1 /* $NetBSD: opensslrsa_link.c,v 1.10 2015/09/03 07:33:34 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2004-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC") 5 * Copyright (C) 2000-2003 Internet Software Consortium. 6 * 7 * Permission to use, copy, modify, and/or distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Principal Author: Brian Wellington 22 * Id 23 */ 24 #ifdef OPENSSL 25 #include <config.h> 26 27 #ifndef USE_EVP 28 #if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA512) 29 #define USE_EVP 0 30 #else 31 #define USE_EVP 1 32 #endif 33 #endif 34 35 36 #include <isc/entropy.h> 37 #include <isc/md5.h> 38 #include <isc/sha1.h> 39 #include <isc/sha2.h> 40 #include <isc/mem.h> 41 #include <isc/string.h> 42 #include <isc/util.h> 43 44 #include <dst/result.h> 45 46 #include "dst_internal.h" 47 #include "dst_openssl.h" 48 #include "dst_parse.h" 49 50 #include <openssl/err.h> 51 #include <openssl/objects.h> 52 #include <openssl/rsa.h> 53 #if OPENSSL_VERSION_NUMBER > 0x00908000L 54 #include <openssl/bn.h> 55 #endif 56 #ifdef USE_ENGINE 57 #include <openssl/engine.h> 58 #endif 59 60 /* 61 * Limit the size of public exponents. 62 */ 63 #ifndef RSA_MAX_PUBEXP_BITS 64 #define RSA_MAX_PUBEXP_BITS 35 65 #endif 66 67 /* 68 * We don't use configure for windows so enforce the OpenSSL version 69 * here. Unlike with configure we don't support overriding this test. 70 */ 71 #ifdef WIN32 72 #if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \ 73 OPENSSL_VERSION_NUMBER < 0x00908000L) || \ 74 OPENSSL_VERSION_NUMBER >= 0x0090804fL) 75 #error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater. 76 #endif 77 #endif 78 79 80 /* 81 * XXXMPA Temporarily disable RSA_BLINDING as it requires 82 * good quality random data that cannot currently be guaranteed. 83 * XXXMPA Find which versions of openssl use pseudo random data 84 * and set RSA_FLAG_BLINDING for those. 85 */ 86 87 #if 0 88 #if OPENSSL_VERSION_NUMBER < 0x0090601fL 89 #define SET_FLAGS(rsa) \ 90 do { \ 91 (rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \ 92 (rsa)->flags |= RSA_FLAG_BLINDING; \ 93 } while (/*CONSTCOND*/0) 94 #else 95 #define SET_FLAGS(rsa) \ 96 do { \ 97 (rsa)->flags |= RSA_FLAG_BLINDING; \ 98 } while (/*CONSTCOND*/0) 99 #endif 100 #endif 101 102 #if OPENSSL_VERSION_NUMBER < 0x0090601fL 103 #define SET_FLAGS(rsa) \ 104 do { \ 105 (rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \ 106 (rsa)->flags &= ~RSA_FLAG_BLINDING; \ 107 } while (/*CONSTCOND*/0) 108 #elif defined(RSA_FLAG_NO_BLINDING) 109 #define SET_FLAGS(rsa) \ 110 do { \ 111 (rsa)->flags &= ~RSA_FLAG_BLINDING; \ 112 (rsa)->flags |= RSA_FLAG_NO_BLINDING; \ 113 } while (/*CONSTCOND*/0) 114 #else 115 #define SET_FLAGS(rsa) \ 116 do { \ 117 (rsa)->flags &= ~RSA_FLAG_BLINDING; \ 118 } while (/*CONSTCOND*/0) 119 #endif 120 121 #define DST_RET(a) {ret = a; goto err;} 122 123 static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data); 124 125 static isc_result_t 126 opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) { 127 #if USE_EVP 128 EVP_MD_CTX *evp_md_ctx; 129 const EVP_MD *type = NULL; 130 #endif 131 132 UNUSED(key); 133 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || 134 dctx->key->key_alg == DST_ALG_RSASHA1 || 135 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 136 dctx->key->key_alg == DST_ALG_RSASHA256 || 137 dctx->key->key_alg == DST_ALG_RSASHA512); 138 139 #if USE_EVP 140 evp_md_ctx = EVP_MD_CTX_create(); 141 if (evp_md_ctx == NULL) 142 return (ISC_R_NOMEMORY); 143 144 switch (dctx->key->key_alg) { 145 case DST_ALG_RSAMD5: 146 type = EVP_md5(); /* MD5 + RSA */ 147 break; 148 case DST_ALG_RSASHA1: 149 case DST_ALG_NSEC3RSASHA1: 150 type = EVP_sha1(); /* SHA1 + RSA */ 151 break; 152 #ifdef HAVE_EVP_SHA256 153 case DST_ALG_RSASHA256: 154 type = EVP_sha256(); /* SHA256 + RSA */ 155 break; 156 #endif 157 #ifdef HAVE_EVP_SHA512 158 case DST_ALG_RSASHA512: 159 type = EVP_sha512(); 160 break; 161 #endif 162 default: 163 INSIST(0); 164 } 165 166 if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) { 167 EVP_MD_CTX_destroy(evp_md_ctx); 168 return (dst__openssl_toresult3(dctx->category, 169 "EVP_DigestInit_ex", 170 ISC_R_FAILURE)); 171 } 172 dctx->ctxdata.evp_md_ctx = evp_md_ctx; 173 #else 174 switch (dctx->key->key_alg) { 175 case DST_ALG_RSAMD5: 176 { 177 isc_md5_t *md5ctx; 178 179 md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t)); 180 if (md5ctx == NULL) 181 return (ISC_R_NOMEMORY); 182 isc_md5_init(md5ctx); 183 dctx->ctxdata.md5ctx = md5ctx; 184 } 185 break; 186 case DST_ALG_RSASHA1: 187 case DST_ALG_NSEC3RSASHA1: 188 { 189 isc_sha1_t *sha1ctx; 190 191 sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t)); 192 if (sha1ctx == NULL) 193 