PageRenderTime 89ms CodeModel.GetById 13ms app.highlight 66ms RepoModel.GetById 2ms app.codeStats 0ms

/contrib/bind9/lib/dns/opensslrsa_link.c

https://bitbucket.org/freebsd/freebsd-head/
C | 1442 lines | 1229 code | 155 blank | 58 comment | 315 complexity | b514c7ed8da431e1d5da2e500228c53e MD5 | raw file
   1/*
   2 * Copyright (C) 2004-2009, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
   3 * Copyright (C) 2000-2003  Internet Software Consortium.
   4 *
   5 * Permission to use, copy, modify, and/or distribute this software for any
   6 * purpose with or without fee is hereby granted, provided that the above
   7 * copyright notice and this permission notice appear in all copies.
   8 *
   9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15 * PERFORMANCE OF THIS SOFTWARE.
  16 */
  17
  18/*
  19 * Principal Author: Brian Wellington
  20 * $Id$
  21 */
  22#ifdef OPENSSL
  23#include <config.h>
  24
  25#ifndef USE_EVP
  26#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA512)
  27#define USE_EVP 0
  28#else
  29#define USE_EVP 1
  30#endif
  31#endif
  32
  33
  34#include <isc/entropy.h>
  35#include <isc/md5.h>
  36#include <isc/sha1.h>
  37#include <isc/sha2.h>
  38#include <isc/mem.h>
  39#include <isc/string.h>
  40#include <isc/util.h>
  41
  42#include <dst/result.h>
  43
  44#include "dst_internal.h"
  45#include "dst_openssl.h"
  46#include "dst_parse.h"
  47
  48#include <openssl/err.h>
  49#include <openssl/objects.h>
  50#include <openssl/rsa.h>
  51#if OPENSSL_VERSION_NUMBER > 0x00908000L
  52#include <openssl/bn.h>
  53#endif
  54#ifdef USE_ENGINE
  55#include <openssl/engine.h>
  56#endif
  57
  58/*
  59 * We don't use configure for windows so enforce the OpenSSL version
  60 * here.  Unlike with configure we don't support overriding this test.
  61 */
  62#ifdef WIN32
  63#if !((OPENSSL_VERSION_NUMBER >= 0x009070cfL && \
  64       OPENSSL_VERSION_NUMBER < 0x00908000L) || \
  65      OPENSSL_VERSION_NUMBER >= 0x0090804fL)
  66#error Please upgrade OpenSSL to 0.9.8d/0.9.7l or greater.
  67#endif
  68#endif
  69
  70
  71	/*
  72	 * XXXMPA  Temporarily disable RSA_BLINDING as it requires
  73	 * good quality random data that cannot currently be guaranteed.
  74	 * XXXMPA  Find which versions of openssl use pseudo random data
  75	 * and set RSA_FLAG_BLINDING for those.
  76	 */
  77
  78#if 0
  79#if OPENSSL_VERSION_NUMBER < 0x0090601fL
  80#define SET_FLAGS(rsa) \
  81	do { \
  82	(rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \
  83	(rsa)->flags |= RSA_FLAG_BLINDING; \
  84	} while (0)
  85#else
  86#define SET_FLAGS(rsa) \
  87	do { \
  88		(rsa)->flags |= RSA_FLAG_BLINDING; \
  89	} while (0)
  90#endif
  91#endif
  92
  93#if OPENSSL_VERSION_NUMBER < 0x0090601fL
  94#define SET_FLAGS(rsa) \
  95	do { \
  96	(rsa)->flags &= ~(RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE); \
  97	(rsa)->flags &= ~RSA_FLAG_BLINDING; \
  98	} while (0)
  99#elif defined(RSA_FLAG_NO_BLINDING)
 100#define SET_FLAGS(rsa) \
 101	do { \
 102		(rsa)->flags &= ~RSA_FLAG_BLINDING; \
 103		(rsa)->flags |= RSA_FLAG_NO_BLINDING; \
 104	} while (0)
 105#else
 106#define SET_FLAGS(rsa) \
 107	do { \
 108		(rsa)->flags &= ~RSA_FLAG_BLINDING; \
 109	} while (0)
 110#endif
 111
 112#define DST_RET(a) {ret = a; goto err;}
 113
 114static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data);
 115
 116static isc_result_t
 117opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
 118#if USE_EVP
 119	EVP_MD_CTX *evp_md_ctx;
 120	const EVP_MD *type = NULL;
 121#endif
 122
 123	UNUSED(key);
 124	REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
