2 * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 2000-2003 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
19 * Principal Author: Brian Wellington
20 * $Id: opensslrsa_link.c,v 1.20.50.11 2011-03-12 04:57:27 tbox Exp $
26 #if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA512)
33 #include <isc/entropy.h>
38 #include <isc/string.h>
41 #include <dst/result.h>
43 #include "dst_internal.h"
44 #include "dst_openssl.h"
45 #include "dst_parse.h"
47 #include <openssl/err.h>
48 #include <openssl/objects.h>
49 #include <openssl/rsa.h>
50 #if OPENSSL_VERSION_NUMBER > 0x00908000L
51 #include <openssl/bn.h>
54 #include <openssl/engine.h>
58 * We don't use configure for windows so enforce the OpenSSL version
59 * here. Unlike with configure we don't support overriding this test.
62 #if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \
63 OPENSSL_VERSION_NUMBER < 0x00908000L) || \
64 OPENSSL_VERSION_NUMBER >= 0x0090804fL)
65 #error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater.
71 * XXXMPA Temporarily disable RSA_BLINDING as it requires
72 * good quality random data that cannot currently be guaranteed.
73 * XXXMPA Find which versions of openssl use pseudo random data
74 * and set RSA_FLAG_BLINDING for those.
78 #if OPENSSL_VERSION_NUMBER < 0x0090601fL
79 #define SET_FLAGS(rsa) \
81 (rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \
82 (rsa)->flags |= RSA_FLAG_BLINDING; \
85 #define SET_FLAGS(rsa) \
87 (rsa)->flags |= RSA_FLAG_BLINDING; \
92 #if OPENSSL_VERSION_NUMBER < 0x0090601fL
93 #define SET_FLAGS(rsa) \
95 (rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \
96 (rsa)->flags &= ~RSA_FLAG_BLINDING; \
98 #elif defined(RSA_FLAG_NO_BLINDING)
99 #define SET_FLAGS(rsa) \
101 (rsa)->flags &= ~RSA_FLAG_BLINDING; \
102 (rsa)->flags |= RSA_FLAG_NO_BLINDING; \
105 #define SET_FLAGS(rsa) \
107 (rsa)->flags &= ~RSA_FLAG_BLINDING; \
111 #define DST_RET(a) {ret = a; goto err;}
113 static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data);
116 opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
118 EVP_MD_CTX *evp_md_ctx;
119 const EVP_MD *type = NULL;
123 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
124 dctx->key->key_alg == DST_ALG_RSASHA1 ||
125 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
126 dctx->key->key_alg == DST_ALG_RSASHA256 ||
127 dctx->key->key_alg == DST_ALG_RSASHA512);
130 evp_md_ctx = EVP_MD_CTX_create();
131 if (evp_md_ctx == NULL)
132 return (ISC_R_NOMEMORY);
134 switch (dctx->key->key_alg) {
136 type = EVP_md5(); /* MD5 + RSA */
138 case DST_ALG_RSASHA1:
139 case DST_ALG_NSEC3RSASHA1:
140 type = EVP_sha1(); /* SHA1 + RSA */
142 #ifdef HAVE_EVP_SHA256
143 case DST_ALG_RSASHA256:
144 type = EVP_sha256(); /* SHA256 + RSA */
147 #ifdef HAVE_EVP_SHA512
148 case DST_ALG_RSASHA512:
156 if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
157 EVP_MD_CTX_destroy(evp_md_ctx);
158 return (ISC_R_FAILURE);
160 dctx->ctxdata.evp_md_ctx = evp_md_ctx;
162 switch (dctx->key->key_alg) {
167 md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t));
169 return (ISC_R_NOMEMORY);
170 isc_md5_init(md5ctx);
171 dctx->ctxdata.md5ctx = md5ctx;
174 case DST_ALG_RSASHA1:
175 case DST_ALG_NSEC3RSASHA1:
179 sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
