1/* $NetBSD: opensslrsa_link.c,v 1.11 2024/02/21 22:52:07 christos Exp $ */ 2 3/* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16/*! \file */ 17 18#include <inttypes.h> 19#include <stdbool.h> 20 21#include <openssl/bn.h> 22#include <openssl/opensslv.h> 23#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 24#include <openssl/core_names.h> 25#endif 26#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 27#include <openssl/engine.h> 28#endif /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */ 29#include <openssl/err.h> 30#include <openssl/objects.h> 31#if OPENSSL_VERSION_NUMBER >= 0x30000000L && OPENSSL_API_LEVEL >= 30000 32#include <openssl/param_build.h> 33#endif 34#include <openssl/rsa.h> 35 36#include <isc/mem.h> 37#include <isc/result.h> 38#include <isc/safe.h> 39#include <isc/string.h> 40#include <isc/util.h> 41 42#include "dst_internal.h" 43#include "dst_openssl.h" 44#include "dst_parse.h" 45#include "openssl_shim.h" 46 47#define DST_RET(a) \ 48 { \ 49 ret = a; \ 50 goto err; \ 51 } 52 53static isc_result_t 54opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) { 55 EVP_MD_CTX *evp_md_ctx; 56 const EVP_MD *type = NULL; 57 58 UNUSED(key); 59 REQUIRE(dctx != NULL && dctx->key != NULL); 60 REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || 61 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 62 dctx->key->key_alg == DST_ALG_RSASHA256 || 63 dctx->key->key_alg == DST_ALG_RSASHA512); 64 65 /* 66 * Reject incorrect RSA key lengths. 67 */ 68 switch (dctx->key->key_alg) { 69 case DST_ALG_RSASHA1: 70 case DST_ALG_NSEC3RSASHA1: 71 /* From RFC 3110 */ 72 if (dctx->key->key_size > 4096) { 73 return (ISC_R_FAILURE); 74 } 75 break; 76 case DST_ALG_RSASHA256: 77 /* From RFC 5702 */ 78 if (dctx->key->key_size < 512 || dctx->key->key_size > 4096) { 79 return (ISC_R_FAILURE); 80 } 81 break; 82 case DST_ALG_RSASHA512: 83 /* From RFC 5702 */ 84 if (dctx->key->key_size < 1024 || dctx->key->key_size > 4096) { 85 return (ISC_R_FAILURE); 86 } 87 break; 88 default: 89 UNREACHABLE(); 90 } 91 92 evp_md_ctx = EVP_MD_CTX_create(); 93 if (evp_md_ctx == NULL) { 94 return (dst__openssl_toresult(ISC_R_NOMEMORY)); 95 } 96 97 switch (dctx->key->key_alg) { 98 case DST_ALG_RSASHA1: 99 case DST_ALG_NSEC3RSASHA1: 100 type = EVP_sha1(); /* SHA1 + RSA */ 101 break; 102 case DST_ALG_RSASHA256: 103 type = EVP_sha256(); /* SHA256 + RSA */ 104 break; 105 case DST_ALG_RSASHA512: 106 type = EVP_sha512(); 107 break; 108 default: 109 UNREACHABLE(); 110 } 111 112 if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) { 113 EVP_MD_CTX_destroy(evp_md_ctx); 114 return (dst__openssl_toresult3( 115 dctx->category, "EVP_DigestInit_ex", ISC_R_FAILURE)); 116 } 117 dctx->ctxdata.evp_md_ctx = evp_md_ctx; 118 119 return (ISC_R_SUCCESS); 120} 121 122static void 123opensslrsa_destroyctx(dst_context_t *dctx) { 124 EVP_MD_CTX *evp_md_ctx = NULL; 125 126 REQUIRE(dctx != NULL && dctx->key != NULL); 127 REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || 128 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 129 dctx->key->key_alg == DST_ALG_RSASHA256 || 130 dctx->key->key_alg == DST_ALG_RSASHA512); 131 132 evp_md_ctx = dctx->ctxdata.evp_md_ctx; 133 134 if (evp_md_ctx != NULL) { 135 EVP_MD_CTX_destroy(evp_md_ctx); 136 dctx->ctxdata.evp_md_ctx = NULL; 137 } 138} 139 140static isc_result_t 141opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) { 142 EVP_MD_CTX *evp_md_ctx = NULL; 143 144 REQUIRE(dctx != NULL && dctx->key != NULL); 145 REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || 146 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 147 dctx->key->key_alg == DST_ALG_RSASHA256 || 148 dctx->key->key_alg == DST_ALG_RSASHA512); 149 150 evp_md_ctx = dctx->ctxdata.evp_md_ctx; 151 152 if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) { 153 return (dst__openssl_toresult3( 154 dctx->category, "EVP_DigestUpdate", ISC_R_FAILURE)); 155 } 156 return (ISC_R_SUCCESS); 157} 158 159static isc_result_t 160opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) { 161 dst_key_t *key = NULL; 162 isc_region_t r; 163 unsigned int siglen = 0; 164 EVP_MD_CTX *evp_md_ctx = NULL; 165 EVP_PKEY *pkey = NULL; 166 167 REQUIRE(dctx != NULL && dctx->key != NULL); 168 REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || 169 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 170 dctx->key->key_alg == DST_ALG_RSASHA256 || 171 dctx->key->key_alg == DST_ALG_RSASHA512); 172 173 key = dctx->key; 174 evp_md_ctx = dctx->ctxdata.evp_md_ctx; 175 pkey = key->keydata.pkey; 176 177 isc_buffer_availableregion(sig, &r); 178 179 if (r.length < (unsigned int)EVP_PKEY_size(pkey)) { 180 return (ISC_R_NOSPACE); 181 } 182 183 if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) { 184 return (dst__openssl_toresult3(dctx->category, "EVP_SignFinal", 185 ISC_R_FAILURE)); 186 } 187 188 isc_buffer_add(sig, siglen); 189 190 return (ISC_R_SUCCESS); 191} 192 193static isc_result_t 194opensslrsa_verify2(dst_context_t *dctx, int maxbits, const isc_region_t *sig) { 195 dst_key_t *key = NULL; 196 int status = 0; 197#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 198 RSA *rsa; 199 const BIGNUM *e = NULL; 200#else 201 BIGNUM *e = NULL; 202#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 203 EVP_MD_CTX *evp_md_ctx = NULL; 204 EVP_PKEY *pkey = NULL; 205 int bits; 206 207 REQUIRE(dctx != NULL && dctx->key != NULL); 208 REQUIRE(dctx->key->key_alg == DST_ALG_RSASHA1 || 209 dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 || 210 dctx->key->key_alg == DST_ALG_RSASHA256 || 211 dctx->key->key_alg == DST_ALG_RSASHA512); 212 213 key = dctx->key; 214 evp_md_ctx = dctx->ctxdata.evp_md_ctx; 215 pkey = key->keydata.pkey; 216 217#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 218 rsa = EVP_PKEY_get1_RSA(pkey); 219 if (rsa == NULL) { 220 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 221 } 222 RSA_get0_key(rsa, NULL, &e, NULL); 223 if (e == NULL) { 224 RSA_free(rsa); 225 return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); 226 } 227 bits = BN_num_bits(e); 228 RSA_free(rsa); 229#else 230 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e); 231 if (e == NULL) { 232 return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); 233 } 234 bits = BN_num_bits(e); 235 BN_free(e); 236#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 237 238 if (bits > maxbits && maxbits != 0) { 239 return (DST_R_VERIFYFAILURE); 240 } 