 125		dctx->key->key_alg == DST_ALG_RSASHA1 ||
 126		dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
 127		dctx->key->key_alg == DST_ALG_RSASHA256 ||
 128		dctx->key->key_alg == DST_ALG_RSASHA512);
 129
 130#if USE_EVP
 131	evp_md_ctx = EVP_MD_CTX_create();
 132	if (evp_md_ctx == NULL)
 133		return (ISC_R_NOMEMORY);
 134
 135	switch (dctx->key->key_alg) {
 136	case DST_ALG_RSAMD5:
 137		type = EVP_md5();	/* MD5 + RSA */
 138		break;
 139	case DST_ALG_RSASHA1:
 140	case DST_ALG_NSEC3RSASHA1:
 141		type = EVP_sha1();	/* SHA1 + RSA */
 142		break;
 143#ifdef HAVE_EVP_SHA256
 144	case DST_ALG_RSASHA256:
 145		type = EVP_sha256();	/* SHA256 + RSA */
 146		break;
 147#endif
 148#ifdef HAVE_EVP_SHA512
 149	case DST_ALG_RSASHA512:
 150		type = EVP_sha512();
 151		break;
 152#endif
 153	default:
 154		INSIST(0);
 155	}
 156
 157	if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
 158		EVP_MD_CTX_destroy(evp_md_ctx);
 159		return (ISC_R_FAILURE);
 160	}
 161	dctx->ctxdata.evp_md_ctx = evp_md_ctx;
 162#else
 163	switch (dctx->key->key_alg) {
 164	case DST_ALG_RSAMD5:
 165		{
 166			isc_md5_t *md5ctx;
 167
 168			md5ctx = isc_mem_get(dctx->mctx, sizeof(isc_md5_t));
 169			if (md5ctx == NULL)
 170				return (ISC_R_NOMEMORY);
 171			isc_md5_init(md5ctx);
 172			dctx->ctxdata.md5ctx = md5ctx;
 173		}
 174		break;
 175	case DST_ALG_RSASHA1:
 176	case DST_ALG_NSEC3RSASHA1:
 177		{
 178			isc_sha1_t *sha1ctx;
 179
 180			sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
 181			if (sha1ctx == NULL)
 182				return (ISC_R_NOMEMORY);
 183			isc_sha1_init(sha1ctx);
 184			dctx->ctxdata.sha1ctx = sha1ctx;
 185		}
 186		break;
 187	case DST_ALG_RSASHA256:
 188		{
 189			isc_sha256_t *sha256ctx;
 190
 191			sha256ctx = isc_mem_get(dctx->mctx,
 192						sizeof(isc_sha256_t));
 193			if (sha256ctx == NULL)
 194				return (ISC_R_NOMEMORY);
 195			isc_sha256_init(sha256ctx);
 196			dctx->ctxdata.sha256ctx = sha256ctx;
 197		}
 198		break;
 199	case DST_ALG_RSASHA512:
 200		{
 201			isc_sha512_t *sha512ctx;
 202
 203			sha512ctx = isc_mem_get(dctx->mctx,
 204						sizeof(isc_sha512_t));
 205			if (sha512ctx == NULL)
 206				return (ISC_R_NOMEMORY);
 207			isc_sha512_init(sha512ctx);
 208			dctx->ctxdata.sha512ctx = sha512ctx;
 209		}
 210		break;
 211	default:
 212		INSIST(0);
 213	}
 214#endif
 215
 216	return (ISC_R_SUCCESS);
 217}
 218
 219static void
 220opensslrsa_destroyctx(dst_context_t *dctx) {
 221#if USE_EVP
 222	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
 223#endif
 224
 225	REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
 226		dctx->key->key_alg == DST_ALG_RSASHA1 ||
 227		dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
 228		dctx->key->key_alg == DST_ALG_RSASHA256 ||
 229		dctx->key->key_alg == DST_ALG_RSASHA512);
 230
 231#if USE_EVP
 232	if (evp_md_ctx != NULL) {
 233		EVP_MD_CTX_destroy(evp_md_ctx);
 234		dctx->ctxdata.evp_md_ctx = NULL;
 235	}
 236#else
 237	switch (dctx->key->key_alg) {
 238	case DST_ALG_RSAMD5:
 239		{
 240			isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
 241
 242			if (md5ctx != NULL) {
 243				isc_md5_invalidate(md5ctx);
 244				isc_mem_put(dctx->mctx, md5ctx,
 245					    sizeof(isc_md5_t));
 246				dctx->ctxdata.md5ctx = NULL;
 247			}
 248		}
 249		break;
 250	case DST_ALG_RSASHA1:
 251	case DST_ALG_NSEC3RSASHA1:
 252		{
 253			isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
 254
 255			if (sha1ctx != NULL) {
 256				isc_sha1_invalidate(sha1ctx);
 257				isc_mem_put(dctx->mctx, sha1ctx,
 258					    sizeof(isc_sha1_t));
 259				dctx->ctxdata.sha1ctx = NULL;
 260			}
 261		}
 262		break;