181 return (ISC_R_NOMEMORY);
182 isc_sha1_init(sha1ctx);
183 dctx->ctxdata.sha1ctx = sha1ctx;
186 case DST_ALG_RSASHA256:
188 isc_sha256_t *sha256ctx;
190 sha256ctx = isc_mem_get(dctx->mctx,
191 sizeof(isc_sha256_t));
192 if (sha256ctx == NULL)
193 return (ISC_R_NOMEMORY);
194 isc_sha256_init(sha256ctx);
195 dctx->ctxdata.sha256ctx = sha256ctx;
198 case DST_ALG_RSASHA512:
200 isc_sha512_t *sha512ctx;
202 sha512ctx = isc_mem_get(dctx->mctx,
203 sizeof(isc_sha512_t));
204 if (sha512ctx == NULL)
205 return (ISC_R_NOMEMORY);
206 isc_sha512_init(sha512ctx);
207 dctx->ctxdata.sha512ctx = sha512ctx;
215 return (ISC_R_SUCCESS);
219 opensslrsa_destroyctx(dst_context_t *dctx) {
221 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
224 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
225 dctx->key->key_alg == DST_ALG_RSASHA1 ||
226 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
227 dctx->key->key_alg == DST_ALG_RSASHA256 ||
228 dctx->key->key_alg == DST_ALG_RSASHA512);
231 if (evp_md_ctx != NULL) {
232 EVP_MD_CTX_destroy(evp_md_ctx);
233 dctx->ctxdata.evp_md_ctx = NULL;
236 switch (dctx->key->key_alg) {
239 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
241 if (md5ctx != NULL) {
242 isc_md5_invalidate(md5ctx);
243 isc_mem_put(dctx->mctx, md5ctx,
245 dctx->ctxdata.md5ctx = NULL;
249 case DST_ALG_RSASHA1:
250 case DST_ALG_NSEC3RSASHA1:
252 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
254 if (sha1ctx != NULL) {
255 isc_sha1_invalidate(sha1ctx);
256 isc_mem_put(dctx->mctx, sha1ctx,
258 dctx->ctxdata.sha1ctx = NULL;
262 case DST_ALG_RSASHA256:
264 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
266 if (sha256ctx != NULL) {
267 isc_sha256_invalidate(sha256ctx);
268 isc_mem_put(dctx->mctx, sha256ctx,
269 sizeof(isc_sha256_t));
270 dctx->ctxdata.sha256ctx = NULL;
274 case DST_ALG_RSASHA512:
276 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
278 if (sha512ctx != NULL) {
279 isc_sha512_invalidate(sha512ctx);
280 isc_mem_put(dctx->mctx, sha512ctx,
281 sizeof(isc_sha512_t));
282 dctx->ctxdata.sha512ctx = NULL;
293 opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
295 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
298 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
299 dctx->key->key_alg == DST_ALG_RSASHA1 ||
300 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
301 dctx->key->key_alg == DST_ALG_RSASHA256 ||
302 dctx->key->key_alg == DST_ALG_RSASHA512);
305 if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
306 return (ISC_R_FAILURE);
309 switch (dctx->key->key_alg) {
312 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
314 isc_md5_update(md5ctx, data->base, data->length);
317 case DST_ALG_RSASHA1:
318 case DST_ALG_NSEC3RSASHA1:
320 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
322 isc_sha1_update(sha1ctx, data->base, data->length);
325 case DST_ALG_RSASHA256:
327 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
329 isc_sha256_update(sha256ctx, data->base, data->length);
332 case DST_ALG_RSASHA512:
334 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
336 isc_sha512_update(sha512ctx, data->base, data->length);
343 return (ISC_R_SUCCESS);
346 #if ! USE_EVP && OPENSSL_VERSION_NUMBER < 0x00908000L
348 * Digest prefixes from RFC 5702.