return (ISC_R_NOMEMORY); 194 isc_sha1_init(sha1ctx); 195 dctx->ctxdata.sha1ctx = sha1ctx; 196 } 197 break; 198 case DST_ALG_RSASHA256: 199 { 200 isc_sha256_t *sha256ctx; 201 202 sha256ctx = isc_mem_get(dctx->mctx, 203 sizeof(isc_sha256_t)); 204 if (sha256ctx == NULL) 205 return (ISC_R_NOMEMORY); 206 isc_sha256_init(sha256ctx); 207 dctx->ctxdata.sha256ctx = sha256ctx; 208 } 209 break; 210 case DST_ALG_RSASHA512: 211 { 212 isc_sha512_t *sha512ctx; 213 214 sha512ctx = isc_mem_get(dctx->mctx, 215 sizeof(isc_sha512_t)); 216 if (sha512ctx == NULL) 217 return (ISC_R_NOMEMORY); 218 isc_sha512_init(sha512ctx); 219 dctx->ctxdata.sha512ctx = sha512ctx; 220 } 221 break; 222 default: 223 INSIST(0); 224 } 225 #endif 226 227 return (ISC_R_SUCCESS); 228 } 229 230 static void 231 opensslrsa_destroyctx(dst_context_t *dctx) { 232 #if USE_EVP 233 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; 234 #endif 235 236 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || 237 dctx->key->key_alg == DST_ALG_RSASHA1 || 238 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 239 dctx->key->key_alg == DST_ALG_RSASHA256 || 240 dctx->key->key_alg == DST_ALG_RSASHA512); 241 242 #if USE_EVP 243 if (evp_md_ctx != NULL) { 244 EVP_MD_CTX_destroy(evp_md_ctx); 245 dctx->ctxdata.evp_md_ctx = NULL; 246 } 247 #else 248 switch (dctx->key->key_alg) { 249 case DST_ALG_RSAMD5: 250 { 251 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; 252 253 if (md5ctx != NULL) { 254 isc_md5_invalidate(md5ctx); 255 isc_mem_put(dctx->mctx, md5ctx, 256 sizeof(isc_md5_t)); 257 dctx->ctxdata.md5ctx = NULL; 258 } 259 } 260 break; 261 case DST_ALG_RSASHA1: 262 case DST_ALG_NSEC3RSASHA1: 263 { 264 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; 265 266 if (sha1ctx != NULL) { 267 isc_sha1_invalidate(sha1ctx); 268 isc_mem_put(dctx->mctx, sha1ctx, 269 sizeof(isc_sha1_t)); 270 dctx->ctxdata.sha1ctx = NULL; 271 } 272 } 273 break; 274 case DST_ALG_RSASHA256: 275 { 276 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx; 277 278 if (sha256ctx != NULL) { 279 isc_sha256_invalidate(sha256ctx); 280 isc_mem_put(dctx->mctx, sha256ctx, 281 sizeof(isc_sha256_t)); 282 dctx->ctxdata.sha256ctx = NULL; 283 } 284 } 285 break; 286 case DST_ALG_RSASHA512: 287 { 288 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx; 289 290 if (sha512ctx != NULL) { 291 isc_sha512_invalidate(sha512ctx); 292 isc_mem_put(dctx->mctx, sha512ctx, 293 sizeof(isc_sha512_t)); 294 dctx->ctxdata.sha512ctx = NULL; 295 } 296 } 297 break; 298 default: 299 INSIST(0); 300 } 301 #endif 302 } 303 304 static isc_result_t 305 opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) { 306 #if USE_EVP 307 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; 308 #endif 309 310 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || 311 dctx->key->key_alg == DST_ALG_RSASHA1 || 312 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 313 dctx->key->key_alg == DST_ALG_RSASHA256 || 314 dctx->key->key_alg == DST_ALG_RSASHA512); 315 316 #if USE_EVP 317 if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) { 318 return (dst__openssl_toresult3(dctx->category, 319 "EVP_DigestUpdate", 320 ISC_R_FAILURE)); 321 } 322 #else 323 switch (dctx->key->key_alg) { 324 case DST_ALG_RSAMD5: 325 { 326 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; 327 328 isc_md5_update(md5ctx, data->base, data->length); 329 } 330 break; 331 case DST_ALG_RSASHA1: 332 case DST_ALG_NSEC3RSASHA1: 333 { 334 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; 335 336 isc_sha1_update(sha1ctx, data->base, data->length); 337 } 338 break; 339 case DST_ALG_RSASHA256: 340 { 341 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx; 342 343 isc_sha256_update(sha256ctx, data->base, data->length); 344 } 345 break; 346 case DST_ALG_RSASHA512: 347 { 348 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx; 349 350 isc_sha512_update(sha512ctx, data->base, data->length); 351 } 352 break; 353 default: 354 INSIST(0); 355 } 356 #endif 357 return (ISC_R_SUCCESS); 358 } 359 360 #if ! USE_EVP && OPENSSL_VERSION_NUMBER < 0x00908000L 361 /* 362 * Digest prefixes from RFC 5702. 