 263	case DST_ALG_RSASHA256:
 264		{
 265			isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
 266
 267			if (sha256ctx != NULL) {
 268				isc_sha256_invalidate(sha256ctx);
 269				isc_mem_put(dctx->mctx, sha256ctx,
 270					    sizeof(isc_sha256_t));
 271				dctx->ctxdata.sha256ctx = NULL;
 272			}
 273		}
 274		break;
 275	case DST_ALG_RSASHA512:
 276		{
 277			isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
 278
 279			if (sha512ctx != NULL) {
 280				isc_sha512_invalidate(sha512ctx);
 281				isc_mem_put(dctx->mctx, sha512ctx,
 282					    sizeof(isc_sha512_t));
 283				dctx->ctxdata.sha512ctx = NULL;
 284			}
 285		}
 286		break;
 287	default:
 288		INSIST(0);
 289	}
 290#endif
 291}
 292
 293static isc_result_t
 294opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
 295#if USE_EVP
 296	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
 297#endif
 298
 299	REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
 300		dctx->key->key_alg == DST_ALG_RSASHA1 ||
 301		dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
 302		dctx->key->key_alg == DST_ALG_RSASHA256 ||
 303		dctx->key->key_alg == DST_ALG_RSASHA512);
 304
 305#if USE_EVP
 306	if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
 307		return (ISC_R_FAILURE);
 308	}
 309#else
 310	switch (dctx->key->key_alg) {
 311	case DST_ALG_RSAMD5:
 312		{
 313			isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
 314
 315			isc_md5_update(md5ctx, data->base, data->length);
 316		}
 317		break;
 318	case DST_ALG_RSASHA1:
 319	case DST_ALG_NSEC3RSASHA1:
 320		{
 321			isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
 322
 323			isc_sha1_update(sha1ctx, data->base, data->length);
 324		}
 325		break;
 326	case DST_ALG_RSASHA256:
 327		{
 328			isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
 329
 330			isc_sha256_update(sha256ctx, data->base, data->length);
 331		}
 332		break;
 333	case DST_ALG_RSASHA512:
 334		{
 335			isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
 336
 337			isc_sha512_update(sha512ctx, data->base, data->length);
 338		}
 339		break;
 340	default:
 341		INSIST(0);
 342	}
 343#endif
 344	return (ISC_R_SUCCESS);
 345}
 346
 347#if ! USE_EVP && OPENSSL_VERSION_NUMBER < 0x00908000L
 348/*
 349 * Digest prefixes from RFC 5702.
 350 */
 351static unsigned char sha256_prefix[] =
 352	 { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
 353	   0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20};
 354static unsigned char sha512_prefix[] =
 355	 { 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
 356	   0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40};
 357#define PREFIXLEN sizeof(sha512_prefix)
 358#else
 359#define PREFIXLEN 0
 360#endif
 361
 362static isc_result_t
 363opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
 364	dst_key_t *key = dctx->key;
 365	isc_region_t r;
 366	unsigned int siglen = 0;
 367#if USE_EVP
 368	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
 369	EVP_PKEY *pkey = key->keydata.pkey;
 370#else
 371	RSA *rsa = key->keydata.rsa;
 372	/* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
 373	unsigned char digest[PREFIXLEN + ISC_SHA512_DIGESTLENGTH];
 374	int status;
 375	int type = 0;
 376	unsigned int digestlen = 0;
 377	char *message;
 378	unsigned long err;
 379	const char* file;
 380	int line;
 381#if OPENSSL_VERSION_NUMBER < 0x00908000L
 382	unsigned int prefixlen = 0;
 383	const unsigned char *prefix = NULL;
 384#endif
 385#endif
 386
 387	REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
 388		dctx->key->key_alg == DST_ALG_RSASHA1 ||
 389		dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