350 static unsigned char sha256_prefix[] =
351 { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
352 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
353 static unsigned char sha512_prefix[] =
354 { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
355 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40};
356 #define PREFIXLEN sizeof(sha512_prefix)
362 opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
363 dst_key_t *key = dctx->key;
365 unsigned int siglen = 0;
367 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
368 EVP_PKEY *pkey = key->keydata.pkey;
370 RSA *rsa = key->keydata.rsa;
371 /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
372 unsigned char digest[PREFIXLEN + ISC_SHA512_DIGESTLENGTH];
375 unsigned int digestlen = 0;
380 #if OPENSSL_VERSION_NUMBER < 0x00908000L
381 unsigned int prefixlen = 0;
382 const unsigned char *prefix = NULL;
386 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
387 dctx->key->key_alg == DST_ALG_RSASHA1 ||
388 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
389 dctx->key->key_alg == DST_ALG_RSASHA256 ||
390 dctx->key->key_alg == DST_ALG_RSASHA512);
392 isc_buffer_availableregion(sig, &r);
395 if (r.length < (unsigned int) EVP_PKEY_size(pkey))
396 return (ISC_R_NOSPACE);
398 if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) {
399 return (ISC_R_FAILURE);
402 if (r.length < (unsigned int) RSA_size(rsa))
403 return (ISC_R_NOSPACE);
405 switch (dctx->key->key_alg) {
408 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
410 isc_md5_final(md5ctx, digest);
412 digestlen = ISC_MD5_DIGESTLENGTH;
415 case DST_ALG_RSASHA1:
416 case DST_ALG_NSEC3RSASHA1:
418 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
420 isc_sha1_final(sha1ctx, digest);
422 digestlen = ISC_SHA1_DIGESTLENGTH;
425 case DST_ALG_RSASHA256:
427 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
429 isc_sha256_final(digest, sha256ctx);
430 digestlen = ISC_SHA256_DIGESTLENGTH;
431 #if OPENSSL_VERSION_NUMBER < 0x00908000L
432 prefix = sha256_prefix;
433 prefixlen = sizeof(sha256_prefix);
439 case DST_ALG_RSASHA512:
441 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
443 isc_sha512_final(digest, sha512ctx);
444 digestlen = ISC_SHA512_DIGESTLENGTH;
445 #if OPENSSL_VERSION_NUMBER < 0x00908000L
446 prefix = sha512_prefix;
447 prefixlen = sizeof(sha512_prefix);
457 #if OPENSSL_VERSION_NUMBER < 0x00908000L
458 switch (dctx->key->key_alg) {
460 case DST_ALG_RSASHA1:
461 case DST_ALG_NSEC3RSASHA1:
463 status = RSA_sign(type, digest, digestlen, r.base,
467 case DST_ALG_RSASHA256:
468 case DST_ALG_RSASHA512:
469 INSIST(prefix != NULL);
470 INSIST(prefixlen != 0);
471 INSIST(prefixlen + digestlen <= sizeof(digest));
473 memmove(digest + prefixlen, digest, digestlen);
474 memcpy(digest, prefix, prefixlen);
475 status = RSA_private_encrypt(digestlen + prefixlen,
489 status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa);
492 err = ERR_peek_error_line(&file, &line);
494 message = ERR_error_string(err, NULL);
496 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
500 isc_buffer_add(sig, siglen);
502 return (ISC_R_SUCCESS);
506 opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
507 dst_key_t *key = dctx->key;
510 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
511 EVP_PKEY *pkey = key->keydata.pkey;
513 /* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
514 unsigned char digest[ISC_SHA512_DIGESTLENGTH];
516 unsigned int digestlen = 0;
517 RSA *rsa = key->keydata.rsa;
518 #if OPENSSL_VERSION_NUMBER < 0x00908000L
519 unsigned int prefixlen = 0;
520 const unsigned char *prefix = NULL;
524 REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
525 dctx->key->key_alg == DST_ALG_RSASHA1 ||
526 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
527 dctx->key->key_alg == DST_ALG_RSASHA256 ||
528 dctx->key->key_alg == DST_ALG_RSASHA512);
531 status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey);
533 switch (dctx->key->key_alg) {
536 isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
538 isc_md5_final(md5ctx, digest);
540 digestlen = ISC_MD5_DIGESTLENGTH;
543 case DST_ALG_RSASHA1:
544 case DST_ALG_NSEC3RSASHA1:
546 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
548 isc_sha1_final(sha1ctx, digest);
550 digestlen = ISC_SHA1_DIGESTLENGTH;
553 case DST_ALG_RSASHA256:
555 isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
557 isc_sha256_final(digest, sha256ctx);
558 digestlen = ISC_SHA256_DIGESTLENGTH;
559 #if OPENSSL_VERSION_NUMBER < 0x00908000L
560 prefix = sha256_prefix;
561 prefixlen = sizeof(sha256_prefix);
567 case DST_ALG_RSASHA512:
569 isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
571 isc_sha512_final(digest, sha512ctx);
572 digestlen = ISC_SHA512_DIGESTLENGTH;
573 #if OPENSSL_VERSION_NUMBER < 0x00908000L
574 prefix = sha512_prefix;
575 prefixlen = sizeof(sha512_prefix);
585 if (sig->length != (unsigned int) RSA_size(rsa))
586 return (DST_R_VERIFYFAILURE);
588 #if OPENSSL_VERSION_NUMBER < 0x00908000L
589 switch (dctx->key->key_alg) {
591 case DST_ALG_RSASHA1:
592 case DST_ALG_NSEC3RSASHA1:
594 status = RSA_verify(type, digest, digestlen, sig->base,
598 case DST_ALG_RSASHA256:
599 case DST_ALG_RSASHA512:
602 * 1024 is big enough for all valid RSA bit sizes
603 * for use with DNSSEC.