363 */ 364 static unsigned char sha256_prefix[] = 365 { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 366 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}; 367 static unsigned char sha512_prefix[] = 368 { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 369 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}; 370 #define PREFIXLEN sizeof(sha512_prefix) 371 #else 372 #define PREFIXLEN 0 373 #endif 374 375 static isc_result_t 376 opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { 377 dst_key_t *key = dctx->key; 378 isc_region_t r; 379 unsigned int siglen = 0; 380 #if USE_EVP 381 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; 382 EVP_PKEY *pkey = key->keydata.pkey; 383 #else 384 RSA *rsa = key->keydata.rsa; 385 /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */ 386 unsigned char digest[PREFIXLEN + ISC_SHA512_DIGESTLENGTH]; 387 int status; 388 int type = 0; 389 unsigned int digestlen = 0; 390 #if OPENSSL_VERSION_NUMBER < 0x00908000L 391 unsigned int prefixlen = 0; 392 const unsigned char *prefix = NULL; 393 #endif 394 #endif 395 396 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || 397 dctx->key->key_alg == DST_ALG_RSASHA1 || 398 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 399 dctx->key->key_alg == DST_ALG_RSASHA256 || 400 dctx->key->key_alg == DST_ALG_RSASHA512); 401 402 isc_buffer_availableregion(sig, &r); 403 404 #if USE_EVP 405 if (r.length < (unsigned int) EVP_PKEY_size(pkey)) 406 return (ISC_R_NOSPACE); 407 408 if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) { 409 return (dst__openssl_toresult3(dctx->category, 410 "EVP_SignFinal", 411 ISC_R_FAILURE)); 412 } 413 #else 414 if (r.length < (unsigned int) RSA_size(rsa)) 415 return (ISC_R_NOSPACE); 416 417 switch (dctx->key->key_alg) { 418 case DST_ALG_RSAMD5: 419 { 420 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; 421 422 isc_md5_final(md5ctx, digest); 423 type = NID_md5; 424 digestlen = ISC_MD5_DIGESTLENGTH; 425 } 426 break; 427 case DST_ALG_RSASHA1: 428 case DST_ALG_NSEC3RSASHA1: 429 { 430 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; 431 432 isc_sha1_final(sha1ctx, digest); 433 type = NID_sha1; 434 digestlen = ISC_SHA1_DIGESTLENGTH; 435 } 436 break; 437 case DST_ALG_RSASHA256: 438 { 439 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx; 440 441 isc_sha256_final(digest, sha256ctx); 442 digestlen = ISC_SHA256_DIGESTLENGTH; 443 #if OPENSSL_VERSION_NUMBER < 0x00908000L 444 prefix = sha256_prefix; 445 prefixlen = sizeof(sha256_prefix); 446 #else 447 type = NID_sha256; 448 #endif 449 } 450 break; 451 case DST_ALG_RSASHA512: 452 { 453 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx; 454 455 isc_sha512_final(digest, sha512ctx); 456 digestlen = ISC_SHA512_DIGESTLENGTH; 457 #if OPENSSL_VERSION_NUMBER < 0x00908000L 458 prefix = sha512_prefix; 459 prefixlen = sizeof(sha512_prefix); 460 #else 461 type = NID_sha512; 462 #endif 463 } 464 break; 465 default: 466 INSIST(0); 467 } 468 469 #if OPENSSL_VERSION_NUMBER < 0x00908000L 470 switch (dctx->key->key_alg) { 471 case DST_ALG_RSAMD5: 472 case DST_ALG_RSASHA1: 473 case DST_ALG_NSEC3RSASHA1: 474 INSIST(type != 0); 475 status = RSA_sign(type, digest, digestlen, r.base, 476 &siglen, rsa); 477 break; 478 479 case DST_ALG_RSASHA256: 480 case DST_ALG_RSASHA512: 481 INSIST(prefix != NULL); 482 INSIST(prefixlen != 0); 483 INSIST(prefixlen + digestlen <= sizeof(digest)); 484 485 memmove(digest + prefixlen, digest, digestlen); 486 memmove(digest, prefix, prefixlen); 487 status = RSA_private_encrypt(digestlen + prefixlen, 488 digest, r.base, rsa, 489 RSA_PKCS1_PADDING); 490 if (status < 0) 491 status = 0; 492 else 493 siglen = status; 494 break; 495 496 default: 497 INSIST(0); 498 } 499 #else 500 INSIST(type != 0); 501 status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa); 502 #endif 503 if (status == 0) 504 return (dst__openssl_toresult3(dctx->category, 505 "RSA_sign", 506 DST_R_OPENSSLFAILURE)); 507 #endif 508 509 isc_buffer_add(sig, siglen); 510 511 return (ISC_R_SUCCESS); 512 } 513 514 static isc_result_t 515 opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) { 516 dst_key_t *key = dctx->key; 517 int status = 0; 518 #if USE_EVP 519 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx; 520 EVP_PKEY *pkey = key->keydata.pkey; 521 RSA *rsa; 522 int bits; 523 #else 524 /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */ 525 unsigned char digest[ISC_SHA512_DIGESTLENGTH]; 526 int type = 0; 527 unsigned int digestlen = 0; 528 RSA *rsa = key->keydata.rsa; 529 #if OPENSSL_VERSION_NUMBER < 0x00908000L 530 unsigned int prefixlen = 0; 531 const unsigned char *prefix = NULL; 532 #endif 533 #endif 534 535 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 || 536 dctx->key->key_alg == DST_ALG_RSASHA1 || 537 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 538 dctx->key->key_alg == DST_ALG_RSASHA256 || 539 dctx->key->key_alg == DST_ALG_RSASHA512); 540 541 #if USE_EVP 542 rsa = EVP_PKEY_get1_RSA(pkey); 543 if (rsa == NULL) 544 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 545 bits = BN_num_bits(rsa->e); 546 RSA_free(rsa); 547 if (bits > maxbits && maxbits != 0) 548 return (DST_R_VERIFYFAILURE); 549 550 status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey); 551 switch (status) { 552 case 1: 553 return (ISC_R_SUCCESS); 554 case 0: 555 