search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove building with NOCRYPTO option
[minix.git] / external / bsd / bind / dist / lib / dns / opensslrsa_link.c
blobde528b42c0b882e67840387504c6f238cdba8178
1 /* $NetBSD: opensslrsa_link.c,v 1.10 2015/09/03 07:33:34 christos Exp $ */
2
3 /*
4 * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 2000-2003 Internet Software Consortium.
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /*
21 * Principal Author: Brian Wellington
22 * Id
23 */
24 #ifdef OPENSSL
25 #include <config.h>
26
27 #ifndef USE_EVP
28 #if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA512)
29 #define USE_EVP 0
30 #else
31 #define USE_EVP 1
32 #endif
33 #endif
34
35
36 #include <isc/entropy.h>
37 #include <isc/md5.h>
38 #include <isc/sha1.h>
39 #include <isc/sha2.h>
40 #include <isc/mem.h>
41 #include <isc/string.h>
42 #include <isc/util.h>
43
44 #include <dst/result.h>
45
46 #include "dst_internal.h"
47 #include "dst_openssl.h"
48 #include "dst_parse.h"
49
50 #include <openssl/err.h>
51 #include <openssl/objects.h>
52 #include <openssl/rsa.h>
53 #if OPENSSL_VERSION_NUMBER > 0x00908000L
54 #include <openssl/bn.h>
55 #endif
56 #ifdef USE_ENGINE
57 #include <openssl/engine.h>
58 #endif
59
60 /*
61 * Limit the size of public exponents.
62 */
63 #ifndef RSA_MAX_PUBEXP_BITS
64 #define RSA_MAX_PUBEXP_BITS 35
65 #endif
66
67 /*
68 * We don't use configure for windows so enforce the OpenSSL version
69 * here. Unlike with configure we don't support overriding this test.
70 */
71 #ifdef WIN32
72 #if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \
73 OPENSSL_VERSION_NUMBER < 0x00908000L) || \
74 OPENSSL_VERSION_NUMBER >= 0x0090804fL)
75 #error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater.
76 #endif
77 #endif
78
79
80 /*
81 * XXXMPA Temporarily disable RSA_BLINDING as it requires
82 * good quality random data that cannot currently be guaranteed.
83 * XXXMPA Find which versions of openssl use pseudo random data
84 * and set RSA_FLAG_BLINDING for those.
85 */
86
87 #if 0
88 #if OPENSSL_VERSION_NUMBER < 0x0090601fL
89 #define SET_FLAGS(rsa) \
90 do { \
91 (rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \
92 (rsa)->flags |= RSA_FLAG_BLINDING; \
93 } while (/*CONSTCOND*/0)
94 #else
95 #define SET_FLAGS(rsa) \
96 do { \
97 (rsa)->flags |= RSA_FLAG_BLINDING; \
98 } while (/*CONSTCOND*/0)
99 #endif
100 #endif
101
102 #if OPENSSL_VERSION_NUMBER < 0x0090601fL
103 #define SET_FLAGS(rsa) \
104 do { \
105 (rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \
106 (rsa)->flags &= ~RSA_FLAG_BLINDING; \
107 } while (/*CONSTCOND*/0)
108 #elif defined(RSA_FLAG_NO_BLINDING)
109 #define SET_FLAGS(rsa) \
110 do { \
111 (rsa)->flags &= ~RSA_FLAG_BLINDING; \
112 (rsa)->flags |= RSA_FLAG_NO_BLINDING; \
113 } while (/*CONSTCOND*/0)
114 #else
115 #define SET_FLAGS(rsa) \
116 do { \
117 (rsa)->flags &= ~RSA_FLAG_BLINDING; \
118 } while (/*CONSTCOND*/0)
119 #endif
120
121 #define DST_RET(a) {ret = a; goto err;}
122
123 static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data);
124
125 static isc_result_t
126 opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
127 #if USE_EVP
128 EVP_MD_CTX *evp_md_ctx;
129 const EVP_MD *type = NULL;
130 #endif
131
132 UNUSED(key);
133 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
134 dctx->key->key_alg == DST_ALG_RSASHA1 ||
135 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
136 dctx->key->key_alg == DST_ALG_RSASHA256 ||
137 dctx->key->key_alg == DST_ALG_RSASHA512);
138
139 #if USE_EVP
140 evp_md_ctx = EVP_MD_CTX_create();
141 if (evp_md_ctx == NULL)
142 return (ISC_R_NOMEMORY);
143
144 switch (dctx->key->key_alg) {
145 case DST_ALG_RSAMD5:
146 type = EVP_md5(); /* MD5 + RSA */
147 break;
148 case DST_ALG_RSASHA1:
149 case DST_ALG_NSEC3RSASHA1:
150 type = EVP_sha1(); /* SHA1 + RSA */
151 break;
152 #ifdef HAVE_EVP_SHA256
153 case DST_ALG_RSASHA256:
154 type = EVP_sha256(); /* SHA256 + RSA */
155 break;
156 #endif
157 #ifdef HAVE_EVP_SHA512
158 case DST_ALG_RSASHA512:
159 type = EVP_sha512();
160 break;
161 #endif
162 default:
163 INSIST(0);
164 }
165
166 if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
167 EVP_MD_CTX_destroy(evp_md_ctx);
168 return (dst__openssl_toresult3(dctx->category,
169 "EVP_DigestInit_ex",
170 ISC_R_FAILURE));
171 }
172 dctx->ctxdata.evp_md_ctx = evp_md_ctx;
173 #else
174 switch (dctx->key->key_alg) {
175 case DST_ALG_RSAMD5:
176 {
177 isc_md5_t *md5ctx;
178