605 unsigned char original[PREFIXLEN + 1024];
607 INSIST(prefix != NULL);
608 INSIST(prefixlen != 0U);
610 if (RSA_size(rsa) > (int)sizeof(original))
611 return (DST_R_VERIFYFAILURE);
613 status = RSA_public_decrypt(sig->length, sig->base,
617 return (DST_R_VERIFYFAILURE);
618 if (status != (int)(prefixlen + digestlen))
619 return (DST_R_VERIFYFAILURE);
620 if (memcmp(original, prefix, prefixlen))
621 return (DST_R_VERIFYFAILURE);
622 if (memcmp(original + prefixlen, digest, digestlen))
623 return (DST_R_VERIFYFAILURE);
633 status = RSA_verify(type, digest, digestlen, sig->base,
638 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
640 return (ISC_R_SUCCESS);
644 opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
646 RSA *rsa1 = NULL, *rsa2 = NULL;
648 EVP_PKEY *pkey1, *pkey2;
652 pkey1 = key1->keydata.pkey;
653 pkey2 = key2->keydata.pkey;
655 * The pkey reference will keep these around after
656 * the RSA_free() call.
659 rsa1 = EVP_PKEY_get1_RSA(pkey1);
663 rsa2 = EVP_PKEY_get1_RSA(pkey2);
667 rsa1 = key1->keydata.rsa;
668 rsa2 = key2->keydata.rsa;
671 if (rsa1 == NULL && rsa2 == NULL)
673 else if (rsa1 == NULL || rsa2 == NULL)
676 status = BN_cmp(rsa1->n, rsa2->n) ||
677 BN_cmp(rsa1->e, rsa2->e);
683 if ((rsa1->flags & RSA_FLAG_EXT_PKEY) != 0 ||
684 (rsa2->flags & RSA_FLAG_EXT_PKEY) != 0) {
685 if ((rsa1->flags & RSA_FLAG_EXT_PKEY) == 0 ||
686 (rsa2->flags & RSA_FLAG_EXT_PKEY) == 0)
689 * Can't compare private parameters, BTW does it make sense?