 390		dctx->key->key_alg == DST_ALG_RSASHA256 ||
 391		dctx->key->key_alg == DST_ALG_RSASHA512);
 392
 393	isc_buffer_availableregion(sig, &r);
 394
 395#if USE_EVP
 396	if (r.length < (unsigned int) EVP_PKEY_size(pkey))
 397		return (ISC_R_NOSPACE);
 398
 399	if (!EVP_SignFinal(evp_md_ctx, r.base, &siglen, pkey)) {
 400		return (ISC_R_FAILURE);
 401	}
 402#else
 403	if (r.length < (unsigned int) RSA_size(rsa))
 404		return (ISC_R_NOSPACE);
 405
 406	switch (dctx->key->key_alg) {
 407	case DST_ALG_RSAMD5:
 408		{
 409			isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
 410
 411			isc_md5_final(md5ctx, digest);
 412			type = NID_md5;
 413			digestlen = ISC_MD5_DIGESTLENGTH;
 414		}
 415		break;
 416	case DST_ALG_RSASHA1:
 417	case DST_ALG_NSEC3RSASHA1:
 418		{
 419			isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
 420
 421			isc_sha1_final(sha1ctx, digest);
 422			type = NID_sha1;
 423			digestlen = ISC_SHA1_DIGESTLENGTH;
 424		}
 425		break;
 426	case DST_ALG_RSASHA256:
 427		{
 428			isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
 429
 430			isc_sha256_final(digest, sha256ctx);
 431			digestlen = ISC_SHA256_DIGESTLENGTH;
 432#if OPENSSL_VERSION_NUMBER < 0x00908000L
 433			prefix = sha256_prefix;
 434			prefixlen = sizeof(sha256_prefix);
 435#else
 436			type = NID_sha256;
 437#endif
 438		}
 439		break;
 440	case DST_ALG_RSASHA512:
 441		{
 442			isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
 443
 444			isc_sha512_final(digest, sha512ctx);
 445			digestlen = ISC_SHA512_DIGESTLENGTH;
 446#if OPENSSL_VERSION_NUMBER < 0x00908000L
 447			prefix = sha512_prefix;
 448			prefixlen = sizeof(sha512_prefix);
 449#else
 450			type = NID_sha512;
 451#endif
 452		}
 453		break;
 454	default:
 455		INSIST(0);
 456	}
 457
 458#if OPENSSL_VERSION_NUMBER < 0x00908000L
 459	switch (dctx->key->key_alg) {
 460	case DST_ALG_RSAMD5:
 461	case DST_ALG_RSASHA1:
 462	case DST_ALG_NSEC3RSASHA1:
 463		INSIST(type != 0);
 464		status = RSA_sign(type, digest, digestlen, r.base,
 465				  &siglen, rsa);
 466		break;
 467
 468	case DST_ALG_RSASHA256:
 469	case DST_ALG_RSASHA512:
 470		INSIST(prefix != NULL);
 471		INSIST(prefixlen != 0);
 472		INSIST(prefixlen + digestlen <= sizeof(digest));
 473
 474		memmove(digest + prefixlen, digest, digestlen);
 475		memcpy(digest, prefix, prefixlen);
 476		status = RSA_private_encrypt(digestlen + prefixlen,
 477					     digest, r.base, rsa,
 478					     RSA_PKCS1_PADDING);
 479		if (status < 0)
 480			status = 0;
 481		else
 482			siglen = status;
 483		break;
 484
 485	default:
 486		INSIST(0);
 487	}
 488#else
 489	INSIST(type != 0);
 490	status = RSA_sign(type, digest, digestlen, r.base, &siglen, rsa);
 491#endif
 492	if (status == 0) {
 493		err = ERR_peek_error_line(&file, &line);
 494		if (err != 0U) {
 495			message = ERR_error_string(err, NULL);
 496		}
 497		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 498	}
 499#endif
 500
 501	isc_buffer_add(sig, siglen);
 502
 503	return (ISC_R_SUCCESS);
 504}
 505
 506static isc_result_t
 507opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
 508	dst_key_t *key = dctx->key;
 509	int status = 0;
 510#if USE_EVP
 511	EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
 512	EVP_PKEY *pkey = key->keydata.pkey;
 513#else
 514	/* note: ISC_SHA512_DIGESTLENGTH >= ISC_*_DIGESTLENGTH */
 515	unsigned char digest[ISC_SHA512_DIGESTLENGTH];
 516	int type = 0;
 517	unsigned int digestlen = 0;
 518	RSA *rsa = key->keydata.rsa;
 519#if OPENSSL_VERSION_NUMBER < 0x00908000L
 520	unsigned int prefixlen = 0;
 521	const unsigned char *prefix = NULL;
 522#endif
 523#endif
 524