179 md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t));
180 if (md5ctx == NULL)
181 return (ISC_R_NOMEMORY);
182 isc_md5_init(md5ctx);
183 dctx->ctxdata.md5ctx = md5ctx;
184 }
185 break;
186 case DST_ALG_RSASHA1:
187 case DST_ALG_NSEC3RSASHA1:
188 {
189 isc_sha1_t *sha1ctx;
190
191 sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
192 if (sha1ctx == NULL)
193 return (ISC_R_NOMEMORY);
194 isc_sha1_init(sha1ctx);
195 dctx->ctxdata.sha1ctx = sha1ctx;
196 }
197 break;
198 case DST_ALG_RSASHA256:
199 {
200 isc_sha256_t *sha256ctx;
201
202 sha256ctx = isc_mem_get(dctx->mctx,
203 sizeof(isc_sha256_t));
204 if (sha256ctx == NULL)
205 return (ISC_R_NOMEMORY);
206 isc_sha256_init(sha256ctx);
207 dctx->ctxdata.sha256ctx = sha256ctx;
208 }
209 break;
210 case DST_ALG_RSASHA512:
211 {
212 isc_sha512_t *sha512ctx;
213
214 sha512ctx = isc_mem_get(dctx->mctx,
215 sizeof(isc_sha512_t));
216 if (sha512ctx == NULL)
217 return (ISC_R_NOMEMORY);
218 isc_sha512_init(sha512ctx);
219 dctx->ctxdata.sha512ctx = sha512ctx;
220 }
221 break;
222 default:
223 INSIST(0);
224 }
225 #endif
226
227 return (ISC_R_SUCCESS);
228 }
229
230 static void
231 opensslrsa_destroyctx(dst_context_t *dctx) {
232 #if USE_EVP
233 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
234 #endif
235
236 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
237 dctx->key->key_alg == DST_ALG_RSASHA1 ||
238 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
239 dctx->key->key_alg == DST_ALG_RSASHA256 ||
240 dctx->key->key_alg == DST_ALG_RSASHA512);
241
242 #if USE_EVP
243 if (evp_md_ctx != NULL) {
244 EVP_MD_CTX_destroy(evp_md_ctx);
245 dctx->ctxdata.evp_md_ctx = NULL;
246 }
247 #else
248 switch (dctx->key->key_alg) {
249 case DST_ALG_RSAMD5:
250 {
251 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
252
253 if (md5ctx != NULL) {
254 isc_md5_invalidate(md5ctx);
255 isc_mem_put(dctx->mctx, md5ctx,
256 sizeof(isc_md5_t));
257 dctx->ctxdata.md5ctx = NULL;
258 }
259 }
260 break;
261 case DST_ALG_RSASHA1:
262 case DST_ALG_NSEC3RSASHA1:
263 {
264 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
265
266 if (sha1ctx != NULL) {
267 isc_sha1_invalidate(sha1ctx);
268 isc_mem_put(dctx->mctx, sha1ctx,
269 sizeof(isc_sha1_t));
270 dctx->ctxdata.sha1ctx = NULL;
271 }
272 }
273 break;
274 case DST_ALG_RSASHA256:
275 {
276 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
277
278 if (sha256ctx != NULL) {
279 isc_sha256_invalidate(sha256ctx);
280 isc_mem_put(dctx->mctx, sha256ctx,
281 sizeof(isc_sha256_t));
282 dctx->ctxdata.sha256ctx = NULL;
283 }
284 }
285 break;
286 case DST_ALG_RSASHA512:
287 {
288 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
289
290 if (sha512ctx != NULL) {
291 isc_sha512_invalidate(sha512ctx);
292 isc_mem_put(dctx->mctx, sha512ctx,
293 sizeof(isc_sha512_t));
294 dctx->ctxdata.sha512ctx = NULL;
295 }
296 }
297 break;
298 default:
299 INSIST(0);
300 }
301 #endif
302 }
303
304 static isc_result_t
305 opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
306 #if USE_EVP
307 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
308 #endif
309
310 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
311 dctx->key->key_alg == DST_ALG_RSASHA1 ||
312 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
313 dctx->key->key_alg == DST_ALG_RSASHA256 ||
314 dctx->key->key_alg == DST_ALG_RSASHA512);
315
316 #if USE_EVP
317 if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
318 return (dst__openssl_toresult3(dctx->category,
319 "EVP_DigestUpdate",
320 ISC_R_FAILURE));
321 }
322 #else
323 switch (dctx->key->key_alg) {
324 case DST_ALG_RSAMD5:
325 {
326 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
327
328 isc_md5_update(md5ctx, data->base, data->length);
329 }
330 break;
331 case DST_ALG_RSASHA1:
332 case DST_ALG_NSEC3RSASHA1:
333 {
334 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
335
336 isc_sha1_update(sha1ctx, data->base, data->length);
337 }
338 break;
339 case DST_ALG_RSASHA256:
340 {
341 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
342
343 isc_sha256_update(sha256ctx, data->base, data->length);
344 }
345 break;
346 case DST_ALG_RSASHA512:
347 {
348 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
349
350 isc_sha512_update(sha512ctx, data->base, data->length);
351 }
352 break;
353 default:
354 INSIST(0);
355 }
356 #endif
357 return (ISC_R_SUCCESS);
358 }
359
360 #if ! USE_EVP && OPENSSL_VERSION_NUMBER < 0x00908000L
361 /*
362 * Digest prefixes from RFC 5702.
