a method, so it's not up to us
|
|
|
|
* to deal with which ENGINE it comes from.
|
|
|
|
*/
|
|
|
|
const RSA_METHOD *mtmp;
|
|
|
|
mtmp = rsa->meth;
|
|
|
|
if (mtmp->finish)
|
|
|
|
mtmp->finish(rsa);
|
2003-01-30 17:39:26 +00:00
|
|
|
#ifndef OPENSSL_NO_ENGINE
|
2016-02-25 17:09:06 +00:00
|
|
|
ENGINE_finish(rsa->engine);
|
|
|
|
rsa->engine = NULL;
|
2003-01-30 17:39:26 +00:00
|
|
|
#endif
|
2015-01-22 03:40:55 +00:00
|
|
|
rsa->meth = meth;
|
|
|
|
if (meth->init)
|
|
|
|
meth->init(rsa);
|
|
|
|
return 1;
|
|
|
|
}
|
1999-06-29 22:22:42 +00:00
|
|
|
|
2000-10-26 21:07:28 +00:00
|
|
|
RSA *RSA_new_method(ENGINE *engine)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2016-05-17 19:21:46 +00:00
|
|
|
RSA *ret = OPENSSL_zalloc(sizeof(*ret));
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (ret == NULL) {
|
|
|
|
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
|
|
|
|
return NULL;
|
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2016-05-17 19:21:46 +00:00
|
|
|
ret->references = 1;
|
|
|
|
ret->lock = CRYPTO_THREAD_lock_new();
|
|
|
|
if (ret->lock == NULL) {
|
|
|
|
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
|
|
|
|
OPENSSL_free(ret);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
ret->meth = RSA_get_default_method();
|
2003-01-30 17:39:26 +00:00
|
|
|
#ifndef OPENSSL_NO_ENGINE
|
2016-05-17 19:21:46 +00:00
|
|
|
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
|
2015-01-22 03:40:55 +00:00
|
|
|
if (engine) {
|
|
|
|
if (!ENGINE_init(engine)) {
|
|
|
|
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
|
2016-05-17 19:21:46 +00:00
|
|
|
goto err;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
ret->engine = engine;
|
2017-08-22 17:36:49 +00:00
|
|
|
} else {
|
2015-01-22 03:40:55 +00:00
|
|
|
ret->engine = ENGINE_get_default_RSA();
|
2017-08-22 17:36:49 +00:00
|
|
|
}
|
2015-01-22 03:40:55 +00:00
|
|
|
if (ret->engine) {
|
|
|
|
ret->meth = ENGINE_get_RSA(ret->engine);
|
2016-02-25 17:09:06 +00:00
|
|
|
if (ret->meth == NULL) {
|
2015-01-22 03:40:55 +00:00
|
|
|
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
|
2016-05-17 19:21:46 +00:00
|
|
|
goto err;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
|
|
|
}
|
2003-01-30 17:39:26 +00:00
|
|
|
#endif
|
2001-06-23 23:07:34 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
|
|
|
|
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
|
2016-05-17 19:21:46 +00:00
|
|
|
goto err;
|
2016-03-04 15:43:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
|
2016-05-17 19:21:46 +00:00
|
|
|
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
|
|
|
|
goto err;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2016-03-04 15:43:46 +00:00
|
|
|
|
|
|
|
return ret;
|
2016-05-17 19:21:46 +00:00
|
|
|
|
2018-09-05 09:08:12 +00:00
|
|
|
err:
|
2016-05-17 19:21:46 +00:00
|
|
|
RSA_free(ret);
|
|
|
|
return NULL;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
1999-04-19 21:31:43 +00:00
|
|
|
void RSA_free(RSA *r)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
|
|
|
int i;
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
if (r == NULL)
|
|
|
|
return;
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2016-08-27 14:01:08 +00:00
|
|
|
CRYPTO_DOWN_REF(&r->references, &i, r->lock);
|
2016-01-30 17:04:25 +00:00
|
|
|
REF_PRINT_COUNT("RSA", r);
|
2015-01-22 03:40:55 +00:00
|
|
|
if (i > 0)
|
|
|
|
return;
|