 525	REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
 526		dctx->key->key_alg == DST_ALG_RSASHA1 ||
 527		dctx->key->key_alg == DST_ALG_NSEC3RSASHA1 ||
 528		dctx->key->key_alg == DST_ALG_RSASHA256 ||
 529		dctx->key->key_alg == DST_ALG_RSASHA512);
 530
 531#if USE_EVP
 532	status = EVP_VerifyFinal(evp_md_ctx, sig->base, sig->length, pkey);
 533#else
 534	switch (dctx->key->key_alg) {
 535	case DST_ALG_RSAMD5:
 536		{
 537			isc_md5_t *md5ctx = dctx->ctxdata.md5ctx;
 538
 539			isc_md5_final(md5ctx, digest);
 540			type = NID_md5;
 541			digestlen = ISC_MD5_DIGESTLENGTH;
 542		}
 543		break;
 544	case DST_ALG_RSASHA1:
 545	case DST_ALG_NSEC3RSASHA1:
 546		{
 547			isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
 548
 549			isc_sha1_final(sha1ctx, digest);
 550			type = NID_sha1;
 551			digestlen = ISC_SHA1_DIGESTLENGTH;
 552		}
 553		break;
 554	case DST_ALG_RSASHA256:
 555		{
 556			isc_sha256_t *sha256ctx = dctx->ctxdata.sha256ctx;
 557
 558			isc_sha256_final(digest, sha256ctx);
 559			digestlen = ISC_SHA256_DIGESTLENGTH;
 560#if OPENSSL_VERSION_NUMBER < 0x00908000L
 561			prefix = sha256_prefix;
 562			prefixlen = sizeof(sha256_prefix);
 563#else
 564			type = NID_sha256;
 565#endif
 566		}
 567		break;
 568	case DST_ALG_RSASHA512:
 569		{
 570			isc_sha512_t *sha512ctx = dctx->ctxdata.sha512ctx;
 571
 572			isc_sha512_final(digest, sha512ctx);
 573			digestlen = ISC_SHA512_DIGESTLENGTH;
 574#if OPENSSL_VERSION_NUMBER < 0x00908000L
 575			prefix = sha512_prefix;
 576			prefixlen = sizeof(sha512_prefix);
 577#else
 578			type = NID_sha512;
 579#endif
 580		}
 581		break;
 582	default:
 583		INSIST(0);
 584	}
 585
 586	if (sig->length != (unsigned int) RSA_size(rsa))
 587		return (DST_R_VERIFYFAILURE);
 588
 589#if OPENSSL_VERSION_NUMBER < 0x00908000L
 590	switch (dctx->key->key_alg) {
 591	case DST_ALG_RSAMD5:
 592	case DST_ALG_RSASHA1:
 593	case DST_ALG_NSEC3RSASHA1:
 594		INSIST(type != 0);
 595		status = RSA_verify(type, digest, digestlen, sig->base,
 596				    RSA_size(rsa), rsa);
 597		break;
 598
 599	case DST_ALG_RSASHA256:
 600	case DST_ALG_RSASHA512:
 601		{
 602			/*
 603			 * 1024 is big enough for all valid RSA bit sizes
 604			 * for use with DNSSEC.
 605			 */
 606			unsigned char original[PREFIXLEN + 1024];
 607
 608			INSIST(prefix != NULL);
 609			INSIST(prefixlen != 0U);
 610
 611			if (RSA_size(rsa) > (int)sizeof(original))
 612				return (DST_R_VERIFYFAILURE);
 613
 614			status = RSA_public_decrypt(sig->length, sig->base,
 615						    original, rsa,
 616						    RSA_PKCS1_PADDING);
 617			if (status <= 0)
 618				return (DST_R_VERIFYFAILURE);
 619			if (status != (int)(prefixlen + digestlen))
 620				return (DST_R_VERIFYFAILURE);
 621			if (memcmp(original, prefix, prefixlen))
 622				return (DST_R_VERIFYFAILURE);
 623			if (memcmp(original + prefixlen, digest, digestlen))
 624				return (DST_R_VERIFYFAILURE);
 625			status = 1;
 626		}
 627		break;
 628
 629	default:
 630		INSIST(0);
 631	}
 632#else
 633	INSIST(type != 0);
 634	status = RSA_verify(type, digest, digestlen, sig->base,
 635			     RSA_size(rsa), rsa);
 636#endif
 637#endif
 638	if (status != 1)
 639		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
 640
 641	return (ISC_R_SUCCESS);
 642}
 643
 644static isc_boolean_t
 645opensslrsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
 646	int status;
 647	RSA *rsa1 = NULL, *rsa2 = NULL;
 648#if USE_EVP
 649	EVP_PKEY *pkey1, *pkey2;
 650#endif
 651
 652#if USE_EVP
 653	pkey1 = key1->keydata.pkey;
 654	pkey2 = key2->keydata.pkey;
 655	/*
 656	 * The pkey reference will keep these around after
 657	 * the RSA_free() call.