363 */
364 static unsigned char sha256_prefix[] =
365 { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
366 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
367 static unsigned char sha512_prefix[] =
368 { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
369 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40};
370 #define PREFIXLEN sizeof(sha512_prefix)
371 #else
372 #define PREFIXLEN 0
373 #endif
374
375 static isc_result_t
376 opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
377 dst_key_t *key = dctx->key;
378 isc_region_t r;
379 unsigned int siglen = 0;
380 #if USE_EVP
381 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
382 EVP_PKEY *pkey = key->keydata.pkey;
383 #else
384 RSA *rsa = key->keydata.rsa;
385 /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
386 unsigned char digest[PREFIXLEN + ISC_SHA512_DIGESTLENGTH];
387 int status;
388 int type = 0;
389 unsigned int digestlen = 0;
390 #if OPENSSL_VERSION_NUMBER < 0x00908000L
391 unsigned int prefixlen = 0;
392 const unsigned char *prefix = NULL;
393 #endif
394 #endif
395
396 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
397 dctx->key->key_alg == DST_ALG_RSASHA1 ||
398 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
399 dctx->key->key_alg == DST_ALG_RSASHA256 ||
400 dctx->key->key_alg == DST_ALG_RSASHA512);
401
402 isc_buffer_availableregion(sig, &r);
403
404 #if USE_EVP
405 if (r.length < (unsigned int) EVP_PKEY_size(pkey))
406 return (ISC_R_NOSPACE);
407
408 if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) {
409 return (dst__openssl_toresult3(dctx->category,
410 "EVP_SignFinal",
411 ISC_R_FAILURE));
412 }
413 #else
414 if (r.length < (unsigned int) RSA_size(rsa))
415 return (ISC_R_NOSPACE);
416
417 switch (dctx->key->key_alg) {
418 case DST_ALG_RSAMD5:
419 {
420 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
421
422 isc_md5_final(md5ctx, digest);
423 type = NID_md5;
424 digestlen = ISC_MD5_DIGESTLENGTH;
425 }
426 break;
427 case DST_ALG_RSASHA1:
428 case DST_ALG_NSEC3RSASHA1:
429 {
430 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
431
432 isc_sha1_final(sha1ctx, digest);
433 type = NID_sha1;
434 digestlen = ISC_SHA1_DIGESTLENGTH;
435 }
436 break;
437 case DST_ALG_RSASHA256:
438 {
439 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
440
441 isc_sha256_final(digest, sha256ctx);
442 digestlen = ISC_SHA256_DIGESTLENGTH;
443 #if OPENSSL_VERSION_NUMBER < 0x00908000L
444 prefix = sha256_prefix;
445 prefixlen = sizeof(sha256_prefix);
446 #else
447 type = NID_sha256;
448 #endif
449 }
450 break;
451 case DST_ALG_RSASHA512:
452 {
453 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
454
455 isc_sha512_final(digest, sha512ctx);
456 digestlen = ISC_SHA512_DIGESTLENGTH;
457 #if OPENSSL_VERSION_NUMBER < 0x00908000L
458 prefix = sha512_prefix;
459 prefixlen = sizeof(sha512_prefix);
460 #else
461 type = NID_sha512;
462 #endif
463 }
464 break;
465 default:
466 INSIST(0);
467 }
468
469 #if OPENSSL_VERSION_NUMBER < 0x00908000L
470 switch (dctx->key->key_alg) {
471 case DST_ALG_RSAMD5:
472 case DST_ALG_RSASHA1:
473 case DST_ALG_NSEC3RSASHA1:
474 INSIST(type != 0);
475 status = RSA_sign(type, digest, digestlen, r.base,
476 &siglen, rsa);
477 break;
478
479 case DST_ALG_RSASHA256:
480 case DST_ALG_RSASHA512:
481 INSIST(prefix != NULL);
482 INSIST(prefixlen != 0);
483 INSIST(prefixlen + digestlen <= sizeof(digest));
484
485 memmove(digest + prefixlen, digest, digestlen);
486 memmove(digest, prefix, prefixlen);
487 status = RSA_private_encrypt(digestlen + prefixlen,
488 digest, r.base, rsa,
489 RSA_PKCS1_PADDING);
490 if (status < 0)
491 status = 0;
492 else
493 siglen = status;
494 break;
495
496 default:
497 INSIST(0);
498 }
499 #else
500 INSIST(type != 0);
501 status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa);
502 #endif
503 if (status == 0)
504 return (dst__openssl_toresult3(dctx->category,
505 "RSA_sign",
506 DST_R_OPENSSLFAILURE));
507 #endif
508
509 isc_buffer_add(sig, siglen);
510
511 return (ISC_R_SUCCESS);
512 }
513
514 static isc_result_t
515 opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) {
516 dst_key_t *key = dctx->key;
517 int status = 0;
518 #if USE_EVP
519 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
520 EVP_PKEY *pkey = key->keydata.pkey;
521 RSA *rsa;
522 int bits;
523 #else
524 /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
525 unsigned char digest[ISC_SHA512_DIGESTLENGTH];
526 int type = 0;
527 unsigned int digestlen = 0;
528 RSA *rsa = key->keydata.rsa;
529 #if OPENSSL_VERSION_NUMBER < 0x00908000L
530 unsigned int prefixlen = 0;
531 const unsigned char *prefix = NULL;
532 #endif
533 #endif
534
535 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
536 dctx->key->key_alg == DST_ALG_RSASHA1 ||
537 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
538 dctx->key->key_alg == DST_ALG_RSASHA256 ||
539 dctx->key->key_alg == DST_ALG_RSASHA512);
540
541 #if USE_EVP
542 rsa = EVP_PKEY_get1_RSA(pkey);
543 if (rsa == NULL)
544 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
545 bits = BN_num_bits(rsa->e);
546 RSA_free(rsa);
547 if (bits > maxbits && maxbits != 0)
548 return (DST_R_VERIFYFAILURE);
549
550 status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey);
551 switch (status) {
552 case 1:
553 return (ISC_R_SUCCESS);
554 case 0:
555 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
556 default:
557 return (dst__openssl_toresult3(dctx->category,
558 "EVP_VerifyFinal",
559 DST_R_VERIFYFAILURE));
560 }
561 #else
562 if (BN_num_bits(rsa->e) > maxbits && maxbits != 0)
563 return (DST_R_VERIFYFAILURE);
564
565 switch (dctx->key->key_alg) {
566 case DST_ALG_RSAMD5:
567 {
568 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
569
570 isc_md5_final(md5ctx, digest);
571 type = NID_md5;
572 digestlen = ISC_MD5_DIGESTLENGTH;
573 }
574 break;
575 case DST_ALG_RSASHA1:
576 case DST_ALG_NSEC3RSASHA1:
577 {
578 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
579
580 isc_sha1_final(sha1ctx, digest);
581 type = NID_sha1;
582 digestlen = ISC_SHA1_DIGESTLENGTH;
583 }
584 break;
585 case DST_ALG_RSASHA256:
586 {
587 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
588
589 isc_sha256_final(digest, sha256ctx);
590 digestlen = ISC_SHA256_DIGESTLENGTH;
591 #if OPENSSL_VERSION_NUMBER < 0x00908000L
592 prefix = sha256_prefix;
593 prefixlen = sizeof(sha256_prefix);
594 #else
595 type = NID_sha256;
596 #endif
597 }
598 break;
599 case DST_ALG_RSASHA512:
600 {
601 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
602
603 isc_sha512_final(digest, sha512ctx);
604 digestlen = ISC_SHA512_DIGESTLENGTH;
605 #if OPENSSL_VERSION_NUMBER < 0x00908000L
606 prefix = sha512_prefix;
607 prefixlen = sizeof(sha512_prefix);
608 #else
609 type = NID_sha512;
610 #endif
611 }
612 break;
613 default:
614 INSIST(0);
615 }
616
617 if (sig->length != (unsigned int) RSA_size(rsa))
618 return (DST_R_VERIFYFAILURE);
619
620 #if OPENSSL_VERSION_NUMBER < 0x00908000L
621 switch (dctx->key->key_alg) {
622 case DST_ALG_RSAMD5:
623 case DST_ALG_RSASHA1:
624 case DST_ALG_NSEC3RSASHA1:
625 INSIST(type != 0);
626 status = RSA_verify(type, digest, digestlen, sig->base,
627 RSA_size(rsa), rsa);
628 break;
629
630 case DST_ALG_RSASHA256:
631 case DST_ALG_RSASHA512:
632 {
633 /*
634 * 1024 is big enough for all valid RSA bit sizes
635 * for use with DNSSEC.