241 242 status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey); 243 switch (status) { 244 case 1: 245 return (ISC_R_SUCCESS); 246 case 0: 247 return (dst__openssl_toresult(DST_R_VERIFYFAILURE)); 248 default: 249 return (dst__openssl_toresult3(dctx->category, 250 "EVP_VerifyFinal", 251 DST_R_VERIFYFAILURE)); 252 } 253} 254 255static isc_result_t 256opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) { 257 return (opensslrsa_verify2(dctx, 0, sig)); 258} 259 260static bool 261opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) { 262 bool ret; 263 int status; 264 EVP_PKEY *pkey1 = key1->keydata.pkey; 265 EVP_PKEY *pkey2 = key2->keydata.pkey; 266#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 267 RSA *rsa1 = NULL; 268 RSA *rsa2 = NULL; 269 const BIGNUM *d1 = NULL, *d2 = NULL; 270 const BIGNUM *p1 = NULL, *p2 = NULL; 271 const BIGNUM *q1 = NULL, *q2 = NULL; 272#else 273 BIGNUM *d1 = NULL, *d2 = NULL; 274 BIGNUM *p1 = NULL, *p2 = NULL; 275 BIGNUM *q1 = NULL, *q2 = NULL; 276#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 277 278 if (pkey1 == NULL && pkey2 == NULL) { 279 return (true); 280 } else if (pkey1 == NULL || pkey2 == NULL) { 281 return (false); 282 } 283 284 /* `EVP_PKEY_eq` checks only the public key components and paramters. */ 285 status = EVP_PKEY_eq(pkey1, pkey2); 286 if (status != 1) { 287 DST_RET(false); 288 } 289 290#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 291 rsa1 = EVP_PKEY_get1_RSA(pkey1); 292 rsa2 = EVP_PKEY_get1_RSA(pkey2); 293 if (rsa1 == NULL && rsa2 == NULL) { 294 DST_RET(true); 295 } else if (rsa1 == NULL || rsa2 == NULL) { 296 DST_RET(false); 297 } 298 RSA_get0_key(rsa1, NULL, NULL, &d1); 299 RSA_get0_key(rsa2, NULL, NULL, &d2); 300#else 301 EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_RSA_D, &d1); 302 EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_RSA_D, &d2); 303 ERR_clear_error(); 304#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 305 306 if (d1 != NULL || d2 != NULL) { 307 if (d1 == NULL || d2 == NULL) { 308 DST_RET(false); 309 } 310 311#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 312 RSA_get0_factors(rsa1, &p1, &q1); 313 RSA_get0_factors(rsa2, &p2, &q2); 314#else 315 EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_RSA_FACTOR1, &p1); 316 EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_RSA_FACTOR2, &q1); 317 EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_RSA_FACTOR1, &p2); 318 EVP_PKEY_get_bn_param(pkey2, OSSL_PKEY_PARAM_RSA_FACTOR2, &q2); 319 ERR_clear_error(); 320#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 321 322 if (BN_cmp(d1, d2) != 0 || BN_cmp(p1, p2) != 0 || 323 BN_cmp(q1, q2) != 0) 324 { 325 DST_RET(false); 326 } 327 } 328 329 ret = true; 330 331err: 332#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 333 if (rsa1 != NULL) { 334 RSA_free(rsa1); 335 } 336 if (rsa2 != NULL) { 337 RSA_free(rsa2); 338 } 339#else 340 if (d1 != NULL) { 341 BN_clear_free(d1); 342 } 343 if (d2 != NULL) { 344 BN_clear_free(d2); 345 } 346 if (p1 != NULL) { 347 BN_clear_free(p1); 348 } 349 if (p2 != NULL) { 350 BN_clear_free(p2); 351 } 352 if (q1 != NULL) { 353 BN_clear_free(q1); 354 } 355 if (q2 != NULL) { 356 BN_clear_free(q2); 357 } 358#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 359 360 return (ret); 361} 362 363#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 364static int 365progress_cb(int p, int n, BN_GENCB *cb) { 366 union { 367 void *dptr; 368 void (*fptr)(int); 369 } u; 370 371 UNUSED(n); 372 373 u.dptr = BN_GENCB_get_arg(cb); 374 if (u.fptr != NULL) { 375 u.fptr(p); 376 } 377 return (1); 378} 379#else 380static int 381progress_cb(EVP_PKEY_CTX *ctx) { 382 union { 383 void *dptr; 384 void (*fptr)(int); 385 } u; 386 387 u.dptr = EVP_PKEY_CTX_get_app_data(ctx); 388 if (u.fptr != NULL) { 389 int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); 390 u.fptr(p); 391 } 392 return (1); 393} 394#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 395 396static isc_result_t 397opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) { 398 isc_result_t ret; 399 union { 400 void *dptr; 401 void (*fptr)(int); 402 } u; 403 BIGNUM *e = BN_new(); 404#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 405 RSA *rsa = RSA_new(); 406 EVP_PKEY *pkey = EVP_PKEY_new(); 407#if !HAVE_BN_GENCB_NEW 408 BN_GENCB _cb; 409#endif /* !HAVE_BN_GENCB_NEW */ 410 BN_GENCB *cb = BN_GENCB_new(); 411#else 412 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 413 EVP_PKEY *pkey = NULL; 414#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 415 416#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 417 if (e == NULL || rsa == NULL || pkey == NULL || cb == NULL) { 418 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 419 } 420#else 421 if (e == NULL || ctx == NULL) { 422 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 423 } 424#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 425 426 /* 427 * Reject incorrect RSA key lengths. 428 */ 429 switch (key->key_alg) { 430 case DST_ALG_RSASHA1: 431 case DST_ALG_NSEC3RSASHA1: 432 /* From RFC 3110 */ 433 if (key->key_size > 4096) { 434 DST_RET(DST_R_INVALIDPARAM); 435 } 436 break; 437 case DST_ALG_RSASHA256: 438 /* From RFC 5702 */ 439 if (key->key_size < 512 || key->key_size > 4096) { 440 DST_RET(DST_R_INVALIDPARAM); 441 } 442 break; 443 case DST_ALG_RSASHA512: 444 /* From RFC 5702 */ 445 if (key->key_size < 1024 || key->key_size > 4096) { 446 DST_RET(DST_R_INVALIDPARAM); 447 } 448 break; 449 default: 450 UNREACHABLE(); 451 } 452 453 if (exp == 0) { 454 /* RSA_F4 0x10001 */ 455 BN_set_bit(e, 0); 456 BN_set_bit(e, 16); 457 } else { 458 /* (phased-out) F5 0x100000001 */ 459 BN_set_bit(e, 0); 460 BN_set_bit(e, 32); 461 } 462 463#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 464 if (EVP_PKEY_set1_RSA(pkey, rsa) != 1) { 465 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 466 } 467 468 if (callback == NULL) { 469 BN_GENCB_set_old(cb, NULL, NULL); 470 } else { 471 u.fptr = callback; 472 BN_GENCB_set(cb, progress_cb, u.dptr); 473 } 474 475 if (RSA_generate_key_ex(rsa, key->key_size, e, cb) != 1) { 476 DST_RET(dst__openssl_toresult2("RSA_generate_key_ex", 477 DST_R_OPENSSLFAILURE)); 478 } 479#else 480 if (EVP_PKEY_keygen_init(ctx) != 1) { 481 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 482 } 483 484 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, (int)key->key_size) != 1) { 485 