 658	 */
 659	if (pkey1 != NULL) {
 660		rsa1 = EVP_PKEY_get1_RSA(pkey1);
 661		RSA_free(rsa1);
 662	}
 663	if (pkey2 != NULL) {
 664		rsa2 = EVP_PKEY_get1_RSA(pkey2);
 665		RSA_free(rsa2);
 666	}
 667#else
 668	rsa1 = key1->keydata.rsa;
 669	rsa2 = key2->keydata.rsa;
 670#endif
 671
 672	if (rsa1 == NULL && rsa2 == NULL)
 673		return (ISC_TRUE);
 674	else if (rsa1 == NULL || rsa2 == NULL)
 675		return (ISC_FALSE);
 676
 677	status = BN_cmp(rsa1->n, rsa2->n) ||
 678		 BN_cmp(rsa1->e, rsa2->e);
 679
 680	if (status != 0)
 681		return (ISC_FALSE);
 682
 683#if USE_EVP
 684	if ((rsa1->flags & RSA_FLAG_EXT_PKEY) != 0 ||
 685	    (rsa2->flags & RSA_FLAG_EXT_PKEY) != 0) {
 686		if ((rsa1->flags & RSA_FLAG_EXT_PKEY) == 0 ||
 687		    (rsa2->flags & RSA_FLAG_EXT_PKEY) == 0)
 688			return (ISC_FALSE);
 689		/*
 690		 * Can't compare private parameters, BTW does it make sense?
 691		 */
 692		return (ISC_TRUE);
 693	}
 694#endif
 695
 696	if (rsa1->d != NULL || rsa2->d != NULL) {
 697		if (rsa1->d == NULL || rsa2->d == NULL)
 698			return (ISC_FALSE);
 699		status = BN_cmp(rsa1->d, rsa2->d) ||
 700			 BN_cmp(rsa1->p, rsa2->p) ||
 701			 BN_cmp(rsa1->q, rsa2->q);
 702
 703		if (status != 0)
 704			return (ISC_FALSE);
 705	}
 706	return (ISC_TRUE);
 707}
 708
 709#if OPENSSL_VERSION_NUMBER > 0x00908000L
 710static int
 711progress_cb(int p, int n, BN_GENCB *cb)
 712{
 713	union {
 714		void *dptr;
 715		void (*fptr)(int);
 716	} u;
 717
 718	UNUSED(n);
 719
 720	u.dptr = cb->arg;
 721	if (u.fptr != NULL)
 722		u.fptr(p);
 723	return (1);
 724}
 725#endif
 726
 727static isc_result_t
 728opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
 729#if OPENSSL_VERSION_NUMBER > 0x00908000L
 730	BN_GENCB cb;
 731	union {
 732		void *dptr;
 733		void (*fptr)(int);
 734	} u;
 735	RSA *rsa = RSA_new();
 736	BIGNUM *e = BN_new();
 737#if USE_EVP
 738	EVP_PKEY *pkey = EVP_PKEY_new();
 739#endif
 740
 741	if (rsa == NULL || e == NULL)
 742		goto err;
 743#if USE_EVP
 744	if (pkey == NULL)
 745		goto err;
 746	if (!EVP_PKEY_set1_RSA(pkey, rsa))
 747		goto err;
 748#endif
 749
 750	if (exp == 0) {
 751		/* RSA_F4 0x10001 */
 752		BN_set_bit(e, 0);
 753		BN_set_bit(e, 16);
 754	} else {
 755		/* F5 0x100000001 */
 756		BN_set_bit(e, 0);
 757		BN_set_bit(e, 32);
 758	}
 759
 760	if (callback == NULL) {
 761		BN_GENCB_set_old(&cb, NULL, NULL);
 762	} else {
 763		u.fptr = callback;
 764		BN_GENCB_set(&cb, &progress_cb, u.dptr);
 765	}
 766
 767	if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
 768		BN_free(e);
 769		SET_FLAGS(rsa);
 770#if USE_EVP
 771		key->keydata.pkey = pkey;
 772
 773		RSA_free(rsa);
 774#else
 775		key->keydata.rsa = rsa;
 776#endif
 777		return (ISC_R_SUCCESS);
 778	}
 779
 780err:
 781#if USE_EVP
 782	if (pkey != NULL)
 783		EVP_PKEY_free(pkey);
 784#endif
 785	if (e != NULL)
 786		BN_free(e);
 787	if (rsa != NULL)
 788		RSA_free(rsa);
 789	return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 790#else
 791	RSA *rsa;
 792	unsigned long e;
 793#if USE_EVP
 794	EVP_PKEY *pkey = EVP_PKEY_new();
 795
 796	UNUSED(callback);
 797
 798	if (pkey == NULL)
 799		return (ISC_R_NOMEMORY);
 800#else
 801	UNUSED(callback);
 802#endif
 803
 804	if (exp == 0)
 805	       e = RSA_F4;
 806	else
 807	       e = 0x40000003;
 808	rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
 809	if (rsa == NULL) {
 810#if USE_EVP
 811		EVP_PKEY_free(pkey);
 812#endif