636 */
637 unsigned char original[PREFIXLEN + 1024];
638
639 INSIST(prefix != NULL);
640 INSIST(prefixlen != 0U);
641
642 if (RSA_size(rsa) > (int)sizeof(original))
643 return (DST_R_VERIFYFAILURE);
644
645 status = RSA_public_decrypt(sig->length, sig->base,
646 original, rsa,
647 RSA_PKCS1_PADDING);
648 if (status <= 0)
649 return (dst__openssl_toresult3(
650 dctx->category,
651 "RSA_public_decrypt",
652 DST_R_VERIFYFAILURE));
653 if (status != (int)(prefixlen + digestlen))
654 return (DST_R_VERIFYFAILURE);
655 if (memcmp(original, prefix, prefixlen))
656 return (DST_R_VERIFYFAILURE);
657 if (memcmp(original + prefixlen, digest, digestlen))
658 return (DST_R_VERIFYFAILURE);
659 status = 1;
660 }
661 break;
662
663 default:
664 INSIST(0);
665 }
666 #else
667 INSIST(type != 0);
668 status = RSA_verify(type, digest, digestlen, sig->base,
669 RSA_size(rsa), rsa);
670 #endif
671 if (status != 1)
672 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
673 return (ISC_R_SUCCESS);
674 #endif
675 }
676
677 static isc_result_t
678 opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
679 return (opensslrsa_verify2(dctx, 0, sig));
680 }
681
682 static isc_boolean_t
683 opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
684 int status;
685 RSA *rsa1 = NULL, *rsa2 = NULL;
686 #if USE_EVP
687 EVP_PKEY *pkey1, *pkey2;
688 #endif
689
690 #if USE_EVP
691 pkey1 = key1->keydata.pkey;
692 pkey2 = key2->keydata.pkey;
693 /*
694 * The pkey reference will keep these around after
695 * the RSA_free() call.
696 */
697 if (pkey1 != NULL) {
698 rsa1 = EVP_PKEY_get1_RSA(pkey1);
699 RSA_free(rsa1);
700 }
701 if (pkey2 != NULL) {
702 rsa2 = EVP_PKEY_get1_RSA(pkey2);
703 RSA_free(rsa2);
704 }
705 #else
706 rsa1 = key1->keydata.rsa;
707 rsa2 = key2->keydata.rsa;
708 #endif
709
710 if (rsa1 == NULL && rsa2 == NULL)
711 return (ISC_TRUE);
712 else if (rsa1 == NULL || rsa2 == NULL)
713 return (ISC_FALSE);
714
715 status = BN_cmp(rsa1->n, rsa2->n) ||
716 BN_cmp(rsa1->e, rsa2->e);
717
718 if (status != 0)
719 return (ISC_FALSE);
720
721 #if USE_EVP
722 if ((rsa1->flags & RSA_FLAG_EXT_PKEY) != 0 ||
723 (rsa2->flags & RSA_FLAG_EXT_PKEY) != 0) {
724 if ((rsa1->flags & RSA_FLAG_EXT_PKEY) == 0 ||
725 (rsa2->flags & RSA_FLAG_EXT_PKEY) == 0)
726 return (ISC_FALSE);
727 /*
728 * Can't compare private parameters, BTW does it make sense?
729 */
730 return (ISC_TRUE);
731 }
732 #endif
733
734 if (rsa1->d != NULL || rsa2->d != NULL) {
735 if (rsa1->d == NULL || rsa2->d == NULL)
736 return (ISC_FALSE);
737 status = BN_cmp(rsa1->d, rsa2->d) ||
738 BN_cmp(rsa1->p, rsa2->p) ||
739 BN_cmp(rsa1->q, rsa2->q);
740
741 if (status != 0)
742 return (ISC_FALSE);
743 }
744 return (ISC_TRUE);
745 }
746
747 #if OPENSSL_VERSION_NUMBER > 0x00908000L
748 static int
749 progress_cb(int p, int n, BN_GENCB *cb) {
750 union {
751 void *dptr;
752 void (*fptr)(int);
753 } u;
754
755 UNUSED(n);
756
757 u.dptr = cb->arg;
758 if (u.fptr != NULL)
759 u.fptr(p);
760 return (1);
761 }
762 #endif
763
764 static isc_result_t
765 opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
766 #if OPENSSL_VERSION_NUMBER > 0x00908000L
767 isc_result_t ret = DST_R_OPENSSLFAILURE;
768 BN_GENCB cb;
769 union {
770 void *dptr;
771 void (*fptr)(int);
772 } u;
773 RSA *rsa = RSA_new();
774 BIGNUM *e = BN_new();
775 #if USE_EVP
776 EVP_PKEY *pkey = EVP_PKEY_new();
777 #endif
778
779 if (rsa == NULL || e == NULL)
780 goto err;
781 #if USE_EVP
782 if (pkey == NULL)
783 goto err;
784 if (!EVP_PKEY_set1_RSA(pkey, rsa))
785 goto err;
786 #endif
787
788 if (exp == 0) {
789 /* RSA_F4 0x10001 */
790 BN_set_bit(e, 0);
791 BN_set_bit(e, 16);
792 } else {
793 /* (phased-out) F5 0x100000001 */
794 BN_set_bit(e, 0);
795 BN_set_bit(e, 32);
796 }
797
798 if (callback == NULL) {
799 BN_GENCB_set_old(&cb, NULL, NULL);
800 } else {
801 u.fptr = callback;
802 BN_GENCB_set(&cb, &progress_cb, u.dptr);
803 }
804
805 if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
806 BN_free(e);
807 SET_FLAGS(rsa);
808 #if USE_EVP
809 key->keydata.pkey = pkey;
810
811 RSA_free(rsa);
812 #else
813 key->keydata.rsa = rsa;
814 #endif
815 return (ISC_R_SUCCESS);
816 }
817 ret = dst__openssl_toresult2("RSA_generate_key_ex",
818 DST_R_OPENSSLFAILURE);
819
820 err:
821 #if USE_EVP
822 if (pkey != NULL)
823 EVP_PKEY_free(pkey);
824 #endif
825 if (e != NULL)