2016-01-30 17:04:25 +00:00
|
|
|
REF_ASSERT_ISNT(i < 0);
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2018-09-05 08:58:55 +00:00
|
|
|
if (r->meth != NULL && r->meth->finish != NULL)
|
2015-01-22 03:40:55 +00:00
|
|
|
r->meth->finish(r);
|
2003-01-30 17:39:26 +00:00
|
|
|
#ifndef OPENSSL_NO_ENGINE
|
2016-02-25 21:34:27 +00:00
|
|
|
ENGINE_finish(r->engine);
|
2003-01-30 17:39:26 +00:00
|
|
|
#endif
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2015-01-22 03:40:55 +00:00
|
|
|
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
|
2000-11-26 18:34:45 +00:00
|
|
|
|
2016-03-04 15:43:46 +00:00
|
|
|
CRYPTO_THREAD_lock_free(r->lock);
|
|
|
|
|
2018-10-11 04:07:26 +00:00
|
|
|
BN_free(r->n);
|
|
|
|
BN_free(r->e);
|
2015-05-01 01:37:06 +00:00
|
|
|
BN_clear_free(r->d);
|
|
|
|
BN_clear_free(r->p);
|
|
|
|
BN_clear_free(r->q);
|
|
|
|
BN_clear_free(r->dmp1);
|
|
|
|
BN_clear_free(r->dmq1);
|
|
|
|
BN_clear_free(r->iqmp);
|
2016-11-21 01:34:56 +00:00
|
|
|
RSA_PSS_PARAMS_free(r->pss);
|
2017-08-01 18:19:43 +00:00
|
|
|
sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
|
2015-05-01 01:37:06 +00:00
|
|
|
BN_BLINDING_free(r->blinding);
|
|
|
|
BN_BLINDING_free(r->mt_blinding);
|
2015-08-26 04:25:11 +00:00
|
|
|
OPENSSL_free(r->bignum_data);
|
2015-01-22 03:40:55 +00:00
|
|
|
OPENSSL_free(r);
|
|
|
|
}
|
1998-12-21 10:52:47 +00:00
|
|
|
|
2001-09-03 13:40:07 +00:00
|
|
|
int RSA_up_ref(RSA *r)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2016-03-04 15:43:46 +00:00
|
|
|
int i;
|
|
|
|
|
2016-08-27 14:01:08 +00:00
|
|
|
if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
|
2016-03-04 15:43:46 +00:00
|
|
|
return 0;
|
2016-01-30 17:04:25 +00:00
|
|
|
|
|
|
|
REF_PRINT_COUNT("RSA", r);
|
|
|
|
REF_ASSERT_ISNT(i < 2);
|
2017-08-22 17:25:23 +00:00
|
|
|
return i > 1 ? 1 : 0;
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2001-08-25 17:24:21 +00:00
|
|
|
|
2000-01-23 23:41:49 +00:00
|
|
|
int RSA_set_ex_data(RSA *r, int idx, void *arg)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2017-08-22 17:25:23 +00:00
|
|
|
return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1998-12-21 10:56:39 +00:00
|
|
|
|
2000-11-06 22:34:17 +00:00
|
|
|
void *RSA_get_ex_data(const RSA *r, int idx)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2017-08-22 17:25:23 +00:00
|
|
|
return CRYPTO_get_ex_data(&r->ex_data, idx);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
1998-12-21 10:56:39 +00:00
|
|
|
|
2014-01-18 14:51:40 +00:00
|
|
|
int RSA_security_bits(const RSA *rsa)
|
2015-01-22 03:40:55 +00:00
|
|
|
{
|
2017-11-24 20:31:11 +00:00
|
|
|
int bits = BN_num_bits(rsa->n);
|
|
|
|
|
|
|
|
if (rsa->version == RSA_ASN1_VERSION_MULTI) {
|
|
|
|
/* This ought to mean that we have private key at hand. */
|
|
|
|
int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
|
|
|
|
|
|
|
|
if (ex_primes <= 0 || (ex_primes + 2) > rsa_multip_cap(bits))
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return BN_security_bits(bits, -1);
|
2015-01-22 03:40:55 +00:00
|
|
|
}
|
2016-04-02 13:12:58 +00:00
|
|
|
|
|
|
|
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
|
|
|
|
{
|
2016-06-14 13:48:16 +00:00
|
|
|
/* If the fields n and e in r are NULL, the corresponding input
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
* parameters MUST be non-NULL for n and e. d may be
|
|
|
|
* left NULL (in case only the public key is used).