695 if (rsa1->d != NULL || rsa2->d != NULL) {
696 if (rsa1->d == NULL || rsa2->d == NULL)
698 status = BN_cmp(rsa1->d, rsa2->d) ||
699 BN_cmp(rsa1->p, rsa2->p) ||
700 BN_cmp(rsa1->q, rsa2->q);
709 opensslrsa_generate(dst_key_t *key, int exp) {
710 #if OPENSSL_VERSION_NUMBER > 0x00908000L
712 RSA *rsa = RSA_new();
713 BIGNUM *e = BN_new();
715 EVP_PKEY *pkey = EVP_PKEY_new();
718 if (rsa == NULL || e == NULL)
723 if (!EVP_PKEY_set1_RSA(pkey, rsa))
737 BN_GENCB_set_old(&cb, NULL, NULL);
739 if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
743 key->keydata.pkey = pkey;
747 key->keydata.rsa = rsa;
749 return (ISC_R_SUCCESS);
761 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
766 EVP_PKEY *pkey = EVP_PKEY_new();
769 return (ISC_R_NOMEMORY);
776 rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
781 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
785 if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
788 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
790 key->keydata.pkey = pkey;
793 key->keydata.rsa = rsa;
796 return (ISC_R_SUCCESS);
801 opensslrsa_isprivate(const dst_key_t *key) {
803 RSA *rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
806 /* key->keydata.pkey still has a reference so rsa is still valid. */
808 RSA *rsa = key->keydata.rsa;
810 if (rsa != NULL && (rsa->flags & RSA_FLAG_EXT_PKEY) != 0)
812 return (ISC_TF(rsa != NULL && rsa->d != NULL));
816 opensslrsa_destroy(dst_key_t *key) {
818 EVP_PKEY *pkey = key->keydata.pkey;
820 key->keydata.pkey = NULL;
822 RSA *rsa = key->keydata.rsa;
824 key->keydata.rsa = NULL;
830 opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
832 unsigned int e_bytes;
833 unsigned int mod_bytes;
841 REQUIRE(key->keydata.pkey != NULL);
843 REQUIRE(key->keydata.rsa != NULL);
847 pkey = key->keydata.pkey;
848 rsa = EVP_PKEY_get1_RSA(pkey);
850 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
852 rsa = key->keydata.rsa;
855 isc_buffer_availableregion(data, &r);
857 e_bytes = BN_num_bytes(rsa->e);
858 mod_bytes = BN_num_bytes(rsa->n);
860 if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */
862 DST_RET(ISC_R_NOSPACE);
863 isc_buffer_putuint8(data, (isc_uint8_t) e_bytes);
864 isc_region_consume(&r, 1);
867 DST_RET(ISC_R_NOSPACE);
868 isc_buffer_putuint8(data, 0);
869 isc_buffer_putuint16(data, (isc_uint16_t) e_bytes);
870 isc_region_consume(&r, 3);
873 if (r.length < e_bytes + mod_bytes)
874 DST_RET(ISC_R_NOSPACE);
876 BN_bn2bin(rsa->e, r.base);
877 isc_region_consume(&r, e_bytes);
878 BN_bn2bin(rsa->n, r.base);
880 isc_buffer_add(data, e_bytes + mod_bytes);
892 opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
895 unsigned int e_bytes;
900 isc_buffer_remainingregion(data, &r);
902 return (ISC_R_SUCCESS);
906 return (dst__openssl_toresult(ISC_R_NOMEMORY));
911 return (DST_R_INVALIDPUBLICKEY);
919 return (DST_R_INVALIDPUBLICKEY);
921 e_bytes = ((*r.base++) << 8);
922 e_bytes += *r.base++;
926 if (r.length < e_bytes) {
928 return (DST_R_INVALIDPUBLICKEY);
930 rsa->e = BN_bin2bn(r.base, e_bytes, NULL);
934 rsa->n = BN_bin2bn(r.base, r.length, NULL);
936 key->key_size = BN_num_bits(rsa->n);
938 isc_buffer_forward(data, r.length);
941 pkey = EVP_PKEY_new();
944 return (ISC_R_NOMEMORY);
946 if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
949 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