826 BN_free(e);
827 if (rsa != NULL)
828 RSA_free(rsa);
829 return (dst__openssl_toresult(ret));
830 #else
831 RSA *rsa;
832 unsigned long e;
833 #if USE_EVP
834 EVP_PKEY *pkey = EVP_PKEY_new();
835
836 UNUSED(callback);
837
838 if (pkey == NULL)
839 return (ISC_R_NOMEMORY);
840 #else
841 UNUSED(callback);
842 #endif
843
844 if (exp == 0)
845 e = RSA_F4;
846 else
847 e = 0x40000003;
848 rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
849 if (rsa == NULL) {
850 #if USE_EVP
851 EVP_PKEY_free(pkey);
852 #endif
853 return (dst__openssl_toresult2("RSA_generate_key",
854 DST_R_OPENSSLFAILURE));
855 }
856 SET_FLAGS(rsa);
857 #if USE_EVP
858 if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
859 EVP_PKEY_free(pkey);
860 RSA_free(rsa);
861 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
862 }
863 key->keydata.pkey = pkey;
864 RSA_free(rsa);
865 #else
866 key->keydata.rsa = rsa;
867 #endif
868
869 return (ISC_R_SUCCESS);
870 #endif
871 }
872
873 static isc_boolean_t
874 opensslrsa_isprivate(const dst_key_t *key) {
875 #if USE_EVP
876 RSA *rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
877 INSIST(rsa != NULL);
878 RSA_free(rsa);
879 /* key->keydata.pkey still has a reference so rsa is still valid. */
880 #else
881 RSA *rsa = key->keydata.rsa;
882 #endif
883 if (rsa != NULL && (rsa->flags & RSA_FLAG_EXT_PKEY) != 0)
884 return (ISC_TRUE);
885 return (ISC_TF(rsa != NULL && rsa->d != NULL));
886 }
887
888 static void
889 opensslrsa_destroy(dst_key_t *key) {
890 #if USE_EVP
891 EVP_PKEY *pkey = key->keydata.pkey;
892 EVP_PKEY_free(pkey);
893 key->keydata.pkey = NULL;
894 #else
895 RSA *rsa = key->keydata.rsa;
896 RSA_free(rsa);
897 key->keydata.rsa = NULL;
898 #endif
899 }
900
901
902 static isc_result_t
903 opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
904 isc_region_t r;
905 unsigned int e_bytes;
906 unsigned int mod_bytes;
907 isc_result_t ret;
908 RSA *rsa;
909 #if USE_EVP
910 EVP_PKEY *pkey;
911 #endif
912
913 #if USE_EVP
914 REQUIRE(key->keydata.pkey != NULL);
915 #else
916 REQUIRE(key->keydata.rsa != NULL);
917 #endif
918
919 #if USE_EVP
920 pkey = key->keydata.pkey;
921 rsa = EVP_PKEY_get1_RSA(pkey);
922 if (rsa == NULL)
923 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
924 #else
925 rsa = key->keydata.rsa;
926 #endif
927
928 isc_buffer_availableregion(data, &r);
929
930 e_bytes = BN_num_bytes(rsa->e);
931 mod_bytes = BN_num_bytes(rsa->n);
932
933 if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */
934 if (r.length < 1)
935 DST_RET(ISC_R_NOSPACE);
936 isc_buffer_putuint8(data, (isc_uint8_t) e_bytes);
937 isc_region_consume(&r, 1);
938 } else {
939 if (r.length < 3)
940 DST_RET(ISC_R_NOSPACE);
941 isc_buffer_putuint8(data, 0);
942 isc_buffer_putuint16(data, (isc_uint16_t) e_bytes);
943 isc_region_consume(&r, 3);
944 }
945
946 if (r.length < e_bytes + mod_bytes)
947 DST_RET(ISC_R_NOSPACE);
948
949 BN_bn2bin(rsa->e, r.base);
950 isc_region_consume(&r, e_bytes);
951 BN_bn2bin(rsa->n, r.base);
952
953 isc_buffer_add(data, e_bytes + mod_bytes);
954
955 ret = ISC_R_SUCCESS;
956 err:
957 #if USE_EVP
958 if (rsa != NULL)
959 RSA_free(rsa);
960 #endif
961 return (ret);
962 }
963
964 static isc_result_t
965 opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
966 RSA *rsa;
967 isc_region_t r;
968 unsigned int e_bytes;
969 unsigned int length;
970 #if USE_EVP
971 EVP_PKEY *pkey;
972 #endif
973
974 isc_buffer_remainingregion(data, &r);
975 if (r.length == 0)
976 return (ISC_R_SUCCESS);
977 length = r.length;
978
979 rsa = RSA_new();
980 if (rsa == NULL)
981 return (dst__openssl_toresult(ISC_R_NOMEMORY));
982 SET_FLAGS(rsa);
983
984 if (r.length < 1) {
985 RSA_free(rsa);
986 return (DST_R_INVALIDPUBLICKEY);
987 }
988 e_bytes = *r.base;
989 isc_region_consume(&r, 1);
990
991 if (e_bytes == 0) {
992 if (r.length < 2) {
993 RSA_free(rsa);
994 return (DST_R_INVALIDPUBLICKEY);
995 }
996 e_bytes = (*r.base) << 8;
997 isc_region_consume(&r, 1);
998 e_bytes += *r.base;
999 isc_region_consume(&r, 1);
1000 }
1001
1002 if (r.length < e_bytes) {
1003 RSA_free(rsa);
1004 return (DST_R_INVALIDPUBLICKEY);
1005 }
1006 rsa->e = BN_bin2bn(r.base, e_bytes, NULL);
1007 isc_region_consume(&r, e_bytes);
1008
1009 rsa->n = BN_bin2bn(r.base, r.length, NULL);
1010
1011 key->key_size = BN_num_bits(rsa->n);
1012
1013 isc_buffer_forward(data, length);