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 486 } 487 488 if (EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, e) != 1) { 489 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 490 } 491 492 if (callback != NULL) { 493 u.fptr = callback; 494 EVP_PKEY_CTX_set_app_data(ctx, u.dptr); 495 EVP_PKEY_CTX_set_cb(ctx, progress_cb); 496 } 497 498 if (EVP_PKEY_keygen(ctx, &pkey) != 1 || pkey == NULL) { 499 DST_RET(dst__openssl_toresult2("EVP_PKEY_keygen", 500 DST_R_OPENSSLFAILURE)); 501 } 502#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 503 504 key->keydata.pkey = pkey; 505 pkey = NULL; 506 ret = ISC_R_SUCCESS; 507 508err: 509 if (pkey != NULL) { 510 EVP_PKEY_free(pkey); 511 } 512#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 513 if (rsa != NULL) { 514 RSA_free(rsa); 515 } 516 if (cb != NULL) { 517 BN_GENCB_free(cb); 518 } 519#else 520 if (ctx != NULL) { 521 EVP_PKEY_CTX_free(ctx); 522 } 523#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 524 if (e != NULL) { 525 BN_free(e); 526 } 527 return (ret); 528} 529 530static bool 531opensslrsa_isprivate(const dst_key_t *key) { 532 bool ret; 533 EVP_PKEY *pkey; 534#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 535 RSA *rsa; 536 const BIGNUM *d = NULL; 537#else 538 BIGNUM *d = NULL; 539#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 540 541 REQUIRE(key->key_alg == DST_ALG_RSASHA1 || 542 key->key_alg == DST_ALG_NSEC3RSASHA1 || 543 key->key_alg == DST_ALG_RSASHA256 || 544 key->key_alg == DST_ALG_RSASHA512); 545 546 pkey = key->keydata.pkey; 547 if (pkey == NULL) { 548 return (false); 549 } 550 551#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 552 rsa = EVP_PKEY_get1_RSA(pkey); 553 INSIST(rsa != NULL); 554 555 if (RSA_test_flags(rsa, RSA_FLAG_EXT_PKEY) != 0) { 556 ret = true; 557 } else { 558 RSA_get0_key(rsa, NULL, NULL, &d); 559 ret = (d != NULL); 560 } 561 RSA_free(rsa); 562#else 563 ret = (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &d) == 1 && 564 d != NULL); 565 if (d != NULL) { 566 BN_clear_free(d); 567 } else { 568 ERR_clear_error(); 569 } 570#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 571 572 return (ret); 573} 574 575static void 576opensslrsa_destroy(dst_key_t *key) { 577 EVP_PKEY *pkey = key->keydata.pkey; 578 579 if (pkey != NULL) { 580 EVP_PKEY_free(pkey); 581 key->keydata.pkey = NULL; 582 } 583} 584 585static isc_result_t 586opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) { 587 isc_region_t r; 588 unsigned int e_bytes; 589 unsigned int mod_bytes; 590 isc_result_t ret; 591 EVP_PKEY *pkey; 592#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 593 RSA *rsa; 594 const BIGNUM *e = NULL, *n = NULL; 595#else 596 BIGNUM *e = NULL, *n = NULL; 597#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 598 599 REQUIRE(key->keydata.pkey != NULL); 600 601 pkey = key->keydata.pkey; 602 isc_buffer_availableregion(data, &r); 603 604#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 605 rsa = EVP_PKEY_get1_RSA(pkey); 606 if (rsa == NULL) { 607 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 608 } 609 RSA_get0_key(rsa, &n, &e, NULL); 610#else 611 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e); 612 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n); 613#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 614 if (e == NULL || n == NULL) { 615 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 616 } 617 618 mod_bytes = BN_num_bytes(n); 619 e_bytes = BN_num_bytes(e); 620 621 if (e_bytes < 256) { /*%< key exponent is <= 2040 bits */ 622 if (r.length < 1) { 623 DST_RET(ISC_R_NOSPACE); 624 } 625 isc_buffer_putuint8(data, (uint8_t)e_bytes); 626 isc_region_consume(&r, 1); 627 } else { 628 if (r.length < 3) { 629 DST_RET(ISC_R_NOSPACE); 630 } 631 isc_buffer_putuint8(data, 0); 632 isc_buffer_putuint16(data, (uint16_t)e_bytes); 633 isc_region_consume(&r, 3); 634 } 635 636 if (r.length < e_bytes + mod_bytes) { 637 DST_RET(ISC_R_NOSPACE); 638 } 639 640 BN_bn2bin(e, r.base); 641 isc_region_consume(&r, e_bytes); 642 BN_bn2bin(n, r.base); 643 isc_region_consume(&r, mod_bytes); 644 645 isc_buffer_add(data, e_bytes + mod_bytes); 646 647 ret = ISC_R_SUCCESS; 648err: 649#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 650 if (rsa != NULL) { 651 RSA_free(rsa); 652 } 653#else 654 if (e != NULL) { 655 BN_free(e); 656 } 657 if (n != NULL) { 658 BN_free(n); 659 } 660#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 661 return (ret); 662} 663 664static isc_result_t 665opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) { 666 isc_result_t ret; 667 int status; 668 isc_region_t r; 669 unsigned int e_bytes; 670 unsigned int length; 671#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 672 RSA *rsa = NULL; 673#else 674 OSSL_PARAM_BLD *bld = NULL; 675 OSSL_PARAM *params = NULL; 676 EVP_PKEY_CTX *ctx = NULL; 677#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 678 EVP_PKEY *pkey = NULL; 679 BIGNUM *e = NULL, *n = NULL; 680 681 REQUIRE(key->key_alg == DST_ALG_RSASHA1 || 682 key->key_alg == DST_ALG_NSEC3RSASHA1 || 683 key->key_alg == DST_ALG_RSASHA256 || 684 key->key_alg == DST_ALG_RSASHA512); 685 686 isc_buffer_remainingregion(data, &r); 687 if (r.length == 0) { 688 DST_RET(ISC_R_SUCCESS); 689 } 690 length = r.length; 691 if (r.length < 1) { 692 DST_RET(DST_R_INVALIDPUBLICKEY); 693 } 694 695 e_bytes = *r.base; 696 isc_region_consume(&r, 1); 697 698 if (e_bytes == 0) { 699 if (r.length < 2) { 700 DST_RET(DST_R_INVALIDPUBLICKEY); 701 } 702 e_bytes = (*r.base) << 8; 703 isc_region_consume(&r, 1); 704 e_bytes += *r.base; 705 isc_region_consume(&r, 1); 706 } 707 708 if (r.length < e_bytes) { 709 DST_RET(DST_R_INVALIDPUBLICKEY); 710 } 711 e = BN_bin2bn(r.base, e_bytes, NULL); 712 isc_region_consume(&r, e_bytes); 713 n = BN_bin2bn(r.base, r.length, NULL); 714 if (e == NULL || n == NULL) { 715 DST_RET(ISC_R_NOMEMORY); 716 } 717 718 key->key_size = BN_num_bits(n); 719 720 isc_buffer_forward(data, length); 721 722#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 723 rsa = RSA_new(); 724 if (rsa == NULL) { 725 DST_RET(dst__openssl_toresult2("RSA_new", 726 DST_R_OPENSSLFAILURE)); 727 } 728 status = RSA_set0_key(rsa, n, e, NULL); 729 if (status != 1) { 730 DST_RET(dst__openssl_toresult2("RSA_set0_key", 731 DST_R_OPENSSLFAILURE)); 732 } 733 734 /* These are now managed by OpenSSL. */ 735 n = NULL; 736 e = NULL; 737 738 pkey = EVP_PKEY_new(); 739 if (pkey == NULL) { 740 