951 key->keydata.pkey = pkey;
954 key->keydata.rsa = rsa;
957 return (ISC_R_SUCCESS);
961 opensslrsa_tofile(const dst_key_t *key, const char *directory) {
965 unsigned char *bufs[8];
969 if (key->keydata.pkey == NULL)
970 return (DST_R_NULLKEY);
971 rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
973 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
975 if (key->keydata.rsa == NULL)
976 return (DST_R_NULLKEY);
977 rsa = key->keydata.rsa;
980 for (i = 0; i < 8; i++) {
981 bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n));
982 if (bufs[i] == NULL) {
983 result = ISC_R_NOMEMORY;
990 priv.elements[i].tag = TAG_RSA_MODULUS;
991 priv.elements[i].length = BN_num_bytes(rsa->n);
992 BN_bn2bin(rsa->n, bufs[i]);
993 priv.elements[i].data = bufs[i];
996 priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT;
997 priv.elements[i].length = BN_num_bytes(rsa->e);
998 BN_bn2bin(rsa->e, bufs[i]);
999 priv.elements[i].data = bufs[i];
1002 if (rsa->d != NULL) {
1003 priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT;
1004 priv.elements[i].length = BN_num_bytes(rsa->d);
1005 BN_bn2bin(rsa->d, bufs[i]);
1006 priv.elements[i].data = bufs[i];
1010 if (rsa->p != NULL) {
1011 priv.elements[i].tag = TAG_RSA_PRIME1;
1012 priv.elements[i].length = BN_num_bytes(rsa->p);
1013 BN_bn2bin(rsa->p, bufs[i]);
1014 priv.elements[i].data = bufs[i];
1018 if (rsa->q != NULL) {
1019 priv.elements[i].tag = TAG_RSA_PRIME2;
1020 priv.elements[i].length = BN_num_bytes(rsa->q);
1021 BN_bn2bin(rsa->q, bufs[i]);
1022 priv.elements[i].data = bufs[i];
1026 if (rsa->dmp1 != NULL) {
1027 priv.elements[i].tag = TAG_RSA_EXPONENT1;
1028 priv.elements[i].length = BN_num_bytes(rsa->dmp1);
1029 BN_bn2bin(rsa->dmp1, bufs[i]);
1030 priv.elements[i].data = bufs[i];
1034 if (rsa->dmq1 != NULL) {
1035 priv.elements[i].tag = TAG_RSA_EXPONENT2;
1036 priv.elements[i].length = BN_num_bytes(rsa->dmq1);
1037 BN_bn2bin(rsa->dmq1, bufs[i]);
1038 priv.elements[i].data = bufs[i];
1042 if (rsa->iqmp != NULL) {
1043 priv.elements[i].tag = TAG_RSA_COEFFICIENT;
1044 priv.elements[i].length = BN_num_bytes(rsa->iqmp);
1045 BN_bn2bin(rsa->iqmp, bufs[i]);
1046 priv.elements[i].data = bufs[i];
1050 if (key->engine != NULL) {
1051 priv.elements[i].tag = TAG_RSA_ENGINE;
1052 priv.elements[i].length = strlen(key->engine) + 1;
1053 priv.elements[i].data = (unsigned char *)key->engine;
1057 if (key->label != NULL) {
1058 priv.elements[i].tag = TAG_RSA_LABEL;
1059 priv.elements[i].length = strlen(key->label) + 1;
1060 priv.elements[i].data = (unsigned char *)key->label;
1065 result = dst__privstruct_writefile(key, &priv, directory);
1070 for (i = 0; i < 8; i++) {
1071 if (bufs[i] == NULL)
1073 isc_mem_put(key->mctx, bufs[i], BN_num_bytes(rsa->n));
1079 opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer) {
1087 isc_mem_t *mctx = key->mctx;
1088 const char *name = NULL, *label = NULL;
1089 #if defined(USE_ENGINE) || USE_EVP
1090 EVP_PKEY *pkey = NULL;
1093 /* read private key file */
1094 ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
1095 if (ret != ISC_R_SUCCESS)
1098 for (i = 0; i < priv.nelements; i++) {
1099 switch (priv.elements[i].tag) {
1100 case TAG_RSA_ENGINE:
1101 name = (char *)priv.elements[i].data;
1104 label = (char *)priv.elements[i].data;
1111 * Is this key is stored in a HSM?
1112 * See if we can fetch it.