1014
1015 #if USE_EVP
1016 pkey = EVP_PKEY_new();
1017 if (pkey == NULL) {
1018 RSA_free(rsa);
1019 return (ISC_R_NOMEMORY);
1020 }
1021 if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
1022 EVP_PKEY_free(pkey);
1023 RSA_free(rsa);
1024 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1025 }
1026 key->keydata.pkey = pkey;
1027 RSA_free(rsa);
1028 #else
1029 key->keydata.rsa = rsa;
1030 #endif
1031
1032 return (ISC_R_SUCCESS);
1033 }
1034
1035 static isc_result_t
1036 opensslrsa_tofile(const dst_key_t *key, const char *directory) {
1037 int i;
1038 RSA *rsa;
1039 dst_private_t priv;
1040 unsigned char *bufs[8];
1041 isc_result_t result;
1042
1043 #if USE_EVP
1044 if (key->keydata.pkey == NULL)
1045 return (DST_R_NULLKEY);
1046 rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
1047 if (rsa == NULL)
1048 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1049 #else
1050 if (key->keydata.rsa == NULL)
1051 return (DST_R_NULLKEY);
1052 rsa = key->keydata.rsa;
1053 #endif
1054 memset(bufs, 0, sizeof(bufs));
1055
1056 if (key->external) {
1057 priv.nelements = 0;
1058 result = dst__privstruct_writefile(key, &priv, directory);
1059 goto fail;
1060 }
1061
1062 for (i = 0; i < 8; i++) {
1063 bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n));
1064 if (bufs[i] == NULL) {
1065 result = ISC_R_NOMEMORY;
1066 goto fail;
1067 }
1068 }
1069
1070 i = 0;
1071
1072 priv.elements[i].tag = TAG_RSA_MODULUS;
1073 priv.elements[i].length = BN_num_bytes(rsa->n);
1074 BN_bn2bin(rsa->n, bufs[i]);
1075 priv.elements[i].data = bufs[i];
1076 i++;
1077
1078 priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT;
1079 priv.elements[i].length = BN_num_bytes(rsa->e);
1080 BN_bn2bin(rsa->e, bufs[i]);
1081 priv.elements[i].data = bufs[i];
1082 i++;
1083
1084 if (rsa->d != NULL) {
1085 priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT;
1086 priv.elements[i].length = BN_num_bytes(rsa->d);
1087 BN_bn2bin(rsa->d, bufs[i]);
1088 priv.elements[i].data = bufs[i];
1089 i++;
1090 }
1091
1092 if (rsa->p != NULL) {
1093 priv.elements[i].tag = TAG_RSA_PRIME1;
1094 priv.elements[i].length = BN_num_bytes(rsa->p);
1095 BN_bn2bin(rsa->p, bufs[i]);
1096 priv.elements[i].data = bufs[i];
1097 i++;
1098 }
1099
1100 if (rsa->q != NULL) {
1101 priv.elements[i].tag = TAG_RSA_PRIME2;
1102 priv.elements[i].length = BN_num_bytes(rsa->q);
1103 BN_bn2bin(rsa->q, bufs[i]);
1104 priv.elements[i].data = bufs[i];
1105 i++;
1106 }
1107
1108 if (rsa->dmp1 != NULL) {
1109 priv.elements[i].tag = TAG_RSA_EXPONENT1;
1110 priv.elements[i].length = BN_num_bytes(rsa->dmp1);
1111 BN_bn2bin(rsa->dmp1, bufs[i]);
1112 priv.elements[i].data = bufs[i];
1113 i++;
1114 }
1115
1116 if (rsa->dmq1 != NULL) {
1117 priv.elements[i].tag = TAG_RSA_EXPONENT2;
1118 priv.elements[i].length = BN_num_bytes(rsa->dmq1);
1119 BN_bn2bin(rsa->dmq1, bufs[i]);
1120 priv.elements[i].data = bufs[i];
1121 i++;
1122 }
1123
1124 if (rsa->iqmp != NULL) {
1125 priv.elements[i].tag = TAG_RSA_COEFFICIENT;
1126 priv.elements[i].length = BN_num_bytes(rsa->iqmp);
1127 BN_bn2bin(rsa->iqmp, bufs[i]);
1128 priv.elements[i].data = bufs[i];
1129 i++;
1130 }
1131
1132 if (key->engine != NULL) {
1133 priv.elements[i].tag = TAG_RSA_ENGINE;
1134 priv.elements[i].length = strlen(key->engine) + 1;
1135 priv.elements[i].data = (unsigned char *)key->engine;
1136 i++;
1137 }
1138
1139 if (key->label != NULL) {
1140 priv.elements[i].tag = TAG_RSA_LABEL;
1141 priv.elements[i].length = strlen(key->label) + 1;
1142 priv.elements[i].data = (unsigned char *)key->label;
1143 i++;
1144 }
1145
1146
1147 priv.nelements = i;
1148 result = dst__privstruct_writefile(key, &priv, directory);
1149 fail:
1150 #if USE_EVP
1151 RSA_free(rsa);
1152 #endif
1153 for (i = 0; i < 8; i++) {
1154 if (bufs[i] == NULL)
1155 break;
1156 isc_mem_put(key->mctx, bufs[i], BN_num_bytes(rsa->n));
1157 }
1158 return (result);
1159 }
1160
1161 static isc_result_t
1162 rsa_check(RSA *rsa, RSA *pub)
1163 {
1164 /* Public parameters should be the same but if they are not set
1165 * copy them from the public key. */
1166 if (pub != NULL) {
1167 if (rsa->n != NULL) {
1168 if (BN_cmp(rsa->n, pub->n) != 0)
1169 return (DST_R_INVALIDPRIVATEKEY);
1170 } else {
1171 rsa->n = pub->n;
1172 pub->n = NULL;
1173 }
1174 if (rsa->e != NULL) {
1175 if (BN_cmp(rsa->e, pub->e) != 0)