DST_RET(dst__openssl_toresult2("EVP_PKEY_new", 741 DST_R_OPENSSLFAILURE)); 742 } 743 status = EVP_PKEY_set1_RSA(pkey, rsa); 744 if (status != 1) { 745 DST_RET(dst__openssl_toresult2("EVP_PKEY_set1_RSA", 746 DST_R_OPENSSLFAILURE)); 747 } 748#else 749 bld = OSSL_PARAM_BLD_new(); 750 if (bld == NULL) { 751 DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_new", 752 DST_R_OPENSSLFAILURE)); 753 } 754 if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n) != 1 || 755 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e) != 1) 756 { 757 DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN", 758 DST_R_OPENSSLFAILURE)); 759 } 760 params = OSSL_PARAM_BLD_to_param(bld); 761 if (params == NULL) { 762 DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_to_param", 763 DST_R_OPENSSLFAILURE)); 764 } 765 ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 766 if (ctx == NULL) { 767 DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name", 768 DST_R_OPENSSLFAILURE)); 769 } 770 status = EVP_PKEY_fromdata_init(ctx); 771 if (status != 1) { 772 DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata_init", 773 DST_R_OPENSSLFAILURE)); 774 } 775 status = EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params); 776 if (status != 1 || pkey == NULL) { 777 DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata", 778 DST_R_OPENSSLFAILURE)); 779 } 780#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 781 782 key->keydata.pkey = pkey; 783 pkey = NULL; 784 ret = ISC_R_SUCCESS; 785 786err: 787 788#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 789 if (rsa != NULL) { 790 RSA_free(rsa); 791 } 792#else 793 if (ctx != NULL) { 794 EVP_PKEY_CTX_free(ctx); 795 } 796 if (params != NULL) { 797 OSSL_PARAM_free(params); 798 } 799 if (bld != NULL) { 800 OSSL_PARAM_BLD_free(bld); 801 } 802#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 803 if (n != NULL) { 804 BN_free(n); 805 } 806 if (e != NULL) { 807 BN_free(e); 808 } 809 if (pkey != NULL) { 810 EVP_PKEY_free(pkey); 811 } 812 813 return (ret); 814} 815 816static isc_result_t 817opensslrsa_tofile(const dst_key_t *key, const char *directory) { 818 isc_result_t ret; 819 dst_private_t priv = { 0 }; 820 unsigned char *bufs[8] = { NULL }; 821 unsigned short i = 0; 822 EVP_PKEY *pkey; 823#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 824 RSA *rsa = NULL; 825 const BIGNUM *n = NULL, *e = NULL, *d = NULL; 826 const BIGNUM *p = NULL, *q = NULL; 827 const BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; 828#else 829 BIGNUM *n = NULL, *e = NULL, *d = NULL; 830 BIGNUM *p = NULL, *q = NULL; 831 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; 832#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 833 834 if (key->keydata.pkey == NULL) { 835 DST_RET(DST_R_NULLKEY); 836 } 837 838 if (key->external) { 839 return (dst__privstruct_writefile(key, &priv, directory)); 840 } 841 842 pkey = key->keydata.pkey; 843#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 844 rsa = EVP_PKEY_get1_RSA(pkey); 845 if (rsa == NULL) { 846 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 847 } 848 RSA_get0_key(rsa, &n, &e, &d); 849 RSA_get0_factors(rsa, &p, &q); 850 RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); 851#else 852 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n); 853 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e); 854 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &d); 855 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &p); 856 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &q); 857 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &dmp1); 858 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &dmq1); 859 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &iqmp); 860 ERR_clear_error(); 861#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 862 863 if (n == NULL || e == NULL) { 864 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 865 } 866 867 priv.elements[i].tag = TAG_RSA_MODULUS; 868 priv.elements[i].length = BN_num_bytes(n); 869 bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); 870 BN_bn2bin(n, bufs[i]); 871 priv.elements[i].data = bufs[i]; 872 i++; 873 874 priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT; 875 priv.elements[i].length = BN_num_bytes(e); 876 bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); 877 BN_bn2bin(e, bufs[i]); 878 priv.elements[i].data = bufs[i]; 879 i++; 880 881 if (d != NULL) { 882 priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT; 883 priv.elements[i].length = BN_num_bytes(d); 884 INSIST(i < ARRAY_SIZE(bufs)); 885 bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); 886 BN_bn2bin(d, bufs[i]); 887 priv.elements[i].data = bufs[i]; 888 i++; 889 } 890 891 if (p != NULL) { 892 priv.elements[i].tag = TAG_RSA_PRIME1; 893 priv.elements[i].length = BN_num_bytes(p); 894 INSIST(i < ARRAY_SIZE(bufs)); 895 bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); 896 BN_bn2bin(p, bufs[i]); 897 priv.elements[i].data = bufs[i]; 898 i++; 899 } 900 901 if (q != NULL) { 902 priv.elements[i].tag = TAG_RSA_PRIME2; 903 priv.elements[i].length = BN_num_bytes(q); 904 INSIST(i < ARRAY_SIZE(bufs)); 905 bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); 906 BN_bn2bin(q, bufs[i]); 907 priv.elements[i].data = bufs[i]; 908 i++; 909 } 910 911 if (dmp1 != NULL) { 912 priv.elements[i].tag = TAG_RSA_EXPONENT1; 913 priv.elements[i].length = BN_num_bytes(dmp1); 914 INSIST(i < ARRAY_SIZE(bufs)); 915 bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); 916 BN_bn2bin(dmp1, bufs[i]); 917 priv.elements[i].data = bufs[i]; 918 i++; 919 } 920 921 if (dmq1 != NULL) { 922 priv.elements[i].tag = TAG_RSA_EXPONENT2; 923 priv.elements[i].length = BN_num_bytes(dmq1); 924 INSIST(i < ARRAY_SIZE(bufs)); 925 bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); 926 BN_bn2bin(dmq1, bufs[i]); 927 priv.elements[i].data = bufs[i]; 928 i++; 929 } 930 931 if (iqmp != NULL) { 932 priv.elements[i].tag = TAG_RSA_COEFFICIENT; 933 priv.elements[i].length = BN_num_bytes(iqmp); 934 INSIST(i < ARRAY_SIZE(bufs)); 935 bufs[i] = isc_mem_get(key->mctx, priv.elements[i].length); 936 BN_bn2bin(iqmp, bufs[i]); 937 priv.elements[i].data = bufs[i]; 938 i++; 939 } 940 941 if (key->engine != NULL) { 942 priv.elements[i].tag = TAG_RSA_ENGINE; 943 priv.elements[i].length = (unsigned short)strlen(key->engine) + 944 1; 945 priv.elements[i].data = (unsigned char *)key->engine; 946 i++; 947 } 