}
#endif
-RSA *rsa_new_with_ctx(OPENSSL_CTX *libctx)
+RSA *ossl_rsa_new_with_ctx(OPENSSL_CTX *libctx)
{
return rsa_new_intern(NULL, libctx);
}
BN_clear_free(r->dmp1);
BN_clear_free(r->dmq1);
BN_clear_free(r->iqmp);
- /* TODO(3.0): Support PSS in FIPS_MODULE */
+
+#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+ rsa_acvp_test_free(r->acvp_test);
+#endif
+
#ifndef FIPS_MODULE
RSA_PSS_PARAMS_free(r->pss);
sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
return i > 1 ? 1 : 0;
}
+OPENSSL_CTX *ossl_rsa_get0_libctx(RSA *r)
+{
+ return r->libctx;
+}
+
#ifndef FIPS_MODULE
int RSA_set_ex_data(RSA *r, int idx, void *arg)
{
const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)
{
+#ifdef FIPS_MODULE
+ return NULL;
+#else
return r->pss;
+#endif
+}
+
+/* Internal */
+RSA_PSS_PARAMS_30 *ossl_rsa_get0_pss_params_30(RSA *r)
+{
+ return &r->pss_params;
}
void RSA_clear_flags(RSA *r, int flags)
DEFINE_STACK_OF(BIGNUM)
-int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
- const STACK_OF(BIGNUM) *exps,
- const STACK_OF(BIGNUM) *coeffs)
+int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
+ const STACK_OF(BIGNUM) *exps,
+ const STACK_OF(BIGNUM) *coeffs)
{
#ifndef FIPS_MODULE
STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL;
DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
-int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
- STACK_OF(BIGNUM_const) *exps,
- STACK_OF(BIGNUM_const) *coeffs)
+int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
+ STACK_OF(BIGNUM_const) *exps,
+ STACK_OF(BIGNUM_const) *coeffs)
{
#ifndef FIPS_MODULE
RSA_PRIME_INFO *pinfo;
return -1;
/* May be NULL meaning "unknown" */
- *md = EVP_get_digestbyname(name);
+ *md = evp_get_digestbyname_ex(ctx->libctx, name);
return 1;
}
-int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+static int int_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx,
+ /* For EVP_PKEY_CTX_ctrl() */
+ int keytype, int optype, int cmd,
+ const EVP_MD *md,
+ /* For EVP_PKEY_CTX_set_params() */
+ const char *mdname, const char *mdprops)
{
- const char *name;
+ OSSL_PARAM rsa_params[3], *p = rsa_params;
- if (ctx == NULL
- || (!EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
- && !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx))) {
+ if (ctx == NULL || (ctx->operation & optype) == 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
/* If key type not RSA return error */
if (ctx->pmeth != NULL
- && ctx->pmeth->pkey_id != EVP_PKEY_RSA
- && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+ && (keytype == -1
+ ? (ctx->pmeth->pkey_id != EVP_PKEY_RSA
+ && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+ : ctx->pmeth->pkey_id != keytype))
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
- if ((EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
- && ctx->op.ciph.ciphprovctx == NULL)
+ if (cmd != -1) {
+ if ((EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
+ && ctx->op.ciph.ciphprovctx == NULL)
|| (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
- && ctx->op.sig.sigprovctx == NULL))
- return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,
- EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
- EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md);
-
- name = (md == NULL) ? "" : EVP_MD_name(md);
-
- return EVP_PKEY_CTX_set_rsa_mgf1_md_name(ctx, name, NULL);
-}
-
-int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
- const char *mdprops)
-{
- OSSL_PARAM rsa_params[3], *p = rsa_params;
+ && ctx->op.sig.sigprovctx == NULL)
+ || (EVP_PKEY_CTX_IS_GEN_OP(ctx)
+ && ctx->op.keymgmt.genctx == NULL))
+ return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, (void *)md);
- if (ctx == NULL
- || mdname == NULL
- || (!EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
- && !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx))) {
- ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
- /* Uses the same return values as EVP_PKEY_CTX_ctrl */
- return -2;
+ mdname = (md == NULL) ? "" : EVP_MD_name(md);
}
- /* If key type not RSA return error */
- if (ctx->pmeth != NULL
- && ctx->pmeth->pkey_id != EVP_PKEY_RSA
- && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
- return -1;
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MGF1_DIGEST,