return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); 556 default: 557 return (dst__openssl_toresult3(dctx->category, 558 "EVP_VerifyFinal", 559 DST_R_VERIFYFAILURE)); 560 } 561 #else 562 if (BN_num_bits(rsa->e) > maxbits && maxbits != 0) 563 return (DST_R_VERIFYFAILURE); 564 565 switch (dctx->key->key_alg) { 566 case DST_ALG_RSAMD5: 567 { 568 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx; 569 570 isc_md5_final(md5ctx, digest); 571 type = NID_md5; 572 digestlen = ISC_MD5_DIGESTLENGTH; 573 } 574 break; 575 case DST_ALG_RSASHA1: 576 case DST_ALG_NSEC3RSASHA1: 577 { 578 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx; 579 580 isc_sha1_final(sha1ctx, digest); 581 type = NID_sha1; 582 digestlen = ISC_SHA1_DIGESTLENGTH; 583 } 584 break; 585 case DST_ALG_RSASHA256: 586 { 587 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx; 588 589 isc_sha256_final(digest, sha256ctx); 590 digestlen = ISC_SHA256_DIGESTLENGTH; 591 #if OPENSSL_VERSION_NUMBER < 0x00908000L 592 prefix = sha256_prefix; 593 prefixlen = sizeof(sha256_prefix); 594 #else 595 type = NID_sha256; 596 #endif 597 } 598 break; 599 case DST_ALG_RSASHA512: 600 { 601 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx; 602 603 isc_sha512_final(digest, sha512ctx); 604 digestlen = ISC_SHA512_DIGESTLENGTH; 605 #if OPENSSL_VERSION_NUMBER < 0x00908000L 606 prefix = sha512_prefix; 607 prefixlen = sizeof(sha512_prefix); 608 #else 609 type = NID_sha512; 610 #endif 611 } 612 break; 613 default: 614 INSIST(0); 615 } 616 617 if (sig->length != (unsigned int) RSA_size(rsa)) 618 return (DST_R_VERIFYFAILURE); 619 620 #if OPENSSL_VERSION_NUMBER < 0x00908000L 621 switch (dctx->key->key_alg) { 622 case DST_ALG_RSAMD5: 623 case DST_ALG_RSASHA1: 624 case DST_ALG_NSEC3RSASHA1: 625 INSIST(type != 0); 626 status = RSA_verify(type, digest, digestlen, sig->base, 627 RSA_size(rsa), rsa); 628 break; 629 630 case DST_ALG_RSASHA256: 631 case DST_ALG_RSASHA512: 632 { 633 /* 634 * 1024 is big enough for all valid RSA bit sizes 635 * for use with DNSSEC. 636 */ 637 unsigned char original[PREFIXLEN + 1024]; 638 639 INSIST(prefix != NULL); 640 INSIST(prefixlen != 0U); 641 642 if (RSA_size(rsa) > (int)sizeof(original)) 643 return (DST_R_VERIFYFAILURE); 644 645 status = RSA_public_decrypt(sig->length, sig->base, 646 original, rsa, 647 RSA_PKCS1_PADDING); 648 if (status <= 0) 649 return (dst__openssl_toresult3( 650 dctx->category, 651 "RSA_public_decrypt", 652 DST_R_VERIFYFAILURE)); 653 if (status != (int)(prefixlen + digestlen)) 654 return (DST_R_VERIFYFAILURE); 655 if (memcmp(original, prefix, prefixlen)) 656 return (DST_R_VERIFYFAILURE); 657 if (memcmp(original + prefixlen, digest, digestlen)) 658 return (DST_R_VERIFYFAILURE); 659 status = 1; 660 } 661 break; 662 663 default: 664 INSIST(0); 665 } 666 #else 667 INSIST(type != 0); 668 status = RSA_verify(type, digest, digestlen, sig->base, 669 RSA_size(rsa), rsa); 670 #endif 671 if (status != 1) 672 return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); 673 return (ISC_R_SUCCESS); 674 #endif 675 } 676 677 static isc_result_t 678 opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { 679 return (opensslrsa_verify2(dctx, 0, sig)); 680 } 681 682 static isc_boolean_t 683 opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) { 684 int status; 685 RSA *rsa1 = NULL, *rsa2 = NULL; 686 #if USE_EVP 687 EVP_PKEY *pkey1, *pkey2; 688 #endif 689 690 #if USE_EVP 691 pkey1 = key1->keydata.pkey; 692 pkey2 = key2->keydata.pkey; 693 /* 694 * The pkey reference will keep these around after 695 * the RSA_free() call. 696 */ 697 if (pkey1 != NULL) { 698 rsa1 = EVP_PKEY_get1_RSA(pkey1); 699 RSA_free(rsa1); 700 } 701 if (pkey2 != NULL) { 702 rsa2 = EVP_PKEY_get1_RSA(pkey2); 703 RSA_free(rsa2); 704 } 705 #else 706 rsa1 = key1->keydata.rsa; 707 rsa2 = key2->keydata.rsa; 708 #endif 709 710 if (rsa1 == NULL && rsa2 == NULL) 711 return (ISC_TRUE); 712 else if (rsa1 == NULL || rsa2 == NULL) 713 return (ISC_FALSE); 714 715 status = BN_cmp(rsa1->n, rsa2->n) || 716 BN_cmp(rsa1->e, rsa2->e); 717 718 if (status != 0) 719 return (ISC_FALSE); 720 721 #if USE_EVP 722 if ((rsa1->flags & RSA_FLAG_EXT_PKEY) != 0 || 723 (rsa2->flags & RSA_FLAG_EXT_PKEY) != 0) { 724 if ((rsa1->flags & RSA_FLAG_EXT_PKEY) == 0 || 725 (rsa2->flags & RSA_FLAG_EXT_PKEY) == 0) 726 return (ISC_FALSE); 727 /* 728 * Can't compare private parameters, BTW does it make sense? 