|
|
|
|
*/
|
2016-06-16 09:07:32 +00:00
|
|
|
if ((r->n == NULL && n == NULL)
|
|
|
|
|| (r->e == NULL && e == NULL))
|
2016-04-02 13:12:58 +00:00
|
|
|
return 0;
|
|
|
|
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
if (n != NULL) {
|
|
|
|
BN_free(r->n);
|
|
|
|
r->n = n;
|
|
|
|
}
|
|
|
|
if (e != NULL) {
|
|
|
|
BN_free(r->e);
|
|
|
|
r->e = e;
|
|
|
|
}
|
|
|
|
if (d != NULL) {
|
2018-10-11 04:07:26 +00:00
|
|
|
BN_clear_free(r->d);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
r->d = d;
|
2019-09-05 09:13:11 +00:00
|
|
|
BN_set_flags(r->d, BN_FLG_CONSTTIME);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
}
|
2016-04-02 13:12:58 +00:00
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
|
|
|
|
{
|
2016-06-14 13:48:16 +00:00
|
|
|
/* If the fields p and q in r are NULL, the corresponding input
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
* parameters MUST be non-NULL.
|
|
|
|
*/
|
2016-06-16 09:07:32 +00:00
|
|
|
if ((r->p == NULL && p == NULL)
|
|
|
|
|| (r->q == NULL && q == NULL))
|
2016-04-02 13:12:58 +00:00
|
|
|
return 0;
|
|
|
|
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
if (p != NULL) {
|
2018-10-11 04:07:26 +00:00
|
|
|
BN_clear_free(r->p);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
r->p = p;
|
2019-09-05 09:13:11 +00:00
|
|
|
BN_set_flags(r->p, BN_FLG_CONSTTIME);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
}
|
|
|
|
if (q != NULL) {
|
2018-10-11 04:07:26 +00:00
|
|
|
BN_clear_free(r->q);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
r->q = q;
|
2019-09-05 09:13:11 +00:00
|
|
|
BN_set_flags(r->q, BN_FLG_CONSTTIME);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
}
|
2016-04-02 13:12:58 +00:00
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
|
|
|
|
{
|
2016-06-14 13:48:16 +00:00
|
|
|
/* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
* parameters MUST be non-NULL.
|
|
|
|
*/
|
2016-06-16 09:07:32 +00:00
|
|
|
if ((r->dmp1 == NULL && dmp1 == NULL)
|
|
|
|
|| (r->dmq1 == NULL && dmq1 == NULL)
|
|
|
|
|| (r->iqmp == NULL && iqmp == NULL))
|
2016-04-02 13:12:58 +00:00
|
|
|
return 0;
|
|
|
|
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
if (dmp1 != NULL) {
|
2018-10-11 04:07:26 +00:00
|
|
|
BN_clear_free(r->dmp1);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
r->dmp1 = dmp1;
|
2019-09-05 09:13:11 +00:00
|
|
|
BN_set_flags(r->dmp1, BN_FLG_CONSTTIME);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
}
|
|
|
|
if (dmq1 != NULL) {
|
2018-10-11 04:07:26 +00:00
|
|
|
BN_clear_free(r->dmq1);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
r->dmq1 = dmq1;
|
2019-09-05 09:13:11 +00:00
|
|
|
BN_set_flags(r->dmq1, BN_FLG_CONSTTIME);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
}
|
|
|
|
if (iqmp != NULL) {
|
2018-10-11 04:07:26 +00:00
|
|
|
BN_clear_free(r->iqmp);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
r->iqmp = iqmp;
|
2019-09-05 09:13:11 +00:00
|
|
|
BN_set_flags(r->iqmp, BN_FLG_CONSTTIME);
|
RSA, DSA, DH: Allow some given input to be NULL on already initialised keys
The diverse {RSA,DSA,DH}_set0_* functions are made to allow some
parameters to be NULL IF the corresponding numbers in the given key
structure have already been previously initialised. Specifically,
this allows the addition of private components to be added to a key
that already has the public half, approximately like this:
RSA_get0_key(rsa, NULL, &e, NULL);
RSA_get0_factors(rsa, &p, &q);
/* calculate new d */
RSA_set0_key(rsa, NULL, NULL, d);
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-25 18:28:54 +00:00
|
|
|
}
|
2016-04-02 13:12:58 +00:00
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2017-08-01 18:19:43 +00:00
|
|
|
/*
|
|
|
|
* Is it better to export RSA_PRIME_INFO structure
|
|
|
|
* and related functions to let user pass a triplet?