/*
return EVP_PKEY_CTX_set_params(ctx, rsa_params);
}
+int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+ return int_set_rsa_mgf1_md(ctx, -1,
+ EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
+ EVP_PKEY_CTRL_RSA_MGF1_MD, md, NULL, NULL);
+}
+
+int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
+ const char *mdprops)
+{
+ return int_set_rsa_mgf1_md(ctx, -1,
+ EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
+ -1, NULL, mdname, mdprops);
+}
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+ return int_set_rsa_mgf1_md(ctx, EVP_PKEY_RSA_PSS,
+ EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_RSA_MGF1_MD,
+ md, NULL, NULL);
+}
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx,
+ const char *mdname)
+{
+ return int_set_rsa_mgf1_md(ctx, EVP_PKEY_RSA_PSS,
+ EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
+ -1, NULL, mdname, NULL);
+}
+
int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name,
size_t namelen)
{
return -1;
/* May be NULL meaning "unknown" */
- *md = EVP_get_digestbyname(name);
+ *md = evp_get_digestbyname_ex(ctx->libctx, name);
return 1;
}
return (int)labellen;
}
-int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen)
+static int int_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen,
+ int keytype, int optype)
{
OSSL_PARAM pad_params[2], *p = pad_params;
- if (ctx == NULL) {
+ if (ctx == NULL || (ctx->operation & optype) == 0) {
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
/* If key type not RSA or RSA-PSS return error */
if (ctx->pmeth != NULL
- && ctx->pmeth->pkey_id != EVP_PKEY_RSA
- && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+ && (keytype == -1
+ ? (ctx->pmeth->pkey_id != EVP_PKEY_RSA
+ && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+ : ctx->pmeth->pkey_id != keytype))
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
- if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
- || ctx->op.sig.sigprovctx == NULL)
- return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_RSA_PSS_SALTLEN,
+ if ((EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx == NULL)
+ || (EVP_PKEY_CTX_IS_GEN_OP(ctx)
+ && ctx->op.keymgmt.genctx == NULL))
+ return EVP_PKEY_CTX_ctrl(ctx, keytype, optype,
+ EVP_PKEY_CTRL_RSA_PSS_SALTLEN,
saltlen, NULL);
*p++ =
return EVP_PKEY_CTX_set_params(ctx, pad_params);
}
+int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen)
+{
+ return int_set_rsa_pss_saltlen(ctx, saltlen, -1, EVP_PKEY_OP_TYPE_SIG);
+}
+
+int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen)
+{
+ return int_set_rsa_pss_saltlen(ctx, saltlen, EVP_PKEY_RSA_PSS,
+ EVP_PKEY_OP_KEYGEN);
+}
+
int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen)
{
OSSL_PARAM pad_params[2], *p = pad_params;
return 1;
}
-int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
+static int evp_pkey_ctx_set_rsa_keygen_pubexp_intern(EVP_PKEY_CTX *ctx,
+ BIGNUM *pubexp,
+ int copy)
{
OSSL_PARAM_BLD *tmpl;
OSSL_PARAM *params;
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->op.keymgmt.genctx == NULL)
- return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,
- EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp);
+ if (ctx->op.keymgmt.genctx == NULL) {
+ if (copy == 1)
+ pubexp = BN_dup(pubexp);
+ ret = EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,
+ EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp);
+ if ((copy == 1) && (ret <= 0))
+ BN_free(pubexp);
+ return ret;
+ }
if ((tmpl = OSSL_PARAM_BLD_new()) == NULL)
return 0;
ret = EVP_PKEY_CTX_set_params(ctx, params);
OSSL_PARAM_BLD_free_params(params);
+
+ /*
+ * Satisfy memory semantics for pre-3.0 callers of
+ * EVP_PKEY_CTX_set_rsa_keygen_pubexp(): their expectation is that input
+ * pubexp BIGNUM becomes managed by the EVP_PKEY_CTX on success.
+ */
+ if ((copy == 0) && (ret > 0))
+ ctx->rsa_pubexp = pubexp;
+
return ret;
}
+int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
+{
+ return evp_pkey_ctx_set_rsa_keygen_pubexp_intern(ctx, pubexp, 0);
+}
+
+int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
+{
+ return evp_pkey_ctx_set_rsa_keygen_pubexp_intern(ctx, pubexp, 1);
+}
+
int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes)
{
OSSL_PARAM params[2], *p = params;