729 */ 730 return (ISC_TRUE); 731 } 732 #endif 733 734 if (rsa1->d != NULL || rsa2->d != NULL) { 735 if (rsa1->d == NULL || rsa2->d == NULL) 736 return (ISC_FALSE); 737 status = BN_cmp(rsa1->d, rsa2->d) || 738 BN_cmp(rsa1->p, rsa2->p) || 739 BN_cmp(rsa1->q, rsa2->q); 740 741 if (status != 0) 742 return (ISC_FALSE); 743 } 744 return (ISC_TRUE); 745 } 746 747 #if OPENSSL_VERSION_NUMBER > 0x00908000L 748 static int 749 progress_cb(int p, int n, BN_GENCB *cb) { 750 union { 751 void *dptr; 752 void (*fptr)(int); 753 } u; 754 755 UNUSED(n); 756 757 u.dptr = cb->arg; 758 if (u.fptr != NULL) 759 u.fptr(p); 760 return (1); 761 } 762 #endif 763 764 static isc_result_t 765 opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) { 766 #if OPENSSL_VERSION_NUMBER > 0x00908000L 767 isc_result_t ret = DST_R_OPENSSLFAILURE; 768 BN_GENCB cb; 769 union { 770 void *dptr; 771 void (*fptr)(int); 772 } u; 773 RSA *rsa = RSA_new(); 774 BIGNUM *e = BN_new(); 775 #if USE_EVP 776 EVP_PKEY *pkey = EVP_PKEY_new(); 777 #endif 778 779 if (rsa == NULL || e == NULL) 780 goto err; 781 #if USE_EVP 782 if (pkey == NULL) 783 goto err; 784 if (!EVP_PKEY_set1_RSA(pkey, rsa)) 785 goto err; 786 #endif 787 788 if (exp == 0) { 789 /* RSA_F4 0x10001 */ 790 BN_set_bit(e, 0); 791 BN_set_bit(e, 16); 792 } else { 793 /* (phased-out) F5 0x100000001 */ 794 BN_set_bit(e, 0); 795 BN_set_bit(e, 32); 796 } 797 798 if (callback == NULL) { 799 BN_GENCB_set_old(&cb, NULL, NULL); 800 } else { 801 u.fptr = callback; 802 BN_GENCB_set(&cb, &progress_cb, u.dptr); 803 } 804 805 if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) { 806 BN_free(e); 807 SET_FLAGS(rsa); 808 #if USE_EVP 809 key->keydata.pkey = pkey; 810 811 RSA_free(rsa); 812 #else 813 key->keydata.rsa = rsa; 814 #endif 815 return (ISC_R_SUCCESS); 816 } 817 ret = dst__openssl_toresult2("RSA_generate_key_ex", 818 DST_R_OPENSSLFAILURE); 819 820 err: 821 #if USE_EVP 822 if (pkey != NULL) 823 EVP_PKEY_free(pkey); 824 #endif 825 if (e != NULL) 826 BN_free(e); 827 if (rsa != NULL) 828 RSA_free(rsa); 829 return (dst__openssl_toresult(ret)); 830 #else 831 RSA *rsa; 832 unsigned long e; 833 #if USE_EVP 834 EVP_PKEY *pkey = EVP_PKEY_new(); 835 836 UNUSED(callback); 837 838 if (pkey == NULL) 839 return (ISC_R_NOMEMORY); 840 #else 841 UNUSED(callback); 842 #endif 843 844 if (exp == 0) 845 e = RSA_F4; 846 else 847 e = 0x40000003; 848 rsa = RSA_generate_key(key->key_size, e, NULL, NULL); 849 if (rsa == NULL) { 850 #if USE_EVP 851 EVP_PKEY_free(pkey); 852 #endif 853 return (dst__openssl_toresult2("RSA_generate_key", 854 DST_R_OPENSSLFAILURE)); 855 } 856 SET_FLAGS(rsa); 857 #if USE_EVP 858 if (!EVP_PKEY_set1_RSA(pkey, rsa)) { 859 EVP_PKEY_free(pkey); 860 RSA_free(rsa); 861 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 862 } 863 key->keydata.pkey = pkey; 864 RSA_free(rsa); 865 #else 866 key->keydata.rsa = rsa; 867 #endif 868 869 return (ISC_R_SUCCESS); 870 #endif 871 } 872 873 static isc_boolean_t 874 opensslrsa_isprivate(const dst_key_t *key) { 875 #if USE_EVP 876 RSA *rsa = EVP_PKEY_get1_RSA(key->keydata.pkey); 877 INSIST(rsa != NULL); 878 RSA_free(rsa); 879 /* key->keydata.pkey still has a reference so rsa is still valid. */ 880 #else 881 RSA *rsa = key->keydata.rsa; 882 #endif 883 if (rsa != NULL && (rsa->flags & RSA_FLAG_EXT_PKEY) != 0) 884 return (ISC_TRUE); 885 return (ISC_TF(rsa != NULL && rsa->d != NULL)); 886 } 887 888 static void 889 opensslrsa_destroy(dst_key_t *key) { 890 #if USE_EVP 891 EVP_PKEY *pkey = key->keydata.pkey; 892 EVP_PKEY_free(pkey); 893 key->keydata.pkey = NULL; 894 #else 895 RSA *rsa = key->keydata.rsa; 896 RSA_free(rsa); 897 key->keydata.rsa = NULL; 898 #endif 899 } 900 901 902 static isc_result_t 903 opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) { 904 isc_region_t r; 905 unsigned int e_bytes; 906 unsigned int mod_bytes; 907 isc_result_t ret; 908 RSA *rsa; 909 #if USE_EVP 910 EVP_PKEY *pkey; 911 #endif 912 913 #if USE_EVP 914 REQUIRE(key->keydata.pkey != NULL); 915 #else 916 REQUIRE(key->keydata.rsa != NULL); 917 #endif 918 919 #if USE_EVP 920 pkey = key->keydata.pkey; 921 rsa = EVP_PKEY_get1_RSA(pkey); 922 if (rsa == NULL) 923 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 924 #else 925 rsa = key->keydata.rsa; 926 #endif 927 928 isc_buffer_availableregion(data, &r); 929 930 e_bytes = BN_num_bytes(rsa->e); 931 mod_bytes = BN_num_bytes(rsa->n); 932 933 if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */ 934 if (r.length < 1) 935 DST_RET(ISC_R_NOSPACE); 936 isc_buffer_putuint8(data, (isc_uint8_t) e_bytes); 937 isc_region_consume(&r, 1); 938 } else { 939 if (r.length < 3) 940 DST_RET(ISC_R_NOSPACE); 941 isc_buffer_putuint8(data, 0); 942 isc_buffer_putuint16(data, (isc_uint16_t) e_bytes); 943 isc_region_consume(&r, 3); 944 } 945 946 if (r.length < e_bytes + mod_bytes) 947 DST_RET(ISC_R_NOSPACE); 948 949 BN_bn2bin(rsa->e, r.base); 950 isc_region_consume(&r, e_bytes); 951 BN_bn2bin(rsa->n, r.base); 952 953 isc_buffer_add(data, e_bytes + mod_bytes); 954 955 ret = ISC_R_SUCCESS; 956 err: 957 #if USE_EVP 958 if (rsa != NULL) 959 RSA_free(rsa); 960 #endif 961 return (ret); 962 } 963 964 static isc_result_t 965 opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) { 966 RSA *rsa; 967 isc_region_t r; 968 unsigned int e_bytes; 969 unsigned int length; 970 #if USE_EVP 971 EVP_PKEY *pkey; 972 #endif 973 974 isc_buffer_remainingregion(data, &r); 975 if (r.length == 0) 976 return (ISC_R_SUCCESS); 977 length = r.length; 978 979 rsa = RSA_new(); 980 if (rsa == NULL) 981 return (dst__openssl_toresult(ISC_R_NOMEMORY)); 982 SET_FLAGS(rsa); 983 984 if (r.length < 1) { 985 RSA_free(rsa); 986 return (DST_R_INVALIDPUBLICKEY); 987 } 988 e_bytes = *r.base; 989 isc_region_consume(&r, 1); 990 991 if (e_bytes == 0) { 992 if (r.length < 2) { 993 RSA_free(rsa); 994 return (DST_R_INVALIDPUBLICKEY); 995 } 996 e_bytes = (*r.base) << 8; 997 isc_region_consume(&r, 1); 998 e_bytes += *r.base; 999 isc_region_consume(&r, 1); 1000 } 1001 1002 if (r.length < e_bytes) { 1003 RSA_free(rsa); 1004 return (DST_R_INVALIDPUBLICKEY); 1005 } 1006 rsa->e = BN_bin2bn(r.base, e_bytes, NULL); 1007 isc_region_consume(&r, e_bytes); 1008 1009 rsa->n = BN_bin2bn(r.base, r.length, NULL); 1010 1011 key->key_size = BN_num_bits(rsa->n); 1012 1013 isc_buffer_forward(data, length); 1014 1015 #if USE_EVP 1016 pkey = EVP_PKEY_new(); 1017 if (pkey == NULL) { 1018 RSA_free(rsa); 1019 return (ISC_R_NOMEMORY); 1020 } 1021 if (!EVP_PKEY_set1_RSA(pkey, rsa)) { 1022 EVP_PKEY_free(pkey); 1023 RSA_free(rsa); 1024 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1025 } 1026 key->keydata.pkey = pkey; 1027 RSA_free(rsa); 1028 #else 1029 key->keydata.rsa = rsa; 1030 #endif 1031 1032 return (ISC_R_SUCCESS); 1033 } 1034 1035 static isc_result_t 1036 opensslrsa_tofile(const dst_key_t *key, const char *directory) { 1037 int i; 1038 RSA *rsa; 1039 dst_private_t priv; 1040 unsigned char *bufs[8]; 1041 isc_result_t result; 1042 1043 #if USE_EVP 1044 if (key->keydata.pkey == NULL) 1045 return (DST_R_NULLKEY); 1046 rsa = EVP_PKEY_get1_RSA(key->keydata.pkey); 1047 if (rsa == NULL) 1048 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1049 #else 1050 if (key->keydata.rsa == NULL) 1051 return (DST_R_NULLKEY); 1052 rsa = key->keydata.rsa; 1053 #endif 1054 memset(bufs, 0, sizeof(bufs)); 1055 1056 if (key->external) { 1057 priv.nelements = 0; 1058 result = dst__privstruct_writefile(key, &priv, directory); 1059 goto fail; 1060 } 1061 1062 for (i = 0; i < 8; i++) { 1063 bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n)); 1064 if (bufs[i] == NULL) { 1065 result = ISC_R_NOMEMORY; 1066 goto fail; 1067 } 1068 } 1069 1070 i = 0; 1071 1072 priv.elements[i].tag = TAG_RSA_MODULUS; 1073 priv.elements[i].length = BN_num_bytes(rsa->n); 1074 BN_bn2bin(rsa->n, bufs[i]); 1075 priv.elements[i].data = bufs[i]; 1076 i++; 1077 1078 priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT; 1079 priv.elements[i].length = BN_num_bytes(rsa->e); 1080 BN_bn2bin(rsa->e, bufs[i]); 1081 priv.elements[i].data = bufs[i]; 1082 i++; 1083 1084 if (rsa->d != NULL) { 1085 priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT; 1086 priv.elements[i].length = BN_num_bytes(rsa->d); 1087 BN_bn2bin(rsa->d, bufs[i]); 1088 priv.elements[i].data = bufs[i]; 1089 i++; 1090 } 1091 1092 if (rsa->p != NULL) { 1093 priv.elements[i].tag = TAG_RSA_PRIME1; 1094 priv.elements[i].length = BN_num_bytes(rsa->p); 1095 BN_bn2bin(rsa->p, bufs[i]); 1096 priv.elements[i].data = bufs[i]; 1097 i++; 1098 } 1099 1100 if (rsa->q != NULL) { 1101 priv.elements[i].tag = TAG_RSA_PRIME2; 1102 priv.elements[i].length = BN_num_bytes(rsa->q); 1103 BN_bn2bin(rsa->q, bufs[i]); 1104 priv.elements[i].data = bufs[i]; 1105 i++; 1106 } 1107 1108 if (rsa->dmp1 != NULL) { 1109 priv.elements[i].tag = TAG_RSA_EXPONENT1; 1110 priv.elements[i].length = BN_num_bytes(rsa->dmp1); 1111 BN_bn2bin(rsa->dmp1, bufs[i]); 1112 priv.elements[i].data = bufs[i]; 1113 i++; 1114 } 1115 1116 if (rsa->dmq1 != NULL) { 1117 priv.elements[i].tag = TAG_RSA_EXPONENT2; 1118 priv.elements[i].length = BN_num_bytes(rsa->dmq1); 1119 BN_bn2bin(rsa->dmq1, bufs[i]); 1120 priv.elements[i].data = bufs[i]; 1121 i++; 1122 } 1123 1124 if (rsa->iqmp != NULL) { 1125 priv.elements[i].tag = TAG_RSA_COEFFICIENT; 1126 priv.elements[i].length = BN_num_bytes(rsa->iqmp); 1127 BN_bn2bin(rsa->iqmp, bufs[i]); 1128 priv.elements[i].data = bufs[i]; 1129 i++; 1130 } 1131 1132 if (key->engine != NULL) { 1133 priv.elements[i].tag = TAG_RSA_ENGINE; 1134 priv.elements[i].length = strlen(key->engine) + 1; 1135 priv.elements[i].data = (unsigned char *)key->engine; 1136 i++; 1137 } 1138 1139 if (key->label != NULL) { 1140 priv.elements[i].tag = TAG_RSA_LABEL; 1141 priv.elements[i].length = strlen(key->label) + 1; 1142 priv.elements[i].data = (unsigned char *)key->label; 1143 i++; 1144 } 1145 1146 1147 priv.nelements = i; 1148 result = dst__privstruct_writefile(key, &priv, directory); 1149 fail: 1150 #if USE_EVP 1151 RSA_free(rsa); 1152 #endif 1153 for (i = 0; i < 8; i++) { 1154 if (bufs[i] == NULL) 1155 break; 1156 isc_mem_put(key->mctx, bufs[i], BN_num_bytes(rsa->n)); 1157 } 1158 return (result); 1159 } 1160 1161 static isc_result_t 1162 rsa_check(RSA *rsa, RSA *pub) 1163 { 1164 /* Public parameters should be the same but if they are not set 1165 * copy them from the public key. */ 1166 if (pub != NULL) { 1167 if (rsa->n != NULL) { 1168 if (BN_cmp(rsa->n, pub->n) != 0) 1169 return (DST_R_INVALIDPRIVATEKEY); 1170 } else { 1171 rsa->n = pub->n; 1172 pub->n = NULL; 1173 } 1174 if (rsa->e != NULL) { 1175 if (BN_cmp(rsa->e, pub->e) != 0) 1176 return (DST_R_INVALIDPRIVATEKEY); 1177 } else { 1178 rsa->e = pub->e; 1179 pub->e = NULL; 1180 } 1181 } 1182 if (rsa->n == NULL || rsa->e == NULL) 1183 return (DST_R_INVALIDPRIVATEKEY); 1184 return (ISC_R_SUCCESS); 1185 } 1186 1187 static isc_result_t 1188 opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { 1189 dst_private_t priv; 1190 isc_result_t ret; 1191 int i; 1192 RSA *rsa = NULL, *pubrsa = NULL; 1193 #ifdef USE_ENGINE 1194 ENGINE *e = NULL; 1195 #endif 1196 isc_mem_t *mctx = key->mctx; 1197 const char *engine = NULL, *label = NULL; 1198 #if defined(USE_ENGINE) || USE_EVP 1199 EVP_PKEY *pkey = NULL; 1200 #endif 1201 1202 /* read private key file */ 1203 ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv); 1204 if (ret != ISC_R_SUCCESS) 1205 goto err; 1206 1207 if (key->external) { 1208 if (priv.nelements != 0) 1209 DST_RET(DST_R_INVALIDPRIVATEKEY); 1210 if (pub == NULL) 1211 DST_RET(DST_R_INVALIDPRIVATEKEY); 1212 key->keydata.pkey = pub->keydata.pkey; 1213 pub->keydata.pkey = NULL; 1214 key->key_size = pub->key_size; 1215 dst__privstruct_free(&priv, mctx); 1216 memset(&priv, 0, sizeof(priv)); 1217 return (ISC_R_SUCCESS); 1218 } 1219 1220 #if USE_EVP 1221 if (pub != NULL && pub->keydata.pkey != NULL) 1222 pubrsa = EVP_PKEY_get1_RSA(pub->keydata.pkey); 1223 #else 1224 if (pub != NULL && pub->keydata.rsa != NULL) { 1225 pubrsa = pub->keydata.rsa; 1226 pub->keydata.rsa = NULL; 1227 } 1228 #endif 1229 1230 for (i = 0; i < priv.nelements; i++) { 1231 switch (priv.elements[i].tag) { 1232 case TAG_RSA_ENGINE: 1233 engine = (char *)priv.elements[i].data; 1234 break; 1235 case TAG_RSA_LABEL: 1236 label = (char *)priv.elements[i].data; 1237 break; 1238 default: 1239 break; 1240 } 1241 } 1242 1243 /* 1244 * Is this key is stored in a HSM? 1245 * See if we can fetch it. 1246 */ 1247 if (label != NULL) { 1248 #ifdef USE_ENGINE 1249 if (engine == NULL) 1250 DST_RET(DST_R_NOENGINE); 1251 e = dst__openssl_getengine(engine); 1252 if (e == NULL) 1253 DST_RET(DST_R_NOENGINE); 1254 pkey = ENGINE_load_private_key(e, label, NULL, NULL); 1255 if (pkey == NULL) 1256 DST_RET(dst__openssl_toresult2( 1257 "ENGINE_load_private_key", 1258 ISC_R_NOTFOUND)); 1259 key->engine = isc_mem_strdup(key->mctx, engine); 1260 if (key->engine == NULL) 1261 DST_RET(ISC_R_NOMEMORY); 1262 key->label = isc_mem_strdup(key->mctx, label); 1263 if (key->label == NULL) 1264 DST_RET(ISC_R_NOMEMORY); 1265 rsa = EVP_PKEY_get1_RSA(pkey); 1266 if (rsa == NULL) 1267 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1268 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) 1269 DST_RET(DST_R_INVALIDPRIVATEKEY); 1270 if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) 1271 DST_RET(ISC_R_RANGE); 1272 if (pubrsa != NULL) 1273 RSA_free(pubrsa); 1274 key->key_size = EVP_PKEY_bits(pkey); 1275 #if USE_EVP 1276 key->keydata.pkey = pkey; 1277 RSA_free(rsa); 1278 #else 1279 key->keydata.rsa = rsa; 1280 EVP_PKEY_free(pkey); 1281 #endif 1282 dst__privstruct_free(&priv, mctx); 1283 memset(&priv, 0, sizeof(priv)); 1284 return (ISC_R_SUCCESS); 1285 #else 1286 DST_RET(DST_R_NOENGINE); 1287 #endif 1288 } 1289 1290 rsa = RSA_new(); 1291 if (rsa == NULL) 1292 DST_RET(ISC_R_NOMEMORY); 1293 SET_FLAGS(rsa); 1294 1295 #if USE_EVP 1296 pkey = EVP_PKEY_new(); 1297 if (pkey == NULL) 1298 DST_RET(ISC_R_NOMEMORY); 1299 if (!EVP_PKEY_set1_RSA(pkey, rsa)) 1300 DST_RET(ISC_R_FAILURE); 1301 key->keydata.pkey = pkey; 1302 #else 1303 key->keydata.rsa = rsa; 1304 #endif 1305 1306 for (i = 0; i < priv.nelements; i++) { 1307 BIGNUM *bn; 1308 switch (priv.elements[i].tag) { 1309 case TAG_RSA_ENGINE: 1310 continue; 1311 case TAG_RSA_LABEL: 1312 continue; 1313 default: 1314 bn = BN_bin2bn(priv.elements[i].data, 1315 priv.elements[i].length, NULL); 1316 if (bn == NULL) 1317 DST_RET(ISC_R_NOMEMORY); 1318 } 1319 1320 switch (priv.elements[i].tag) { 1321 case TAG_RSA_MODULUS: 1322 rsa->n = bn; 1323 break; 1324 