|
|
|
|
*/
|
|
|
|
int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
|
|
|
|
BIGNUM *coeffs[], int pnum)
|
|
|
|
{
|
|
|
|
STACK_OF(RSA_PRIME_INFO) *prime_infos, *old = NULL;
|
|
|
|
RSA_PRIME_INFO *pinfo;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (primes == NULL || exps == NULL || coeffs == NULL || pnum == 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
|
|
|
|
if (prime_infos == NULL)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (r->prime_infos != NULL)
|
|
|
|
old = r->prime_infos;
|
|
|
|
|
|
|
|
for (i = 0; i < pnum; i++) {
|
|
|
|
pinfo = rsa_multip_info_new();
|
|
|
|
if (pinfo == NULL)
|
|
|
|
goto err;
|
|
|
|
if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) {
|
2019-09-06 07:48:00 +00:00
|
|
|
BN_clear_free(pinfo->r);
|
|
|
|
BN_clear_free(pinfo->d);
|
|
|
|
BN_clear_free(pinfo->t);
|
2017-08-01 18:19:43 +00:00
|
|
|
pinfo->r = primes[i];
|
|
|
|
pinfo->d = exps[i];
|
|
|
|
pinfo->t = coeffs[i];
|
2019-09-06 07:48:00 +00:00
|
|
|
BN_set_flags(pinfo->r, BN_FLG_CONSTTIME);
|
|
|
|
BN_set_flags(pinfo->d, BN_FLG_CONSTTIME);
|
|
|
|
BN_set_flags(pinfo->t, BN_FLG_CONSTTIME);
|
2017-08-01 18:19:43 +00:00
|
|
|
} else {
|
|
|
|
rsa_multip_info_free(pinfo);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
(void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
|
|
|
|
}
|
|
|
|
|
|
|
|
r->prime_infos = prime_infos;
|
|
|
|
|
|
|
|
if (!rsa_multip_calc_product(r)) {
|
|
|
|
r->prime_infos = old;
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (old != NULL) {
|
|
|
|
/*
|
|
|
|
* This is hard to deal with, since the old infos could
|
|
|
|
* also be set by this function and r, d, t should not
|
|
|
|
* be freed in that case. So currently, stay consistent
|
|
|
|
* with other *set0* functions: just free it...
|
|
|
|
*/
|
|
|
|
sk_RSA_PRIME_INFO_pop_free(old, rsa_multip_info_free);
|
|
|
|
}
|
|
|
|
|
|
|
|
r->version = RSA_ASN1_VERSION_MULTI;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
err:
|
|
|
|
/* r, d, t should not be freed */
|
|
|
|
sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-06-14 13:48:16 +00:00
|
|
|
void RSA_get0_key(const RSA *r,
|
|
|
|
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
2016-04-02 13:12:58 +00:00
|
|
|
{
|
|
|
|
if (n != NULL)
|
|
|
|
*n = r->n;
|
|
|
|
if (e != NULL)
|
|
|
|
*e = r->e;
|
|
|
|
if (d != NULL)
|
|
|
|
*d = r->d;
|
|
|
|
}
|
|
|
|
|
2016-06-14 13:48:16 +00:00
|
|
|
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
|
2016-04-02 13:12:58 +00:00
|
|
|
{
|
|
|
|
if (p != NULL)
|
|
|
|
*p = r->p;
|
|
|
|
if (q != NULL)
|
|
|
|
*q = r->q;
|
|
|
|
}
|
|
|
|
|
2017-08-01 18:19:43 +00:00
|
|
|
int RSA_get_multi_prime_extra_count(const RSA *r)
|
|
|
|
{
|
|
|
|
int pnum;
|
|
|
|
|
|
|
|
pnum = sk_RSA_PRIME_INFO_num(r->prime_infos);
|
|
|
|
if (pnum <= 0)
|
|
|
|
pnum = 0;
|
|
|
|
return pnum;
|
|
|
|
}
|
|
|
|
|
|
|
|
int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[])
|
|
|
|
{
|
|
|
|
int pnum, i;
|
|
|
|
RSA_PRIME_INFO *pinfo;
|
|
|
|
|
|
|
|
if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* return other primes
|
|
|
|
* it's caller's responsibility to allocate oth_primes[pnum]
|
|
|
|
*/
|
|
|
|
