1 /* Written by Dr Stephen N Henson (steve (at) openssl.org) for the OpenSSL 2 * project 2006. 3 */ 4 /* ==================================================================== 5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * 3. All advertising materials mentioning features or use of this 20 * software must display the following acknowledgment: 21 * "This product includes software developed by the OpenSSL Project 22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 23 * 24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 25 * endorse or promote products derived from this software without 26 * prior written permission. For written permission, please contact 27 * licensing (at) OpenSSL.org. 28 * 29 * 5. Products derived from this software may not be called "OpenSSL" 30 * nor may "OpenSSL" appear in their names without prior written 31 * permission of the OpenSSL Project. 32 * 33 * 6. Redistributions of any form whatsoever must retain the following 34 * acknowledgment: 35 * "This product includes software developed by the OpenSSL Project 36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 37 * 38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49 * OF THE POSSIBILITY OF SUCH DAMAGE. 50 * ==================================================================== 51 * 52 * This product includes cryptographic software written by Eric Young 53 * (eay (at) cryptsoft.com). This product includes software written by Tim 54 * Hudson (tjh (at) cryptsoft.com). */ 55 56 #include <openssl/evp.h> 57 58 #include <limits.h> 59 #include <string.h> 60 61 #include <openssl/bn.h> 62 #include <openssl/buf.h> 63 #include <openssl/bytestring.h> 64 #include <openssl/digest.h> 65 #include <openssl/err.h> 66 #include <openssl/mem.h> 67 #include <openssl/obj.h> 68 #include <openssl/rsa.h> 69 70 #include "../rsa/internal.h" 71 #include "internal.h" 72 73 74 typedef struct { 75 /* Key gen parameters */ 76 int nbits; 77 BIGNUM *pub_exp; 78 /* RSA padding mode */ 79 int pad_mode; 80 /* message digest */ 81 const EVP_MD *md; 82 /* message digest for MGF1 */ 83 const EVP_MD *mgf1md; 84 /* PSS salt length */ 85 int saltlen; 86 /* tbuf is a buffer which is either NULL, or is the size of the RSA modulus. 87 * It's used to store the output of RSA operations. */ 88 uint8_t *tbuf; 89 /* OAEP label */ 90 uint8_t *oaep_label; 91 size_t oaep_labellen; 92 } RSA_PKEY_CTX; 93 94 static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { 95 RSA_PKEY_CTX *rctx; 96 rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); 97 if (!rctx) { 98 return 0; 99 } 100 memset(rctx, 0, sizeof(RSA_PKEY_CTX)); 101 102 rctx->nbits = 2048; 103 rctx->pad_mode = RSA_PKCS1_PADDING; 104 rctx->saltlen = -2; 105 106 ctx->data = rctx; 107 108 return 1; 109 } 110 111 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { 112 RSA_PKEY_CTX *dctx, *sctx; 113 if (!pkey_rsa_init(dst)) { 114 return 0; 115 } 116 sctx = src->data; 117 dctx = dst->data; 118 dctx->nbits = sctx->nbits; 119 if (sctx->pub_exp) { 120 dctx->pub_exp = BN_dup(sctx->pub_exp); 121 if (!dctx->pub_exp) { 122 return 0; 123 } 124 } 125 126 dctx->pad_mode = sctx->pad_mode; 127 dctx->md = sctx->md; 128 dctx->mgf1md = sctx->mgf1md; 129 if (sctx->oaep_label) { 130 OPENSSL_free(dctx->oaep_label); 131 dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen); 132 if (!dctx->oaep_label) { 133 return 0; 134 } 135 dctx->oaep_labellen = sctx->oaep_labellen; 136 } 137 138 return 1; 139 } 140 141 static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) { 142 RSA_PKEY_CTX *rctx = ctx->data; 143 144 if (rctx == NULL) { 145 return; 146 } 147 148 BN_free(rctx->pub_exp); 149 OPENSSL_free(rctx->tbuf); 150 OPENSSL_free(rctx->oaep_label); 151 OPENSSL_free(rctx); 152 } 153 154 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) { 155 if (ctx->tbuf) { 156 return 1; 157 } 158 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); 159 if (!ctx->tbuf) { 160 return 0; 161 } 162 return 1; 163 } 164 165 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, 166 const uint8_t *tbs, size_t tbslen) { 167 RSA_PKEY_CTX *rctx = ctx->data; 168 RSA *rsa = ctx->pkey->pkey.rsa; 169 const size_t key_len = EVP_PKEY_size(ctx->pkey); 170 171 if (!sig) { 172 *siglen = key_len; 173 return 1; 174 } 175 176 if (*siglen < key_len) { 177 OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); 178 return 0; 179 } 180 181 if (rctx->md) { 182 unsigned int out_len; 183 184 if (tbslen != EVP_MD_size(rctx->md)) { 185 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_DIGEST_LENGTH); 186 return 0; 187 } 188 189 if (EVP_MD_type(rctx->md) == NID_mdc2) { 190 OPENSSL_PUT_ERROR(EVP, EVP_R_NO_MDC2_SUPPORT); 191 return 0; 192 } 193 194 switch (rctx->pad_mode) { 195 case RSA_PKCS1_PADDING: 196 if (!RSA_sign(EVP_MD_type(rctx->md), tbs, tbslen, sig, &out_len, rsa)) { 197 return 0; 198 } 199 *siglen = out_len; 200 return 1; 201 202 case RSA_PKCS1_PSS_PADDING: 203 if (!setup_tbuf(rctx, ctx) || 204 !RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs, rctx->md, 205 rctx->mgf1md, rctx->saltlen) || 206 !RSA_sign_raw(rsa, siglen, sig, *siglen, rctx->tbuf, key_len, 207 RSA_NO_PADDING)) { 208 return 0; 209 } 210 return 1; 211 212 default: 213 return 0; 214 } 215 } 216 217 return RSA_sign_raw(rsa, siglen, sig, *siglen, tbs, tbslen, rctx->pad_mode); 218 } 219 220 static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, 221 size_t siglen, const uint8_t *tbs, 222 size_t tbslen) { 223 RSA_PKEY_CTX *rctx = ctx->data; 224 RSA *rsa = ctx->pkey->pkey.rsa; 225 size_t rslen; 226 const size_t key_len = EVP_PKEY_size(ctx->pkey); 227 228 if (rctx->md) { 229 switch (rctx->pad_mode) { 230 case RSA_PKCS1_PADDING: 231 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); 232 233 case RSA_PKCS1_PSS_PADDING: 234 if (!setup_tbuf(rctx, ctx) || 235 !RSA_verify_raw(rsa, &rslen, rctx->tbuf, key_len, sig, siglen, 236 RSA_NO_PADDING) || 237 !RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md, rctx->mgf1md, 238 rctx->tbuf, rctx->saltlen)) { 239 return 0; 240 } 241 return 1; 242 243 default: 244 return 0; 245 } 246 } 247 248 if (!setup_tbuf(rctx, ctx) || 249 !RSA_verify_raw(rsa, &rslen, rctx->tbuf, key_len, sig, siglen, 250 rctx->pad_mode) || 251 rslen != tbslen || 252 CRYPTO_memcmp(tbs, rctx->tbuf, rslen) != 0) { 253 return 0; 254 } 255 256 return 1; 257 } 258 259 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, 260 const uint8_t *in, size_t inlen) { 261 RSA_PKEY_CTX *rctx = ctx->data; 262 RSA *rsa = ctx->pkey->pkey.rsa; 263 const size_t key_len = EVP_PKEY_size(ctx->pkey); 264 265 if (!out) { 266 *outlen = key_len; 267 return 1; 268 } 269 270 if (*outlen < key_len) { 271 OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); 272 return 0; 273 } 274 275 if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { 276 if (!setup_tbuf(rctx, ctx) || 277 !RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, key_len, in, inlen, 278 rctx->oaep_label, rctx->oaep_labellen, 279 rctx->md, rctx->mgf1md) || 280 !RSA_encrypt(rsa, outlen, out, *outlen, rctx->tbuf, key_len, 281 RSA_NO_PADDING)) { 282 return 0; 283 } 284 return 1; 285 } 286 287 return RSA_encrypt(rsa, outlen, out, *outlen, in, inlen, rctx->pad_mode); 288 } 289 290 static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, 291 size_t *outlen, const uint8_t *in, 292 size_t inlen) { 293 RSA_PKEY_CTX *rctx = ctx->data; 294 RSA *rsa = ctx->pkey->pkey.rsa; 295 const size_t key_len = EVP_PKEY_size(ctx->pkey); 296 297 if (!out) { 298 *outlen = key_len; 299 return 1; 300 } 301 302 if (*outlen < key_len) { 303 OPENSSL_PUT_ERROR(EVP, EVP_R_BUFFER_TOO_SMALL); 304 return 0; 305 } 306 307 if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { 308 size_t plaintext_len; 309 int message_len; 310 311 if (!setup_tbuf(rctx, ctx) || 312 !RSA_decrypt(rsa, &plaintext_len, rctx->tbuf, key_len, in, inlen, 313 RSA_NO_PADDING)) { 314 return 0; 315 } 316 317 message_len = RSA_padding_check_PKCS1_OAEP_mgf1( 318 out, key_len, rctx->tbuf, plaintext_len, rctx->oaep_label, 319 rctx->oaep_labellen, rctx->md, rctx->mgf1md); 320 if (message_len < 0) { 321 return 0; 322 } 323 *outlen = message_len; 324 return 1; 325 } 326 327 return