1176 return (DST_R_INVALIDPRIVATEKEY);
1177 } else {
1178 rsa->e = pub->e;
1179 pub->e = NULL;
1180 }
1181 }
1182 if (rsa->n == NULL || rsa->e == NULL)
1183 return (DST_R_INVALIDPRIVATEKEY);
1184 return (ISC_R_SUCCESS);
1185 }
1186
1187 static isc_result_t
1188 opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
1189 dst_private_t priv;
1190 isc_result_t ret;
1191 int i;
1192 RSA *rsa = NULL, *pubrsa = NULL;
1193 #ifdef USE_ENGINE
1194 ENGINE *e = NULL;
1195 #endif
1196 isc_mem_t *mctx = key->mctx;
1197 const char *engine = NULL, *label = NULL;
1198 #if defined(USE_ENGINE) || USE_EVP
1199 EVP_PKEY *pkey = NULL;
1200 #endif
1201
1202 /* read private key file */
1203 ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
1204 if (ret != ISC_R_SUCCESS)
1205 goto err;
1206
1207 if (key->external) {
1208 if (priv.nelements != 0)
1209 DST_RET(DST_R_INVALIDPRIVATEKEY);
1210 if (pub == NULL)
1211 DST_RET(DST_R_INVALIDPRIVATEKEY);
1212 key->keydata.pkey = pub->keydata.pkey;
1213 pub->keydata.pkey = NULL;
1214 key->key_size = pub->key_size;
1215 dst__privstruct_free(&priv, mctx);
1216 memset(&priv, 0, sizeof(priv));
1217 return (ISC_R_SUCCESS);
1218 }
1219
1220 #if USE_EVP
1221 if (pub != NULL && pub->keydata.pkey != NULL)
1222 pubrsa = EVP_PKEY_get1_RSA(pub->keydata.pkey);
1223 #else
1224 if (pub != NULL && pub->keydata.rsa != NULL) {
1225 pubrsa = pub->keydata.rsa;
1226 pub->keydata.rsa = NULL;
1227 }
1228 #endif
1229
1230 for (i = 0; i < priv.nelements; i++) {
1231 switch (priv.elements[i].tag) {
1232 case TAG_RSA_ENGINE:
1233 engine = (char *)priv.elements[i].data;
1234 break;
1235 case TAG_RSA_LABEL:
1236 label = (char *)priv.elements[i].data;
1237 break;
1238 default:
1239 break;
1240 }
1241 }
1242
1243 /*
1244 * Is this key is stored in a HSM?
1245 * See if we can fetch it.
1246 */
1247 if (label != NULL) {
1248 #ifdef USE_ENGINE
1249 if (engine == NULL)
1250 DST_RET(DST_R_NOENGINE);
1251 e = dst__openssl_getengine(engine);
1252 if (e == NULL)
1253 DST_RET(DST_R_NOENGINE);
1254 pkey = ENGINE_load_private_key(e, label, NULL, NULL);
1255 if (pkey == NULL)
1256 DST_RET(dst__openssl_toresult2(
1257 "ENGINE_load_private_key",
1258 ISC_R_NOTFOUND));
1259 key->engine = isc_mem_strdup(key->mctx, engine);
1260 if (key->engine == NULL)
1261 DST_RET(ISC_R_NOMEMORY);
1262 key->label = isc_mem_strdup(key->mctx, label);
1263 if (key->label == NULL)
1264 DST_RET(ISC_R_NOMEMORY);
1265 rsa = EVP_PKEY_get1_RSA(pkey);
1266 if (rsa == NULL)
1267 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1268 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
1269 DST_RET(DST_R_INVALIDPRIVATEKEY);
1270 if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS)
1271 DST_RET(ISC_R_RANGE);
1272 if (pubrsa != NULL)
1273 RSA_free(pubrsa);
1274 key->key_size = EVP_PKEY_bits(pkey);
1275 #if USE_EVP
1276 key->keydata.pkey = pkey;
1277 RSA_free(rsa);
1278 #else
1279 key->keydata.rsa = rsa;
1280 EVP_PKEY_free(pkey);
1281 #endif
1282 dst__privstruct_free(&priv, mctx);
1283 memset(&priv, 0, sizeof(priv));
1284 return (ISC_R_SUCCESS);
1285 #else
1286 DST_RET(DST_R_NOENGINE);
1287 #endif
1288 }
1289
1290 rsa = RSA_new();
1291 if (rsa == NULL)
1292 DST_RET(ISC_R_NOMEMORY);
1293 SET_FLAGS(rsa);
1294
1295 #if USE_EVP
1296 pkey = EVP_PKEY_new();
1297 if (pkey == NULL)
1298 DST_RET(ISC_R_NOMEMORY);
1299 if (!EVP_PKEY_set1_RSA(pkey, rsa))
1300 DST_RET(ISC_R_FAILURE);
1301 key->keydata.pkey = pkey;
1302 #else
1303 key->keydata.rsa = rsa;
1304 #endif
1305
1306 for (i = 0; i < priv.nelements; i++) {
1307 BIGNUM *bn;
1308 switch (priv.elements[i].tag) {
1309 case TAG_RSA_ENGINE:
1310 continue;
1311 case TAG_RSA_LABEL:
1312 continue;
1313 default:
1314 bn = BN_bin2bn(priv.elements[i].data,
1315 priv.elements[i].length, NULL);
1316 if (bn == NULL)
1317 DST_RET(ISC_R_NOMEMORY);
1318 }
1319
1320 switch (priv.elements[i].tag) {
1321 case TAG_RSA_MODULUS:
1322 rsa->n = bn;
1323 break;
1324 case TAG_RSA_PUBLICEXPONENT:
1325 rsa->e = bn;
1326 break;
1327 case TAG_RSA_PRIVATEEXPONENT:
1328 rsa->d = bn;
1329 break;
1330 case TAG_RSA_PRIME1:
1331 rsa->p = bn;
1332 break;
1333 case TAG_RSA_PRIME2:
1334 rsa->q = bn;
1335 break;
1336 case TAG_RSA_EXPONENT1:
1337 rsa->dmp1 = bn;
1338 break;
1339 case TAG_RSA_EXPONENT2:
1340 rsa->dmq1 = bn;
1341 break;
1342 case TAG_RSA_COEFFICIENT:
1343 rsa->iqmp = bn;