 813		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 814	}
 815	SET_FLAGS(rsa);
 816#if USE_EVP
 817	if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
 818		EVP_PKEY_free(pkey);
 819		RSA_free(rsa);
 820		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 821	}
 822	key->keydata.pkey = pkey;
 823	RSA_free(rsa);
 824#else
 825	key->keydata.rsa = rsa;
 826#endif
 827
 828	return (ISC_R_SUCCESS);
 829#endif
 830}
 831
 832static isc_boolean_t
 833opensslrsa_isprivate(const dst_key_t *key) {
 834#if USE_EVP
 835	RSA *rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
 836	INSIST(rsa != NULL);
 837	RSA_free(rsa);
 838	/* key->keydata.pkey still has a reference so rsa is still valid. */
 839#else
 840	RSA *rsa = key->keydata.rsa;
 841#endif
 842	if (rsa != NULL && (rsa->flags & RSA_FLAG_EXT_PKEY) != 0)
 843		return (ISC_TRUE);
 844	return (ISC_TF(rsa != NULL && rsa->d != NULL));
 845}
 846
 847static void
 848opensslrsa_destroy(dst_key_t *key) {
 849#if USE_EVP
 850	EVP_PKEY *pkey = key->keydata.pkey;
 851	EVP_PKEY_free(pkey);
 852	key->keydata.pkey = NULL;
 853#else
 854	RSA *rsa = key->keydata.rsa;
 855	RSA_free(rsa);
 856	key->keydata.rsa = NULL;
 857#endif
 858}
 859
 860
 861static isc_result_t
 862opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data) {
 863	isc_region_t r;
 864	unsigned int e_bytes;
 865	unsigned int mod_bytes;
 866	isc_result_t ret;
 867	RSA *rsa;
 868#if USE_EVP
 869	EVP_PKEY *pkey;
 870#endif
 871
 872#if USE_EVP
 873	REQUIRE(key->keydata.pkey != NULL);
 874#else
 875	REQUIRE(key->keydata.rsa != NULL);
 876#endif
 877
 878#if USE_EVP
 879	pkey = key->keydata.pkey;
 880	rsa = EVP_PKEY_get1_RSA(pkey);
 881	if (rsa == NULL)
 882		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 883#else
 884	rsa = key->keydata.rsa;
 885#endif
 886
 887	isc_buffer_availableregion(data, &r);
 888
 889	e_bytes = BN_num_bytes(rsa->e);
 890	mod_bytes = BN_num_bytes(rsa->n);
 891
 892	if (e_bytes < 256) {	/*%< key exponent is <= 2040 bits */
 893		if (r.length < 1)
 894			DST_RET(ISC_R_NOSPACE);
 895		isc_buffer_putuint8(data, (isc_uint8_t) e_bytes);
 896		isc_region_consume(&r, 1);
 897	} else {
 898		if (r.length < 3)
 899			DST_RET(ISC_R_NOSPACE);
 900		isc_buffer_putuint8(data, 0);
 901		isc_buffer_putuint16(data, (isc_uint16_t) e_bytes);
 902		isc_region_consume(&r, 3);
 903	}
 904
 905	if (r.length < e_bytes + mod_bytes)
 906		DST_RET(ISC_R_NOSPACE);
 907
 908	BN_bn2bin(rsa->e, r.base);
 909	isc_region_consume(&r, e_bytes);
 910	BN_bn2bin(rsa->n, r.base);
 911
 912	isc_buffer_add(data, e_bytes + mod_bytes);
 913
 914	ret = ISC_R_SUCCESS;
 915 err:
 916#if USE_EVP
 917	if (rsa != NULL)
 918		RSA_free(rsa);
 919#endif
 920	return (ret);
 921}
 922
 923static isc_result_t
 924opensslrsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
 925	RSA *rsa;
 926	isc_region_t r;
 927	unsigned int e_bytes;
 928#if USE_EVP
 929	EVP_PKEY *pkey;
 930#endif
 931
 932	isc_buffer_remainingregion(data, &r);
 933	if (r.length == 0)
 934		return (ISC_R_SUCCESS);
 935
 936	rsa = RSA_new();
 937	if (rsa == NULL)
 938		return (dst__openssl_toresult(ISC_R_NOMEMORY));
 939	SET_FLAGS(rsa);
 940
 941	if (r.length < 1) {
 942		RSA_free(rsa);
 943		return (DST_R_INVALIDPUBLICKEY);
 944	}
 945	e_bytes = *r.base++;
 946	r.length--;
 947
 948	if (e_bytes == 0) {
 949		if (r.length < 2) {
 950			RSA_free(rsa);
 951			return (DST_R_INVALIDPUBLICKEY);