RSA_decrypt(rsa, outlen, out, key_len, in, inlen, rctx->pad_mode); 328 } 329 330 static int check_padding_md(const EVP_MD *md, int padding) { 331 if (!md) { 332 return 1; 333 } 334 335 if (padding == RSA_NO_PADDING) { 336 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PADDING_MODE); 337 return 0; 338 } 339 340 return 1; 341 } 342 343 static int is_known_padding(int padding_mode) { 344 switch (padding_mode) { 345 case RSA_PKCS1_PADDING: 346 case RSA_NO_PADDING: 347 case RSA_PKCS1_OAEP_PADDING: 348 case RSA_PKCS1_PSS_PADDING: 349 return 1; 350 default: 351 return 0; 352 } 353 } 354 355 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { 356 RSA_PKEY_CTX *rctx = ctx->data; 357 switch (type) { 358 case EVP_PKEY_CTRL_RSA_PADDING: 359 if (!is_known_padding(p1) || !check_padding_md(rctx->md, p1) || 360 (p1 == RSA_PKCS1_PSS_PADDING && 361 0 == (ctx->operation & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) || 362 (p1 == RSA_PKCS1_OAEP_PADDING && 363 0 == (ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))) { 364 OPENSSL_PUT_ERROR(EVP, EVP_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); 365 return 0; 366 } 367 if ((p1 == RSA_PKCS1_PSS_PADDING || p1 == RSA_PKCS1_OAEP_PADDING) && 368 rctx->md == NULL) { 369 rctx->md = EVP_sha1(); 370 } 371 rctx->pad_mode = p1; 372 return 1; 373 374 case EVP_PKEY_CTRL_GET_RSA_PADDING: 375 *(int *)p2 = rctx->pad_mode; 376 return 1; 377 378 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: 379 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: 380 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { 381 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PSS_SALTLEN); 382 return 0; 383 } 384 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) { 385 *(int *)p2 = rctx->saltlen; 386 } else { 387 if (p1 < -2) { 388 return 0; 389 } 390 rctx->saltlen = p1; 391 } 392 return 1; 393 394 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: 395 if (p1 < 256) { 396 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_KEYBITS); 397 return 0; 398 } 399 rctx->nbits = p1; 400 return 1; 401 402 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: 403 if (!p2) { 404 return 0; 405 } 406 BN_free(rctx->pub_exp); 407 rctx->pub_exp = p2; 408 return 1; 409 410 case EVP_PKEY_CTRL_RSA_OAEP_MD: 411 case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: 412 if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { 413 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PADDING_MODE); 414 return 0; 415 } 416 if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) { 417 *(const EVP_MD **)p2 = rctx->md; 418 } else { 419 rctx->md = p2; 420 } 421 return 1; 422 423 case EVP_PKEY_CTRL_MD: 424 if (!check_padding_md(p2, rctx->pad_mode)) { 425 return 0; 426 } 427 rctx->md = p2; 428 return 1; 429 430 case EVP_PKEY_CTRL_GET_MD: 431 *(const EVP_MD **)p2 = rctx->md; 432 return 1; 433 434 case EVP_PKEY_CTRL_RSA_MGF1_MD: 435 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: 436 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING && 437 rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { 438 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_MGF1_MD); 439 return 0; 440 } 441 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { 442 if (rctx->mgf1md) { 443 *(const EVP_MD **)p2 = rctx->mgf1md; 444 } else { 445 *(const EVP_MD **)p2 = rctx->md; 446 } 447 } else { 448 rctx->mgf1md = p2; 449 } 450 return 1; 451 452 case EVP_PKEY_CTRL_RSA_OAEP_LABEL: 453 if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { 454 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PADDING_MODE); 455 return 0; 456 } 457 OPENSSL_free(rctx->oaep_label); 458 if (p2 && p1 > 0) { 459 rctx->oaep_label = p2; 460 rctx->oaep_labellen = p1; 461 } else { 462 rctx->oaep_label = NULL; 463 rctx->oaep_labellen = 0; 464 } 465 return 1; 466 467 case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: 468 if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { 469 OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_PADDING_MODE); 470 return 0; 471 } 472 CBS_init((CBS *)p2, rctx->oaep_label, rctx->oaep_labellen); 