1344 break;
1345 }
1346 }
1347 dst__privstruct_free(&priv, mctx);
1348 memset(&priv, 0, sizeof(priv));
1349
1350 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
1351 DST_RET(DST_R_INVALIDPRIVATEKEY);
1352 if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS)
1353 DST_RET(ISC_R_RANGE);
1354 key->key_size = BN_num_bits(rsa->n);
1355 if (pubrsa != NULL)
1356 RSA_free(pubrsa);
1357 #if USE_EVP
1358 RSA_free(rsa);
1359 #endif
1360
1361 return (ISC_R_SUCCESS);
1362
1363 err:
1364 #if USE_EVP
1365 if (pkey != NULL)
1366 EVP_PKEY_free(pkey);
1367 #endif
1368 if (rsa != NULL)
1369 RSA_free(rsa);
1370 if (pubrsa != NULL)
1371 RSA_free(pubrsa);
1372 key->keydata.generic = NULL;
1373 dst__privstruct_free(&priv, mctx);
1374 memset(&priv, 0, sizeof(priv));
1375 return (ret);
1376 }
1377
1378 static isc_result_t
1379 opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
1380 const char *pin)
1381 {
1382 #ifdef USE_ENGINE
1383 ENGINE *e = NULL;
1384 isc_result_t ret;
1385 EVP_PKEY *pkey = NULL;
1386 RSA *rsa = NULL, *pubrsa = NULL;
1387 char *colon;
1388
1389 UNUSED(pin);
1390
1391 if (engine == NULL)
1392 DST_RET(DST_R_NOENGINE);
1393 e = dst__openssl_getengine(engine);
1394 if (e == NULL)
1395 DST_RET(DST_R_NOENGINE);
1396 pkey = ENGINE_load_public_key(e, label, NULL, NULL);
1397 if (pkey != NULL) {
1398 pubrsa = EVP_PKEY_get1_RSA(pkey);
1399 EVP_PKEY_free(pkey);
1400 if (pubrsa == NULL)
1401 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1402 }
1403 pkey = ENGINE_load_private_key(e, label, NULL, NULL);
1404 if (pkey == NULL)
1405 DST_RET(dst__openssl_toresult2("ENGINE_load_private_key",
1406 ISC_R_NOTFOUND));
1407 if (engine != NULL) {
1408 key->engine = isc_mem_strdup(key->mctx, engine);
1409 if (key->engine == NULL)
1410 DST_RET(ISC_R_NOMEMORY);
1411 } else {
1412 key->engine = isc_mem_strdup(key->mctx, label);
1413 if (key->engine == NULL)
1414 DST_RET(ISC_R_NOMEMORY);
1415 colon = strchr(key->engine, ':');
1416 if (colon != NULL)
1417 *colon = '\0';
1418 }
1419 key->label = isc_mem_strdup(key->mctx, label);
1420 if (key->label == NULL)
1421 DST_RET(ISC_R_NOMEMORY);
1422 rsa = EVP_PKEY_get1_RSA(pkey);
1423 if (rsa == NULL)
1424 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1425 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
1426 DST_RET(DST_R_INVALIDPRIVATEKEY);
1427 if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS)
1428 DST_RET(ISC_R_RANGE);
1429 if (pubrsa != NULL)
1430 RSA_free(pubrsa);
1431 key->key_size = EVP_PKEY_bits(pkey);
1432 #if USE_EVP
1433 key->keydata.pkey = pkey;
1434 RSA_free(rsa);
1435 #else
1436 key->keydata.rsa = rsa;
1437 EVP_PKEY_free(pkey);
1438 #endif
1439 return (ISC_R_SUCCESS);
1440
1441 err:
1442 if (rsa != NULL)
1443 RSA_free(rsa);
1444 if (pubrsa != NULL)
1445 RSA_free(pubrsa);
1446 if (pkey != NULL)
1447 EVP_PKEY_free(pkey);
1448 return (ret);
1449 #else
1450 UNUSED(key);
1451 UNUSED(engine);
1452 UNUSED(label);
1453 UNUSED(pin);
1454 return(DST_R_NOENGINE);
1455 #endif
1456 }
1457
1458 static dst_func_t opensslrsa_functions = {
1459 opensslrsa_createctx,
1460 NULL, /*%< createctx2 */
1461 opensslrsa_destroyctx,
1462 opensslrsa_adddata,
1463 opensslrsa_sign,
1464 opensslrsa_verify,
1465 opensslrsa_verify2,
1466 NULL, /*%< computesecret */
1467 opensslrsa_compare,
1468 NULL, /*%< paramcompare */
1469 opensslrsa_generate,
1470 opensslrsa_isprivate,
1471 opensslrsa_destroy,
1472 opensslrsa_todns,
1473 opensslrsa_fromdns,
1474 opensslrsa_tofile,
1475 opensslrsa_parse,
1476 NULL, /*%< cleanup */
1477 opensslrsa_fromlabel,
1478 NULL, /*%< dump */
1479 NULL, /*%< restore */
1480 };
1481
1482 isc_result_t
1483 dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) {
1484 REQUIRE(funcp != NULL);
1485
1486 if (*funcp == NULL) {
1487 switch (algorithm) {
1488 case DST_ALG_RSASHA256:
1489 #if defined(HAVE_EVP_SHA256) || !USE_EVP
1490 *funcp = &opensslrsa_functions;
1491 #endif
1492 break;
1493 case DST_ALG_RSASHA512:
1494 #if defined(HAVE_EVP_SHA512) || !USE_EVP
1495 *funcp = &opensslrsa_functions;
1496 #endif
1497 break;
1498 default:
1499 *funcp = &opensslrsa_functions;
1500 break;
1501 }
1502 }
1503 return (ISC_R_SUCCESS);
1504 }
1505
1506 #else /* OPENSSL */
1507
1508 #include <isc/util.h>
1509
1510 EMPTY_TRANSLATION_UNIT
1511
1512 #endif /* OPENSSL */
1513 /*! \file */
MINIX 3 (repo.or.cz mirror)