for (i = 0; i < pnum; i++) {
|
|
|
|
pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
|
|
|
|
primes[i] = pinfo->r;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2016-04-02 13:12:58 +00:00
|
|
|
void RSA_get0_crt_params(const RSA *r,
|
2016-06-14 13:48:16 +00:00
|
|
|
const BIGNUM **dmp1, const BIGNUM **dmq1,
|
|
|
|
const BIGNUM **iqmp)
|
2016-04-02 13:12:58 +00:00
|
|
|
{
|
|
|
|
if (dmp1 != NULL)
|
|
|
|
*dmp1 = r->dmp1;
|
|
|
|
if (dmq1 != NULL)
|
|
|
|
*dmq1 = r->dmq1;
|
|
|
|
if (iqmp != NULL)
|
|
|
|
*iqmp = r->iqmp;
|
|
|
|
}
|
|
|
|
|
2017-08-01 18:19:43 +00:00
|
|
|
int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
|
|
|
|
const BIGNUM *coeffs[])
|
|
|
|
{
|
|
|
|
int pnum;
|
|
|
|
|
|
|
|
if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* return other primes */
|
|
|
|
if (exps != NULL || coeffs != NULL) {
|
|
|
|
RSA_PRIME_INFO *pinfo;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
/* it's the user's job to guarantee the buffer length */
|
|
|
|
for (i = 0; i < pnum; i++) {
|
|
|
|
pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
|
|
|
|
if (exps != NULL)
|
|
|
|
exps[i] = pinfo->d;
|
|
|
|
if (coeffs != NULL)
|
|
|
|
coeffs[i] = pinfo->t;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2018-05-27 07:01:28 +00:00
|
|
|
const BIGNUM *RSA_get0_n(const RSA *r)
|
|
|
|
{
|
|
|
|
return r->n;
|
|
|
|
}
|
|
|
|
|
|
|
|
const BIGNUM *RSA_get0_e(const RSA *r)
|
|
|
|
{
|
|
|
|
return r->e;
|
|
|
|
}
|
|
|
|
|
|
|
|
const BIGNUM *RSA_get0_d(const RSA *r)
|
|
|
|
{
|
|
|
|
return r->d;
|
|
|
|
}
|
|
|
|
|
|
|
|
const BIGNUM *RSA_get0_p(const RSA *r)
|
|
|
|
{
|
|
|
|
return r->p;
|
|
|
|
}
|
|
|
|
|
|
|
|
const BIGNUM *RSA_get0_q(const RSA *r)
|
|
|
|
{
|
|
|
|
return r->q;
|
|
|
|
}
|
|
|
|
|
|
|
|
const BIGNUM *RSA_get0_dmp1(const RSA *r)
|
|
|
|
{
|
|
|
|
return r->dmp1;
|
|
|
|
}
|
|
|
|
|
|
|
|
const BIGNUM *RSA_get0_dmq1(const RSA *r)
|
|
|
|
{
|
|
|
|
return r->dmq1;
|
|
|
|
}
|
|
|
|
|
|
|
|
const BIGNUM *RSA_get0_iqmp(const RSA *r)
|
|
|
|
{
|
|
|
|
return r->iqmp;
|
|
|
|
}
|
|
|
|
|
2016-04-02 13:12:58 +00:00
|
|
|
void RSA_clear_flags(RSA *r, int flags)
|
|
|
|
{
|
|
|
|
r->flags &= ~flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
int RSA_test_flags(const RSA *r, int flags)
|
|
|
|
{
|
|
|
|
return r->flags & flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
void RSA_set_flags(RSA *r, int flags)
|
|
|
|
{
|
|
|
|
r->flags |= flags;
|
|
|
|
}
|
|
|
|
|
2017-08-01 18:19:43 +00:00
|
|
|
int RSA_get_version(RSA *r)
|
|
|
|
{
|
|
|
|
/* { two-prime(0), multi(1) } */
|
|
|
|
return r->version;
|
|
|
|
}
|
|
|
|
|
2016-06-26 19:55:03 +00:00
|
|
|
ENGINE *RSA_get0_engine(const RSA *r)
|
2016-04-02 13:12:58 +00:00
|
|
|
{
|
|
|
|
return r->engine;
|
|
|
|
}
|
2016-11-21 00:44:01 +00:00
|
|
|
|
|
|
|
int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2)
|
|
|
|
{
|
|
|
|
/* If key type not RSA or RSA-PSS return error */
|
|
|
|
if (ctx != NULL && ctx->pmeth != NULL
|
|
|
|
&& ctx->pmeth->pkey_id != EVP_PKEY_RSA
|
|
|
|
&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
|
|
|
|
return -1;
|
|
|
|
return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2);
|
|
|
|
}
|