1114 if (name != NULL || label != NULL) {
1116 INSIST(name != NULL);
1117 INSIST(label != NULL);
1118 e = dst__openssl_getengine(name);
1120 DST_RET(DST_R_NOENGINE);
1121 pkey = ENGINE_load_private_key(e, label, NULL, NULL);
1123 /* ERR_print_errors_fp(stderr); */
1124 DST_RET(ISC_R_NOTFOUND);
1126 key->engine = isc_mem_strdup(key->mctx, name);
1127 if (key->engine == NULL)
1128 DST_RET(ISC_R_NOMEMORY);
1129 key->label = isc_mem_strdup(key->mctx, label);
1130 if (key->label == NULL)
1131 DST_RET(ISC_R_NOMEMORY);
1132 key->key_size = EVP_PKEY_bits(pkey);
1134 key->keydata.pkey = pkey;
1136 key->keydata.rsa = EVP_PKEY_get1_RSA(pkey);
1138 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1139 EVP_PKEY_free(pkey);
1141 dst__privstruct_free(&priv, mctx);
1142 return (ISC_R_SUCCESS);
1144 DST_RET(DST_R_NOENGINE);
1150 DST_RET(ISC_R_NOMEMORY);
1154 pkey = EVP_PKEY_new();
1156 DST_RET(ISC_R_NOMEMORY);
1157 if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
1158 DST_RET(ISC_R_FAILURE);
1160 key->keydata.pkey = pkey;
1162 key->keydata.rsa = rsa;
1165 for (i = 0; i < priv.nelements; i++) {
1167 switch (priv.elements[i].tag) {
1168 case TAG_RSA_ENGINE:
1175 bn = BN_bin2bn(priv.elements[i].data,
1176 priv.elements[i].length, NULL);
1178 DST_RET(ISC_R_NOMEMORY);
1181 switch (priv.elements[i].tag) {
1182 case TAG_RSA_MODULUS:
1185 case TAG_RSA_PUBLICEXPONENT:
1188 case TAG_RSA_PRIVATEEXPONENT:
1191 case TAG_RSA_PRIME1:
1194 case TAG_RSA_PRIME2:
1197 case TAG_RSA_EXPONENT1:
1200 case TAG_RSA_EXPONENT2:
1203 case TAG_RSA_COEFFICIENT:
1208 dst__privstruct_free(&priv, mctx);
1210 key->key_size = BN_num_bits(rsa->n);
1215 return (ISC_R_SUCCESS);
1220 EVP_PKEY_free(pkey);
1224 opensslrsa_destroy(key);
1225 dst__privstruct_free(&priv, mctx);
1226 memset(&priv, 0, sizeof(priv));
1231 opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
1237 EVP_PKEY *pkey = NULL;
1241 e = dst__openssl_getengine(engine);
1243 DST_RET(DST_R_NOENGINE);
1244 pkey = ENGINE_load_private_key(e, label, NULL, NULL);
1246 DST_RET(ISC_R_NOTFOUND);
1247 key->engine = isc_mem_strdup(key->mctx, label);
1248 if (key->engine == NULL)
1249 DST_RET(ISC_R_NOMEMORY);
1250 key->label = isc_mem_strdup(key->mctx, label);
1251 if (key->label == NULL)
1252 DST_RET(ISC_R_NOMEMORY);
1253 key->key_size = EVP_PKEY_bits(pkey);
1255 key->keydata.pkey = pkey;
1257 key->keydata.rsa = EVP_PKEY_get1_RSA(pkey);
1258 EVP_PKEY_free(pkey);
1259 if (key->keydata.rsa == NULL)
1260 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1262 return (ISC_R_SUCCESS);
1266 EVP_PKEY_free(pkey);
1273 return(DST_R_NOENGINE);
1277 static dst_func_t opensslrsa_functions = {
1278 opensslrsa_createctx,
1279 opensslrsa_destroyctx,
1283 NULL, /*%< computesecret */
1285 NULL, /*%< paramcompare */
1286 opensslrsa_generate,
1287 opensslrsa_isprivate,
1293 NULL, /*%< cleanup */
1294 opensslrsa_fromlabel,
1298 dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) {
1299 REQUIRE(funcp != NULL);
1301 if (*funcp == NULL) {
1302 switch (algorithm) {
1303 case DST_ALG_RSASHA256:
1304 #if defined(HAVE_EVP_SHA256) || !USE_EVP
1305 *funcp = &opensslrsa_functions;
1308 case DST_ALG_RSASHA512:
1309 #if defined(HAVE_EVP_SHA512) || !USE_EVP
1310 *funcp = &opensslrsa_functions;
1314 *funcp = &opensslrsa_functions;
1318 return (ISC_R_SUCCESS);
1323 #include <isc/util.h>
1325 EMPTY_TRANSLATION_UNIT
1327 #endif /* OPENSSL */