#include "crypto/security_bits.h"
#include "rsa_local.h"
-static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
+static RSA *rsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx);
#ifndef FIPS_MODULE
RSA *RSA_new(void)
}
#endif
-RSA *rsa_new_with_ctx(OPENSSL_CTX *libctx)
+RSA *ossl_rsa_new_with_ctx(OSSL_LIB_CTX *libctx)
{
return rsa_new_intern(NULL, libctx);
}
-static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
+static RSA *rsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
{
RSA *ret = OPENSSL_zalloc(sizeof(*ret));
if (ret == NULL) {
- RSAerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->references = 1;
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
- RSAerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ret);
return NULL;
}
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
if (engine) {
if (!ENGINE_init(engine)) {
- RSAerr(0, ERR_R_ENGINE_LIB);
+ ERR_raise(ERR_LIB_RSA, ERR_R_ENGINE_LIB);
goto err;
}
ret->engine = engine;
if (ret->engine) {
ret->meth = ENGINE_get_RSA(ret->engine);
if (ret->meth == NULL) {
- RSAerr(0, ERR_R_ENGINE_LIB);
+ ERR_raise(ERR_LIB_RSA, ERR_R_ENGINE_LIB);
goto err;
}
}
#endif
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
- RSAerr(0, ERR_R_INIT_FAIL);
+ ERR_raise(ERR_LIB_RSA, ERR_R_INIT_FAIL);
goto err;
}
BN_clear_free(r->dmp1);
BN_clear_free(r->dmq1);
BN_clear_free(r->iqmp);
+
+#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+ rsa_acvp_test_free(r->acvp_test);
+#endif
+
#ifndef FIPS_MODULE
RSA_PSS_PARAMS_free(r->pss);
sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
return i > 1 ? 1 : 0;
}
-OPENSSL_CTX *rsa_get0_libctx(RSA *r)
+OSSL_LIB_CTX *ossl_rsa_get0_libctx(RSA *r)
{
return r->libctx;
}
+void ossl_rsa_set0_libctx(RSA *r, OSSL_LIB_CTX *libctx)
+{
+ r->libctx = libctx;
+}
+
#ifndef FIPS_MODULE
int RSA_set_ex_data(RSA *r, int idx, void *arg)
{
}
/* Internal */
-RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r)
+RSA_PSS_PARAMS_30 *ossl_rsa_get0_pss_params_30(RSA *r)
{
return &r->pss_params;
}
DEFINE_STACK_OF(BIGNUM)
-int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
- const STACK_OF(BIGNUM) *exps,
- const STACK_OF(BIGNUM) *coeffs)
+int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
+ const STACK_OF(BIGNUM) *exps,
+ const STACK_OF(BIGNUM) *coeffs)
{
#ifndef FIPS_MODULE
STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL;
DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
-int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
- STACK_OF(BIGNUM_const) *exps,
- STACK_OF(BIGNUM_const) *coeffs)
+int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
+ STACK_OF(BIGNUM_const) *exps,
+ STACK_OF(BIGNUM_const) *coeffs)
{
#ifndef FIPS_MODULE
RSA_PRIME_INFO *pinfo;
return -1;
/* May be NULL meaning "unknown" */
- *md = EVP_get_digestbyname(name);
+ *md = evp_get_digestbyname_ex(ctx->libctx, name);
return 1;
}
return -1;
/* May be NULL meaning "unknown" */
- *md = EVP_get_digestbyname(name);
+ *md = evp_get_digestbyname_ex(ctx->libctx, name);
return 1;
}
int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label)
{
- OSSL_PARAM rsa_params[3], *p = rsa_params;
+ OSSL_PARAM rsa_params[2], *p = rsa_params;
size_t labellen;
if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
*p++ = OSSL_PARAM_construct_octet_ptr(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL,
(void **)label, 0);
- *p++ = OSSL_PARAM_construct_size_t(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN,
- &labellen);
*p++ = OSSL_PARAM_construct_end();
if (!EVP_PKEY_CTX_get_params(ctx, rsa_params))
return -1;
+ labellen = rsa_params[0].return_size;
if (labellen > INT_MAX)
return -1;
return 1;
}
-int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
+static int evp_pkey_ctx_set_rsa_keygen_pubexp_intern(EVP_PKEY_CTX *ctx,
+ BIGNUM *pubexp,
+ int copy)
{
OSSL_PARAM_BLD *tmpl;
OSSL_PARAM *params;
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->op.keymgmt.genctx == NULL)
- return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,
- EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp);
+ if (ctx->op.keymgmt.genctx == NULL) {
+ if (copy == 1)
+ pubexp = BN_dup(pubexp);
+ ret = EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,
+ EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp);
+ if ((copy == 1) && (ret <= 0))
+ BN_free(pubexp);
+ return ret;
+ }
if ((tmpl = OSSL_PARAM_BLD_new()) == NULL)
return 0;
ret = EVP_PKEY_CTX_set_params(ctx, params);
OSSL_PARAM_BLD_free_params(params);
+
+ /*
+ * Satisfy memory semantics for pre-3.0 callers of
+ * EVP_PKEY_CTX_set_rsa_keygen_pubexp(): their expectation is that input
+ * pubexp BIGNUM becomes managed by the EVP_PKEY_CTX on success.
+ */
+ if ((copy == 0) && (ret > 0))
+ ctx->rsa_pubexp = pubexp;
+
return ret;
}
+int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
+{
+ return evp_pkey_ctx_set_rsa_keygen_pubexp_intern(ctx, pubexp, 0);
+}
+
+int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
+{
+ return evp_pkey_ctx_set_rsa_keygen_pubexp_intern(ctx, pubexp, 1);
+}
+
int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes)
{
OSSL_PARAM params[2], *p = params;