948 949 if (key->label != NULL) { 950 priv.elements[i].tag = TAG_RSA_LABEL; 951 priv.elements[i].length = (unsigned short)strlen(key->label) + 952 1; 953 priv.elements[i].data = (unsigned char *)key->label; 954 i++; 955 } 956 957 priv.nelements = i; 958 ret = dst__privstruct_writefile(key, &priv, directory); 959 960err: 961 for (i = 0; i < ARRAY_SIZE(bufs); i++) { 962 if (bufs[i] != NULL) { 963 isc_mem_put(key->mctx, bufs[i], 964 priv.elements[i].length); 965 } 966 } 967#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 968 RSA_free(rsa); 969#else 970 if (n != NULL) { 971 BN_free(n); 972 } 973 if (e != NULL) { 974 BN_free(e); 975 } 976 if (d != NULL) { 977 BN_clear_free(d); 978 } 979 if (p != NULL) { 980 BN_clear_free(p); 981 } 982 if (q != NULL) { 983 BN_clear_free(q); 984 } 985 if (dmp1 != NULL) { 986 BN_clear_free(dmp1); 987 } 988 if (dmq1 != NULL) { 989 BN_clear_free(dmq1); 990 } 991 if (iqmp != NULL) { 992 BN_clear_free(iqmp); 993 } 994#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 995 996 return (ret); 997} 998 999#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 1000static isc_result_t 1001rsa_check(RSA *rsa, RSA *pub) { 1002 const BIGNUM *n1 = NULL, *n2 = NULL; 1003 const BIGNUM *e1 = NULL, *e2 = NULL; 1004 BIGNUM *n = NULL, *e = NULL; 1005 1006 /* 1007 * Public parameters should be the same but if they are not set 1008 * copy them from the public key. 1009 */ 1010 if (pub != NULL) { 1011 RSA_get0_key(rsa, &n1, &e1, NULL); 1012 RSA_get0_key(pub, &n2, &e2, NULL); 1013 if (n1 != NULL) { 1014 if (BN_cmp(n1, n2) != 0) { 1015 return (DST_R_INVALIDPRIVATEKEY); 1016 } 1017 } else { 1018 n = BN_dup(n2); 1019 if (n == NULL) { 1020 return (ISC_R_NOMEMORY); 1021 } 1022 } 1023 if (e1 != NULL) { 1024 if (BN_cmp(e1, e2) != 0) { 1025 if (n != NULL) { 1026 BN_free(n); 1027 } 1028 return (DST_R_INVALIDPRIVATEKEY); 1029 } 1030 } else { 1031 e = BN_dup(e2); 1032 if (e == NULL) { 1033 if (n != NULL) { 1034 BN_free(n); 1035 } 1036 return (ISC_R_NOMEMORY); 1037 } 1038 } 1039 if (RSA_set0_key(rsa, n, e, NULL) == 0) { 1040 if (n != NULL) { 1041 BN_free(n); 1042 } 1043 if (e != NULL) { 1044 BN_free(e); 1045 } 1046 } 1047 } 1048 1049 RSA_get0_key(rsa, &n1, &e1, NULL); 1050 if (n1 == NULL || e1 == NULL) { 1051 return (DST_R_INVALIDPRIVATEKEY); 1052 } 1053 1054 return (ISC_R_SUCCESS); 1055} 1056#else 1057static isc_result_t 1058rsa_check(EVP_PKEY *pkey, EVP_PKEY *pubpkey) { 1059 isc_result_t ret = ISC_R_FAILURE; 1060 int status; 1061 BIGNUM *n1 = NULL, *n2 = NULL; 1062 BIGNUM *e1 = NULL, *e2 = NULL; 1063 1064 /* Try to get the public key from pkey. */ 1065 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n1); 1066 EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e1); 1067 1068 /* Check if `pubpkey` exists and that we can extract its public key. */ 1069 if (pubpkey == NULL || 1070 EVP_PKEY_get_bn_param(pubpkey, OSSL_PKEY_PARAM_RSA_N, &n2) != 1 || 1071 n2 == NULL || 1072 EVP_PKEY_get_bn_param(pubpkey, OSSL_PKEY_PARAM_RSA_E, &e2) != 1 || 1073 e2 == NULL) 1074 { 1075 if (n1 == NULL || e1 == NULL) { 1076 /* No public key both in `pkey` and in `pubpkey`. */ 1077 DST_RET(DST_R_INVALIDPRIVATEKEY); 1078 } else { 1079 /* 1080 * `pkey` has a public key, but there is no public key 1081 * in `pubpkey` to check against. 1082 */ 1083 DST_RET(ISC_R_SUCCESS); 1084 } 1085 } 1086 1087 /* 1088 * If `pkey` doesn't have a public key then we will copy it from 1089 * `pubpkey`. 1090 */ 1091 if (n1 == NULL || e1 == NULL) { 1092 status = EVP_PKEY_set_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, n2); 1093 if (status != 1) { 1094 DST_RET(ISC_R_FAILURE); 1095 } 1096 1097 status = EVP_PKEY_set_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, e2); 1098 if (status != 1) { 1099 DST_RET(ISC_R_FAILURE); 1100 } 1101 } 1102 1103 if (EVP_PKEY_eq(pkey, pubpkey) == 1) { 1104 DST_RET(ISC_R_SUCCESS); 1105 } 1106 1107err: 1108 if (n1 != NULL) { 1109 BN_free(n1); 1110 } 1111 if (n2 != NULL) { 1112 BN_free(n2); 1113 } 1114 if (e1 != NULL) { 1115 BN_free(e1); 1116 } 1117 if (e2 != NULL) { 1118 BN_free(e2); 1119 } 1120 1121 return (ret); 1122} 1123#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 1124 1125static isc_result_t 1126opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) { 1127 dst_private_t priv; 1128 isc_result_t ret; 1129 int i; 1130#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 1131 RSA *rsa = NULL, *pubrsa = NULL; 1132#else 1133 OSSL_PARAM_BLD *bld = NULL; 1134 OSSL_PARAM *params = NULL; 1135 EVP_PKEY_CTX *ctx = NULL; 1136#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 1137#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 1138 const BIGNUM *ex = NULL; 1139 ENGINE *ep = NULL; 1140 const char *engine = NULL; 1141#endif /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */ 1142 isc_mem_t *mctx = NULL; 1143 const char *label = NULL; 1144 EVP_PKEY *pkey = NULL; 1145 BIGNUM *n = NULL, *e = NULL, *d = NULL; 1146 BIGNUM *p = NULL, *q = NULL; 1147 BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; 1148 1149 REQUIRE(key != NULL); 1150 REQUIRE(key->key_alg == DST_ALG_RSASHA1 || 1151 key->key_alg == DST_ALG_NSEC3RSASHA1 || 1152 key->key_alg == DST_ALG_RSASHA256 || 1153 key->key_alg == DST_ALG_RSASHA512); 1154 1155 mctx = key->mctx; 1156 1157 /* read private key file */ 1158 ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv); 1159 if (ret != ISC_R_SUCCESS) { 1160 goto err; 1161 } 1162 1163 if (key->external) { 1164 if (priv.nelements != 0 || pub == NULL) { 1165 DST_RET(DST_R_INVALIDPRIVATEKEY); 1166 } 1167 key->keydata.pkey = pub->keydata.pkey; 1168 pub->keydata.pkey = NULL; 1169 key->key_size = pub->key_size; 1170 DST_RET(ISC_R_SUCCESS); 1171 } 1172 1173#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 1174 if (pub != NULL && pub->keydata.pkey != NULL) { 1175 pubrsa = EVP_PKEY_get1_RSA(pub->keydata.pkey); 1176 } 1177#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 1178 1179 for (i = 0; i < priv.nelements; i++) { 1180 switch (priv.elements[i].tag) { 1181#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 1182 case TAG_RSA_ENGINE: 1183 engine = (char *)priv.elements[i].data; 1184 break; 1185#endif 1186 case TAG_RSA_LABEL: 1187 label = (char *)priv.elements[i].data; 1188 break; 1189 default: 1190 break; 1191 } 1192 } 1193 1194 /* 1195 * Is this key stored in a HSM? 1196 * See if we can fetch it. 1197 */ 1198 if (label != NULL) { 1199#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 