case TAG_RSA_PUBLICEXPONENT: 1325 rsa->e = bn; 1326 break; 1327 case TAG_RSA_PRIVATEEXPONENT: 1328 rsa->d = bn; 1329 break; 1330 case TAG_RSA_PRIME1: 1331 rsa->p = bn; 1332 break; 1333 case TAG_RSA_PRIME2: 1334 rsa->q = bn; 1335 break; 1336 case TAG_RSA_EXPONENT1: 1337 rsa->dmp1 = bn; 1338 break; 1339 case TAG_RSA_EXPONENT2: 1340 rsa->dmq1 = bn; 1341 break; 1342 case TAG_RSA_COEFFICIENT: 1343 rsa->iqmp = bn; 1344 break; 1345 } 1346 } 1347 dst__privstruct_free(&priv, mctx); 1348 memset(&priv, 0, sizeof(priv)); 1349 1350 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) 1351 DST_RET(DST_R_INVALIDPRIVATEKEY); 1352 if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) 1353 DST_RET(ISC_R_RANGE); 1354 key->key_size = BN_num_bits(rsa->n); 1355 if (pubrsa != NULL) 1356 RSA_free(pubrsa); 1357 #if USE_EVP 1358 RSA_free(rsa); 1359 #endif 1360 1361 return (ISC_R_SUCCESS); 1362 1363 err: 1364 #if USE_EVP 1365 if (pkey != NULL) 1366 EVP_PKEY_free(pkey); 1367 #endif 1368 if (rsa != NULL) 1369 RSA_free(rsa); 1370 if (pubrsa != NULL) 1371 RSA_free(pubrsa); 1372 key->keydata.generic = NULL; 1373 dst__privstruct_free(&priv, mctx); 1374 memset(&priv, 0, sizeof(priv)); 1375 return (ret); 1376 } 1377 1378 static isc_result_t 1379 opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, 1380 const char *pin) 1381 { 1382 #ifdef USE_ENGINE 1383 ENGINE *e = NULL; 1384 isc_result_t ret; 1385 EVP_PKEY *pkey = NULL; 1386 RSA *rsa = NULL, *pubrsa = NULL; 1387 char *colon; 1388 1389 UNUSED(pin); 1390 1391 if (engine == NULL) 1392 DST_RET(DST_R_NOENGINE); 1393 e = dst__openssl_getengine(engine); 1394 if (e == NULL) 1395 DST_RET(DST_R_NOENGINE); 1396 pkey = ENGINE_load_public_key(e, label, NULL, NULL); 1397 if (pkey != NULL) { 1398 pubrsa = EVP_PKEY_get1_RSA(pkey); 1399 EVP_PKEY_free(pkey); 1400 if (pubrsa == NULL) 1401 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1402 } 1403 pkey = ENGINE_load_private_key(e, label, NULL, NULL); 1404 if (pkey == NULL) 1405 DST_RET(dst__openssl_toresult2("ENGINE_load_private_key", 1406 ISC_R_NOTFOUND)); 1407 if (engine != NULL) { 1408 key->engine = isc_mem_strdup(key->mctx, engine); 1409 if (key->engine == NULL) 1410 DST_RET(ISC_R_NOMEMORY); 1411 } else { 1412 key->engine = isc_mem_strdup(key->mctx, label); 1413 if (key->engine == NULL) 1414 DST_RET(ISC_R_NOMEMORY); 1415 colon = strchr(key->engine, ':'); 1416 if (colon != NULL) 1417 *colon = '\0'; 1418 } 1419 key->label = isc_mem_strdup(key->mctx, label); 1420 if (key->label == NULL) 1421 DST_RET(ISC_R_NOMEMORY); 1422 rsa = EVP_PKEY_get1_RSA(pkey); 1423 if (rsa == NULL) 1424 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1425 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) 1426 DST_RET(DST_R_INVALIDPRIVATEKEY); 1427 if (BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) 1428 DST_RET(ISC_R_RANGE); 1429 if (pubrsa != NULL) 1430 RSA_free(pubrsa); 1431 key->key_size = EVP_PKEY_bits(pkey); 1432 #if USE_EVP 1433 key->keydata.pkey = pkey; 1434 RSA_free(rsa); 1435 #else 1436 key->keydata.rsa = rsa; 1437 EVP_PKEY_free(pkey); 1438 #endif 1439 return (ISC_R_SUCCESS); 1440 1441 err: 1442 if (rsa != NULL) 1443 RSA_free(rsa); 1444 if (pubrsa != NULL) 1445 RSA_free(pubrsa); 1446 if (pkey != NULL) 1447 EVP_PKEY_free(pkey); 1448 return (ret); 1449 #else 1450 UNUSED(key); 1451 UNUSED(engine); 1452 UNUSED(label); 1453 UNUSED(pin); 1454 return(DST_R_NOENGINE); 1455 #endif 1456 } 1457 1458 static dst_func_t opensslrsa_functions = { 1459 opensslrsa_createctx, 1460 NULL, /*%< createctx2 */ 1461 opensslrsa_destroyctx, 1462 opensslrsa_adddata, 1463 opensslrsa_sign, 1464 opensslrsa_verify, 1465 opensslrsa_verify2, 1466 NULL, /*%< computesecret */ 1467 opensslrsa_compare, 1468 NULL, /*%< paramcompare */ 1469 opensslrsa_generate, 1470 opensslrsa_isprivate, 1471 opensslrsa_destroy, 1472 opensslrsa_todns, 1473 opensslrsa_fromdns, 1474 opensslrsa_tofile, 1475 opensslrsa_parse, 1476 NULL, /*%< cleanup */ 1477 opensslrsa_fromlabel, 1478 NULL, /*%< dump */ 1479 NULL, /*%< restore */ 1480 }; 1481 1482 isc_result_t 1483 dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) { 1484 REQUIRE(funcp != NULL); 1485 1486 if (*funcp == NULL) { 1487 switch (algorithm) { 1488 case DST_ALG_RSASHA256: 1489 #if defined(HAVE_EVP_SHA256) || !USE_EVP 1490 *funcp = &opensslrsa_functions; 1491 #endif 1492 break; 1493 case DST_ALG_RSASHA512: 1494 #if defined(HAVE_EVP_SHA512) || !USE_EVP 1495 *funcp = &opensslrsa_functions; 1496 #endif 1497 break; 1498 default: 1499 *funcp = &opensslrsa_functions; 1500 break; 1501 } 1502 } 1503 return (ISC_R_SUCCESS); 1504 } 1505 1506 #else /* OPENSSL */ 1507 1508 #include <isc/util.h> 1509 1510 EMPTY_TRANSLATION_UNIT 1511 1512 #endif /* OPENSSL */ 1513 /*! \file */ 1514