473 return 1; 474 475 default: 476 OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED); 477 return 0; 478 } 479 } 480 481 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { 482 RSA *rsa = NULL; 483 RSA_PKEY_CTX *rctx = ctx->data; 484 485 if (!rctx->pub_exp) { 486 rctx->pub_exp = BN_new(); 487 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) { 488 return 0; 489 } 490 } 491 rsa = RSA_new(); 492 if (!rsa) { 493 return 0; 494 } 495 496 if (!RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, NULL)) { 497 RSA_free(rsa); 498 return 0; 499 } 500 501 EVP_PKEY_assign_RSA(pkey, rsa); 502 return 1; 503 } 504 505 const EVP_PKEY_METHOD rsa_pkey_meth = { 506 EVP_PKEY_RSA, 0 /* flags */, pkey_rsa_init, 507 pkey_rsa_copy, pkey_rsa_cleanup, 0 /* paramgen_init */, 508 0 /* paramgen */, 0 /* keygen_init */, pkey_rsa_keygen, 509 0 /* sign_init */, pkey_rsa_sign, 0 /* verify_init */, 510 pkey_rsa_verify, 0 /* encrypt_init */, pkey_rsa_encrypt, 511 0 /* decrypt_init */, pkey_rsa_decrypt, 0 /* derive_init */, 512 0 /* derive */, pkey_rsa_ctrl, 513 }; 514 515 int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int padding) { 516 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, 517 padding, NULL); 518 } 519 520 int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *out_padding) { 521 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 522 0, out_padding); 523 } 524 525 int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int salt_len) { 526 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, 527 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY), 528 EVP_PKEY_CTRL_RSA_PSS_SALTLEN, salt_len, NULL); 529 } 530 531 int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *out_salt_len) { 532 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, 533 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY), 534 EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, out_salt_len); 535 } 536 537 int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits) { 538 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, 539 EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL); 540 } 541 542 int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *e) { 543 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, 544 EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, e); 545 } 546 547 int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { 548 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, 549 EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md); 550 } 551 552 int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) { 553 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, 554 EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void*) out_md); 555 } 556 557 int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { 558 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, 559 EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, 560 EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void*) md); 561 } 562 563 int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) { 564 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, 565 EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, 566 EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void*) out_md); 567 } 568 569 int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, const uint8_t *label, 570 size_t label_len) { 571 int label_len_int = label_len; 572 if (((size_t) label_len_int) != label_len) { 573 return 0; 574 } 575 576 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, 577 EVP_PKEY_CTRL_RSA_OAEP_LABEL, label_len, 578 (void *)label); 579 } 580 581 int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, 582 const uint8_t **out_label) { 583 CBS label; 584 if (!EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, 585 EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, &label)) { 586 return -1; 587 } 588 if (CBS_len(&label) > INT_MAX) { 589 OPENSSL_PUT_ERROR(EVP, ERR_R_OVERFLOW); 590 return -1; 591 } 592 *out_label = CBS_data(&label); 593 return (int)CBS_len(&label); 594 } 595