1200 if (engine == NULL) { 1201 DST_RET(DST_R_NOENGINE); 1202 } 1203 ep = dst__openssl_getengine(engine); 1204 if (ep == NULL) { 1205 DST_RET(dst__openssl_toresult(DST_R_NOENGINE)); 1206 } 1207 pkey = ENGINE_load_private_key(ep, label, NULL, NULL); 1208 if (pkey == NULL) { 1209 DST_RET(dst__openssl_toresult2("ENGINE_load_private_" 1210 "key", 1211 ISC_R_NOTFOUND)); 1212 } 1213 key->engine = isc_mem_strdup(key->mctx, engine); 1214 key->label = isc_mem_strdup(key->mctx, label); 1215 1216 rsa = EVP_PKEY_get1_RSA(pkey); 1217 if (rsa == NULL) { 1218 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1219 } 1220 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) { 1221 DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY)); 1222 } 1223 RSA_get0_key(rsa, NULL, &ex, NULL); 1224 1225 if (ex == NULL) { 1226 DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY)); 1227 } 1228 if (BN_num_bits(ex) > RSA_MAX_PUBEXP_BITS) { 1229 DST_RET(ISC_R_RANGE); 1230 } 1231 1232 key->key_size = EVP_PKEY_bits(pkey); 1233 key->keydata.pkey = pkey; 1234 pkey = NULL; 1235 DST_RET(ISC_R_SUCCESS); 1236#else /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */ 1237 DST_RET(DST_R_NOENGINE); 1238#endif /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */ 1239 } 1240 1241 for (i = 0; i < priv.nelements; i++) { 1242 BIGNUM *bn; 1243 switch (priv.elements[i].tag) { 1244 case TAG_RSA_ENGINE: 1245 continue; 1246 case TAG_RSA_LABEL: 1247 continue; 1248 default: 1249 bn = BN_bin2bn(priv.elements[i].data, 1250 priv.elements[i].length, NULL); 1251 if (bn == NULL) { 1252 DST_RET(ISC_R_NOMEMORY); 1253 } 1254 switch (priv.elements[i].tag) { 1255 case TAG_RSA_MODULUS: 1256 n = bn; 1257 break; 1258 case TAG_RSA_PUBLICEXPONENT: 1259 e = bn; 1260 break; 1261 case TAG_RSA_PRIVATEEXPONENT: 1262 d = bn; 1263 break; 1264 case TAG_RSA_PRIME1: 1265 p = bn; 1266 break; 1267 case TAG_RSA_PRIME2: 1268 q = bn; 1269 break; 1270 case TAG_RSA_EXPONENT1: 1271 dmp1 = bn; 1272 break; 1273 case TAG_RSA_EXPONENT2: 1274 dmq1 = bn; 1275 break; 1276 case TAG_RSA_COEFFICIENT: 1277 iqmp = bn; 1278 break; 1279 default: 1280 BN_clear_free(bn); 1281 } 1282 } 1283 } 1284 1285#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 1286 rsa = RSA_new(); 1287 if (rsa == NULL) { 1288 DST_RET(ISC_R_NOMEMORY); 1289 } 1290 pkey = EVP_PKEY_new(); 1291 if (pkey == NULL) { 1292 DST_RET(ISC_R_NOMEMORY); 1293 } 1294 if (EVP_PKEY_set1_RSA(pkey, rsa) != 1) { 1295 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1296 } 1297 if (RSA_set0_key(rsa, n, e, d) == 0) { 1298 if (n != NULL) { 1299 BN_free(n); 1300 } 1301 if (e != NULL) { 1302 BN_free(e); 1303 } 1304 if (d != NULL) { 1305 BN_clear_free(d); 1306 } 1307 } 1308 if (RSA_set0_factors(rsa, p, q) == 0) { 1309 if (p != NULL) { 1310 BN_clear_free(p); 1311 } 1312 if (q != NULL) { 1313 BN_clear_free(q); 1314 } 1315 } 1316 if (RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp) == 0) { 1317 if (dmp1 != NULL) { 1318 BN_clear_free(dmp1); 1319 } 1320 if (dmq1 != NULL) { 1321 BN_clear_free(dmq1); 1322 } 1323 if (iqmp != NULL) { 1324 BN_clear_free(iqmp); 1325 } 1326 } 1327 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) { 1328 DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY)); 1329 } 1330#else 1331 bld = OSSL_PARAM_BLD_new(); 1332 if (bld == NULL) { 1333 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1334 } 1335 1336 if (n != NULL && 1337 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n) != 1) 1338 { 1339 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1340 } 1341 if (e != NULL && 1342 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e) != 1) 1343 { 1344 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1345 } 1346 if (d != NULL && 1347 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d) != 1) 1348 { 1349 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1350 } 1351 if (p != NULL && 1352 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR1, p) != 1) 1353 { 1354 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1355 } 1356 if (q != NULL && 1357 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_FACTOR2, q) != 1) 1358 { 1359 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1360 } 1361 if (dmp1 != NULL && 1362 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_EXPONENT1, dmp1) != 1363 1) 1364 { 1365 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1366 } 1367 if (dmq1 != NULL && 1368 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_EXPONENT2, dmq1) != 1369 1) 1370 { 1371 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1372 } 1373 if (iqmp != NULL && 1374 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, 1375 iqmp) != 1) 1376 { 1377 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1378 } 1379 1380 params = OSSL_PARAM_BLD_to_param(bld); 1381 if (params == NULL) { 1382 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1383 } 1384 1385 ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 1386 if (ctx == NULL || EVP_PKEY_fromdata_init(ctx) != 1) { 1387 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1388 } 1389 1390 if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) != 1 || 1391 pkey == NULL) 1392 { 1393 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1394 } 1395 1396 if (rsa_check(pkey, pub != NULL ? pub->keydata.pkey : NULL) != 1397 ISC_R_SUCCESS) 1398 { 1399 DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY)); 1400 } 1401#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 1402 1403 if (BN_num_bits(e) > RSA_MAX_PUBEXP_BITS) { 1404 DST_RET(ISC_R_RANGE); 1405 } 1406 1407 key->key_size = BN_num_bits(n); 1408 key->keydata.pkey = pkey; 1409 pkey = NULL; 1410 1411err: 1412 if (pkey != NULL) { 1413 EVP_PKEY_free(pkey); 1414 } 1415#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 1416 if (rsa != NULL) { 1417 RSA_free(rsa); 1418 } 1419 if (pubrsa != NULL) { 1420 RSA_free(pubrsa); 1421 } 1422#else 1423 if (ctx != NULL) { 1424 EVP_PKEY_CTX_free(ctx); 1425 } 1426 if (params != NULL) { 1427 OSSL_PARAM_free(params); 1428 } 1429 if (bld != NULL) { 1430 OSSL_PARAM_BLD_free(bld); 1431 } 1432 if (e != NULL) { 1433 BN_free(e); 1434 } 1435 if (n != NULL) { 1436 BN_free(n); 1437 } 1438 if (d != NULL) { 1439 BN_clear_free(d); 1440 } 1441 if (p != NULL) { 1442 BN_clear_free(p); 1443 } 1444 if (q != NULL) { 1445 BN_clear_free(q); 1446 } 1447 if (dmp1 != NULL) { 1448 BN_clear_free(dmp1); 1449 } 1450 if (dmq1 != NULL) { 1451 BN_clear_free(dmq1); 1452 } 1453 if (iqmp != NULL) { 1454 BN_clear_free(iqmp); 1455 } 1456#endif /* OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 */ 1457 if (ret != ISC_R_SUCCESS) { 1458 key->keydata.generic = NULL; 1459 } 1460 1461 dst__privstruct_free(&priv, mctx); 1462 isc_safe_memwipe(&priv, sizeof(priv)); 1463 1464 return (ret); 1465} 1466 1467static isc_result_t 1468opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label, 1469 const char *pin) { 1470#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 1471 ENGINE *e = NULL; 1472 isc_result_t ret = ISC_R_SUCCESS; 1473 EVP_PKEY *pkey = NULL, *pubpkey = NULL; 1474 RSA *rsa = NULL, *pubrsa = NULL; 1475 const BIGNUM *ex = NULL; 1476 1477 UNUSED(pin); 1478 1479 if (engine == NULL) { 1480 DST_RET(DST_R_NOENGINE); 1481 } 1482 e = dst__openssl_getengine(engine); 1483 if (e == NULL) { 1484 DST_RET(dst__openssl_toresult(DST_R_NOENGINE)); 1485 } 1486 1487 pubpkey = ENGINE_load_public_key(e, label, NULL, NULL); 1488 if (pubpkey == NULL) { 1489 DST_RET(dst__openssl_toresult2("ENGINE_load_public_key", 1490 DST_R_OPENSSLFAILURE)); 1491 } 1492 pubrsa = EVP_PKEY_get1_RSA(pubpkey); 1493 if (pubrsa == NULL) { 1494 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1495 } 1496 1497 pkey = ENGINE_load_private_key(e, label, NULL, NULL); 1498 if (pkey == NULL) { 1499 DST_RET(dst__openssl_toresult2("ENGINE_load_private_key", 1500 DST_R_OPENSSLFAILURE)); 1501 } 1502 1503 key->engine = isc_mem_strdup(key->mctx, engine); 1504 key->label = isc_mem_strdup(key->mctx, label); 1505 1506 rsa = EVP_PKEY_get1_RSA(pkey); 1507 if (rsa == NULL) { 1508 DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE)); 1509 } 1510 if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS) { 1511 DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY)); 1512 } 1513 RSA_get0_key(rsa, NULL, &ex, NULL); 1514 1515 if (ex == NULL) { 1516 DST_RET(dst__openssl_toresult(DST_R_INVALIDPRIVATEKEY)); 1517 } 1518 if (BN_num_bits(ex) > RSA_MAX_PUBEXP_BITS) { 1519 DST_RET(ISC_R_RANGE); 1520 } 1521 1522 key->key_size = EVP_PKEY_bits(pkey); 1523 key->keydata.pkey = pkey; 1524 pkey = NULL; 1525 1526err: 1527 if (rsa != NULL) { 1528 RSA_free(rsa); 1529 } 1530 if (pubrsa != NULL) { 1531 RSA_free(pubrsa); 1532 } 1533 if (pkey != NULL) { 1534 EVP_PKEY_free(pkey); 1535 } 1536 if (pubpkey != NULL) { 1537 EVP_PKEY_free(pubpkey); 1538 } 1539 return (ret); 1540#else /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */ 1541 UNUSED(key); 1542 UNUSED(engine); 1543 UNUSED(label); 1544 UNUSED(pin); 1545 return (DST_R_NOENGINE); 1546#endif /* if !defined(OPENSSL_NO_ENGINE) && OPENSSL_API_LEVEL < 30000 */ 1547} 1548 1549static dst_func_t opensslrsa_functions = { 1550 opensslrsa_createctx, 1551 NULL, /*%< createctx2 */ 1552 opensslrsa_destroyctx, 1553 opensslrsa_adddata, 1554 opensslrsa_sign, 1555 opensslrsa_verify, 1556 opensslrsa_verify2, 1557 NULL, /*%< computesecret */ 1558 opensslrsa_compare, 1559 NULL, /*%< paramcompare */ 1560 opensslrsa_generate, 1561 opensslrsa_isprivate, 1562 opensslrsa_destroy, 1563 opensslrsa_todns, 1564 opensslrsa_fromdns, 1565 opensslrsa_tofile, 1566 opensslrsa_parse, 1567 NULL, /*%< cleanup */ 1568 opensslrsa_fromlabel, 1569 NULL, /*%< dump */ 1570 NULL, /*%< restore */ 1571}; 1572 1573/* 1574 * An RSA public key with 2048 bits 1575 */ 1576static const unsigned char e_bytes[] = "\x01\x00\x01"; 1577static const unsigned char n_bytes[] = 1578 "\xc3\x90\x07\xbe\xf1\x85\xfc\x1a\x43\xb1\xa5\x15\xce\x71\x34\xfc\xc1" 1579 "\x87\x27\x28\x38\xa4\xcf\x7c\x1a\x82\xa8\xdc\x04\x14\xd0\x3f\xb4\xfe" 1580 "\x20\x4a\xdd\xd9\x0d\xd7\xcd\x61\x8c\xbd\x61\xa8\x10\xb5\x63\x1c\x29" 1581 "\x15\xcb\x41\xee\x43\x91\x7f\xeb\xa5\x2c\xab\x81\x75\x0d\xa3\x3d\xe4" 1582 "\xc8\x49\xb9\xca\x5a\x55\xa1\xbb\x09\xd1\xfb\xcd\xa2\xd2\x12\xa4\x85" 1583 "\xdf\xa5\x65\xc9\x27\x2d\x8b\xd7\x8b\xfe\x6d\xc4\xd1\xd9\x83\x1c\x91" 1584 "\x7d\x3d\xd0\xa4\xcd\xe1\xe7\xb9\x7a\x11\x38\xf9\x8b\x3c\xec\x30\xb6" 1585 "\x36\xb9\x92\x64\x81\x56\x3c\xbc\xf9\x49\xfb\xba\x82\xb7\xa0\xfa\x65" 1586 "\x79\x83\xb9\x4c\xa7\xfd\x53\x0b\x5a\xe4\xde\xf9\xfc\x38\x7e\xb5\x2c" 1587 "\xa0\xc3\xb2\xfc\x7c\x38\xb0\x63\x50\xaf\x00\xaa\xb2\xad\x49\x54\x1e" 1588 "\x8b\x11\x88\x9b\x6e\xae\x3b\x23\xa3\xdd\x53\x51\x80\x7a\x0b\x91\x4e" 1589 "\x6d\x32\x01\xbd\x17\x81\x12\x64\x9f\x84\xae\x76\x53\x1a\x63\xa0\xda" 1590 "\xcc\x45\x04\x72\xb0\xa7\xfb\xfa\x02\x39\x53\xc1\x83\x1f\x88\x54\x47" 1591 "\x88\x63\x20\x71\x5d\xe2\xaa\x7c\x53\x39\x5e\x35\x25\xee\xe6\x5c\x15" 1592 "\x5e\x14\xbe\x99\xde\x25\x19\xe7\x13\xdb\xce\xa3\xd3\x6c\x5c\xbb\x0e" 1593 "\x6b"; 1594 1595static const unsigned char sha1_sig[] = 1596 "\x69\x99\x89\x28\xe0\x38\x34\x91\x29\xb6\xac\x4b\xe9\x51\xbd\xbe\xc8" 1597 "\x1a\x2d\xb6\xca\x99\xa3\x9f\x6a\x8b\x94\x5a\x51\x37\xd5\x8d\xae\x87" 1598 "\xed\xbc\x8e\xb8\xa3\x60\x6b\xf6\xe6\x72\xfc\x26\x2a\x39\x2b\xfe\x88" 1599 "\x1a\xa9\xd1\x93\xc7\xb9\xf8\xb6\x45\xa1\xf9\xa1\x56\x78\x7b\x00\xec" 1600 "\x33\x83\xd4\x93\x25\x48\xb3\x50\x09\xd0\xbc\x7f\xac\x67\xc7\xa2\x7f" 1601 "\xfc\xf6\x5a\xef\xf8\x5a\xad\x52\x74\xf5\x71\x34\xd9\x3d\x33\x8b\x4d" 1602 "\x99\x64\x7e\x14\x59\xbe\xdf\x26\x8a\x67\x96\x6c\x1f\x79\x85\x10\x0d" 1603 "\x7f\xd6\xa4\xba\x57\x41\x03\x71\x4e\x8c\x17\xd5\xc4\xfb\x4a\xbe\x66" 1604 "\x45\x15\x45\x0c\x02\xe0\x10\xe1\xbb\x33\x8d\x90\x34\x3c\x94\xa4\x4c" 1605 "\x7c\xd0\x5e\x90\x76\x80\x59\xb2\xfa\x54\xbf\xa9\x86\xb8\x84\x1e\x28" 1606 "\x48\x60\x2f\x9e\xa4\xbc\xd4\x9c\x20\x27\x16\xac\x33\xcb\xcf\xab\x93" 1607 "\x7a\x3b\x74\xa0\x18\x92\xa1\x4f\xfc\x52\x19\xee\x7a\x13\x73\xba\x36" 1608 "\xaf\x78\x5d\xb6\x1f\x96\x76\x15\x73\xee\x04\xa8\x70\x27\xf7\xe7\xfa" 1609 "\xe8\xf6\xc8\x5f\x4a\x81\x56\x0a\x94\xf3\xc6\x98\xd2\x93\xc4\x0b\x49" 1610 "\x6b\x44\xd3\x73\xa2\xe3\xef\x5d\x9e\x68\xac\xa7\x42\xb1\xbb\x65\xbe" 1611 "\x59"; 1612 1613static const unsigned char sha256_sig[] = 1614 "\x0f\x8c\xdb\xe6\xb6\x21\xc8\xc5\x28\x76\x7d\xf6\xf2\x3b\x78\x47\x77" 1615 "\x03\x34\xc5\x5e\xc0\xda\x42\x41\xc0\x0f\x97\xd3\xd0\x53\xa1\xd6\x87" 1616 "\xe4\x16\x29\x9a\xa5\x59\xf4\x01\xad\xc9\x04\xe7\x61\xe2\xcb\x79\x73" 1617 "\xce\xe0\xa6\x85\xe5\x10\x8c\x4b\xc5\x68\x3b\x96\x42\x3f\x56\xb3\x6d" 1618 "\x89\xc4\xff\x72\x36\xf2\x3f\xed\xe9\xb8\xe3\xae\xab\x3c\xb7\xaa\xf7" 1619 "\x1f\x8f\x26\x6b\xee\xc1\xac\x72\x89\x23\x8b\x7a\xd7\x8c\x84\xf3\xf5" 1620 "\x97\xa8\x8d\xd3\xef\xb2\x5e\x06\x04\x21\xdd\x28\xa2\x28\x83\x68\x9b" 1621 "\xac\x34\xdd\x36\x33\xda\xdd\xa4\x59\xc7\x5a\x4d\xf3\x83\x06\xd5\xc0" 1622 "\x0d\x1f\x4f\x47\x2f\x9f\xcc\xc2\x0d\x21\x1e\x82\xb9\x3d\xf3\xa4\x1a" 1623 "\xa6\xd8\x0e\x72\x1d\x71\x17\x1c\x54\xad\x37\x3e\xa4\x0e\x70\x86\x53" 1624 "\xfb\x40\xad\xb9\x14\xf8\x8d\x93\xbb\xd7\xe7\x31\xce\xe0\x98\xda\x27" 1625 "\x1c\x18\x8e\xd8\x85\xcb\xa7\xb1\x18\xac\x8c\xa8\x9d\xa9\xe2\xf6\x30" 1626 "\x95\xa4\x81\xf4\x1c\xa0\x31\xd5\xc7\x9d\x28\x33\xee\x7f\x08\x4f\xcb" 1627 "\xd1\x14\x17\xdf\xd0\x88\x78\x47\x29\xaf\x6c\xb2\x62\xa6\x30\x87\x29" 1628 "\xaa\x80\x19\x7d\x2f\x05\xe3\x7e\x23\x73\x88\x08\xcc\xbd\x50\x46\x09" 1629 "\x2a"; 1630 1631static const unsigned char sha512_sig[] = 1632 "\x15\xda\x87\x87\x1f\x76\x08\xd3\x9d\x3a\xb9\xd2\x6a\x0e\x3b\x7d\xdd" 1633 "\xec\x7d\xc4\x6d\x26\xf5\x04\xd3\x76\xc7\x83\xc4\x81\x69\x35\xe9\x47" 1634 "\xbf\x49\xd1\xc0\xf9\x01\x4e\x0a\x34\x5b\xd0\xec\x6e\xe2\x2e\xe9\x2d" 1635 "\x00\xfd\xe0\xa0\x28\x54\x53\x19\x49\x6d\xd2\x58\xb9\x47\xfa\x45\xad" 1636 "\xd2\x1d\x52\xac\x80\xcb\xfc\x91\x97\x84\x58\x5f\xab\x21\x62\x60\x79" 1637 "\xb8\x8a\x83\xe1\xf1\xcb\x05\x4c\x92\x56\x62\xd9\xbf\xa7\x81\x34\x23" 1638 "\xdf\xd7\xa7\xc4\xdf\xde\x96\x00\x57\x4b\x78\x85\xb9\x3b\xdd\x3f\x98" 1639 "\x88\x59\x1d\x48\xcf\x5a\xa8\xb7\x2a\x8b\x77\x93\x8e\x38\x3a\x0c\xa7" 1640 "\x8a\x5f\xe6\x9f\xcb\xf0\x9a\x6b\xb6\x91\x04\x8b\x69\x6a\x37\xee\xa2" 1641 "\xad\x5f\x31\x20\x96\xd6\x51\x80\xbf\x62\x48\xb8\xe4\x94\x10\x86\x4e" 1642 "\xf2\x22\x1e\xa4\xd5\x54\xfe\xe1\x35\x49\xaf\xf8\x62\xfc\x11\xeb\xf7" 1643 "\x3d\xd5\x5e\xaf\x11\xbd\x3d\xa9\x3a\x9f\x7f\xe8\xb4\x0d\xa2\xbb\x1c" 1644 "\xbd\x4c\xed\x9e\x81\xb1\xec\xd3\xea\xaa\x03\xe3\x14\xdf\x8c\xb3\x78" 1645 "\x85\x5e\x87\xad\xec\x41\x1a\xa9\x4f\xd2\xe6\xc6\xbe\xfa\xb8\x10\xea" 1646 "\x74\x25\x36\x0c\x23\xe2\x24\xb7\x21\xb7\x0d\xaf\xf6\xb4\x31\xf5\x75" 1647 "\xf1"; 1648 1649static isc_result_t 1650check_algorithm(unsigned char algorithm) { 1651 BIGNUM *n = NULL, *e = NULL; 1652 EVP_MD_CTX *evp_md_ctx = EVP_MD_CTX_create(); 1653 EVP_PKEY *pkey = NULL; 1654 const EVP_MD *type = NULL; 1655 const unsigned char *sig = NULL; 1656 int status; 1657 isc_result_t ret = ISC_R_SUCCESS; 1658 size_t len; 1659#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 1660 RSA *rsa = NULL; 1661#else 1662 OSSL_PARAM *params = NULL; 1663 OSSL_PARAM_BLD *bld = NULL; 1664 EVP_PKEY_CTX *ctx = NULL; 1665#endif 1666 1667 if (evp_md_ctx == NULL) { 1668 DST_RET(ISC_R_NOMEMORY); 1669 } 1670 1671 switch (algorithm) { 1672 case DST_ALG_RSASHA1: 1673 case DST_ALG_NSEC3RSASHA1: 1674 type = EVP_sha1(); /* SHA1 + RSA */ 1675 sig = sha1_sig; 1676 len = sizeof(sha1_sig) - 1; 1677 break; 1678 case DST_ALG_RSASHA256: 1679 type = EVP_sha256(); /* SHA256 + RSA */ 1680 sig = sha256_sig; 1681 len = sizeof(sha256_sig) - 1; 1682 break; 1683 case DST_ALG_RSASHA512: 1684 type = EVP_sha512(); 1685 sig = sha512_sig; 1686 len = sizeof(sha512_sig) - 1; 1687 break; 1688 default: 1689 DST_RET(ISC_R_NOTIMPLEMENTED); 1690 } 1691 1692 if (type == NULL) { 1693 DST_RET(ISC_R_NOTIMPLEMENTED); 1694 } 1695 1696 /* 1697 * Construct pkey. 1698 */ 1699 e = BN_bin2bn(e_bytes, sizeof(e_bytes) - 1, NULL); 1700 n = BN_bin2bn(n_bytes, sizeof(n_bytes) - 1, NULL); 1701 if (e == NULL || n == NULL) { 1702 DST_RET(ISC_R_NOMEMORY); 1703 } 1704 1705#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 1706 rsa = RSA_new(); 1707 if (rsa == NULL) { 1708 DST_RET(dst__openssl_toresult2("RSA_new", 1709 DST_R_OPENSSLFAILURE)); 1710 } 1711 status = RSA_set0_key(rsa, n, e, NULL); 1712 if (status != 1) { 1713 DST_RET(dst__openssl_toresult2("RSA_set0_key", 1714 DST_R_OPENSSLFAILURE)); 1715 } 1716 1717 /* These are now managed by OpenSSL. */ 1718 n = NULL; 1719 e = NULL; 1720 1721 pkey = EVP_PKEY_new(); 1722 if (pkey == NULL) { 1723 DST_RET(dst__openssl_toresult2("EVP_PKEY_new", 1724 DST_R_OPENSSLFAILURE)); 1725 } 1726 status = EVP_PKEY_set1_RSA(pkey, rsa); 1727 if (status != 1) { 1728 DST_RET(dst__openssl_toresult2("EVP_PKEY_set1_RSA", 1729 DST_R_OPENSSLFAILURE)); 1730 } 1731#else 1732 bld = OSSL_PARAM_BLD_new(); 1733 if (bld == NULL) { 1734 DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_new", 1735 DST_R_OPENSSLFAILURE)); 1736 } 1737 if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n) != 1 || 1738 OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e) != 1) 1739 { 1740 DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_push_BN", 1741 DST_R_OPENSSLFAILURE)); 1742 } 1743 params = OSSL_PARAM_BLD_to_param(bld); 1744 if (params == NULL) { 1745 DST_RET(dst__openssl_toresult2("OSSL_PARAM_BLD_to_param", 1746 DST_R_OPENSSLFAILURE)); 1747 } 1748 ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 1749 if (ctx == NULL) { 1750 DST_RET(dst__openssl_toresult2("EVP_PKEY_CTX_new_from_name", 1751 DST_R_OPENSSLFAILURE)); 1752 } 1753 status = EVP_PKEY_fromdata_init(ctx); 1754 if (status != 1) { 1755 DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata_init", 1756 DST_R_OPENSSLFAILURE)); 1757 } 1758 status = EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_PUBLIC_KEY, params); 1759 if (status != 1 || pkey == NULL) { 1760 DST_RET(dst__openssl_toresult2("EVP_PKEY_fromdata", 1761 DST_R_OPENSSLFAILURE)); 1762 } 1763#endif 1764 1765 /* 1766 * Check that we can verify the signature. 1767 */ 1768 if (EVP_DigestInit_ex(evp_md_ctx, type, NULL) != 1 || 1769 EVP_DigestUpdate(evp_md_ctx, "test", 4) != 1 || 1770 EVP_VerifyFinal(evp_md_ctx, sig, len, pkey) != 1) 1771 { 1772 DST_RET(ISC_R_NOTIMPLEMENTED); 1773 } 1774 1775err: 1776 BN_free(e); 1777 BN_free(n); 1778#if OPENSSL_VERSION_NUMBER < 0x30000000L || OPENSSL_API_LEVEL < 30000 1779 if (rsa != NULL) { 1780 RSA_free(rsa); 1781 } 1782#else 1783 if (bld != NULL) { 1784 OSSL_PARAM_BLD_free(bld); 1785 } 1786 if (ctx != NULL) { 1787 EVP_PKEY_CTX_free(ctx); 1788 } 1789 if (params != NULL) { 1790 OSSL_PARAM_free(params); 1791 } 1792#endif 1793 if (pkey != NULL) { 1794 EVP_PKEY_free(pkey); 1795 } 1796 if (evp_md_ctx != NULL) { 1797 EVP_MD_CTX_destroy(evp_md_ctx); 1798 } 1799 ERR_clear_error(); 1800 return (ret); 1801} 1802 1803isc_result_t 1804dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) { 1805 isc_result_t result; 1806 1807 REQUIRE(funcp != NULL); 1808 1809 result = check_algorithm(algorithm); 1810 1811 if (result == ISC_R_SUCCESS) { 1812 if (*funcp == NULL) { 1813 *funcp = &opensslrsa_functions; 1814 } 1815 } else if (result == ISC_R_NOTIMPLEMENTED) { 1816 result = ISC_R_SUCCESS; 1817 } 1818 1819 return (result); 1820} 1821