 952		}
 953		e_bytes = ((*r.base++) << 8);
 954		e_bytes += *r.base++;
 955		r.length -= 2;
 956	}
 957
 958	if (r.length < e_bytes) {
 959		RSA_free(rsa);
 960		return (DST_R_INVALIDPUBLICKEY);
 961	}
 962	rsa->e = BN_bin2bn(r.base, e_bytes, NULL);
 963	r.base += e_bytes;
 964	r.length -= e_bytes;
 965
 966	rsa->n = BN_bin2bn(r.base, r.length, NULL);
 967
 968	key->key_size = BN_num_bits(rsa->n);
 969
 970	isc_buffer_forward(data, r.length);
 971
 972#if USE_EVP
 973	pkey = EVP_PKEY_new();
 974	if (pkey == NULL) {
 975		RSA_free(rsa);
 976		return (ISC_R_NOMEMORY);
 977	}
 978	if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
 979		EVP_PKEY_free(pkey);
 980		RSA_free(rsa);
 981		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
 982	}
 983	key->keydata.pkey = pkey;
 984	RSA_free(rsa);
 985#else
 986	key->keydata.rsa = rsa;
 987#endif
 988
 989	return (ISC_R_SUCCESS);
 990}
 991
 992static isc_result_t
 993opensslrsa_tofile(const dst_key_t *key, const char *directory) {
 994	int i;
 995	RSA *rsa;
 996	dst_private_t priv;
 997	unsigned char *bufs[8];
 998	isc_result_t result;
 999
1000#if USE_EVP
1001	if (key->keydata.pkey == NULL)
1002		return (DST_R_NULLKEY);
1003	rsa = EVP_PKEY_get1_RSA(key->keydata.pkey);
1004	if (rsa == NULL)
1005		return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1006#else
1007	if (key->keydata.rsa == NULL)
1008		return (DST_R_NULLKEY);
1009	rsa = key->keydata.rsa;
1010#endif
1011
1012	for (i = 0; i < 8; i++) {
1013		bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(rsa->n));
1014		if (bufs[i] == NULL) {
1015			result = ISC_R_NOMEMORY;
1016			goto fail;
1017		}
1018	}
1019
1020	i = 0;
1021
1022	priv.elements[i].tag = TAG_RSA_MODULUS;
1023	priv.elements[i].length = BN_num_bytes(rsa->n);
1024	BN_bn2bin(rsa->n, bufs[i]);
1025	priv.elements[i].data = bufs[i];
1026	i++;
1027
1028	priv.elements[i].tag = TAG_RSA_PUBLICEXPONENT;
1029	priv.elements[i].length = BN_num_bytes(rsa->e);
1030	BN_bn2bin(rsa->e, bufs[i]);
1031	priv.elements[i].data = bufs[i];
1032	i++;
1033
1034	if (rsa->d != NULL) {
1035		priv.elements[i].tag = TAG_RSA_PRIVATEEXPONENT;
1036		priv.elements[i].length = BN_num_bytes(rsa->d);
1037		BN_bn2bin(rsa->d, bufs[i]);
1038		priv.elements[i].data = bufs[i];
1039		i++;
1040	}
1041
1042	if (rsa->p != NULL) {
1043		priv.elements[i].tag = TAG_RSA_PRIME1;
1044		priv.elements[i].length = BN_num_bytes(rsa->p);
1045		BN_bn2bin(rsa->p, bufs[i]);
1046		priv.elements[i].data = bufs[i];
1047		i++;
1048	}
1049
1050	if (rsa->q != NULL) {
1051		priv.elements[i].tag = TAG_RSA_PRIME2;
1052		priv.elements[i].length = BN_num_bytes(rsa->q);
1053		BN_bn2bin(rsa->q, bufs[i]);
1054		priv.elements[i].data = bufs[i];
1055		i++;
1056	}
1057
1058	if (rsa->dmp1 != NULL) {
1059		priv.elements[i].tag = TAG_RSA_EXPONENT1;
1060		priv.elements[i].length = BN_num_bytes(rsa->dmp1);
1061		BN_bn2bin(rsa->dmp1, bufs[i]);
1062		priv.elements[i].data = bufs[i];
1063		i++;
1064	}
1065
1066	if (rsa->dmq1 != NULL) {
1067		priv.elements[i].tag = TAG_RSA_EXPONENT2;
1068		priv.elements[i].length = BN_num_bytes(rsa->dmq1);
1069		BN_bn2bin(rsa->dmq1, bufs[i]);
1070		priv.elements[i].data = bufs[i];
1071		i++;
1072	}
1073
1074	if (rsa->iqmp != NULL) {
1075		priv.elements[i].tag = TAG_RSA_COEFFICIENT;
1076		priv.elements[i].length = BN_num_bytes(rsa->iqmp);
1077		BN_bn2bin(rsa->iqmp, bufs[i]);
1078		priv.elements[i].data = bufs[i];
1079		i++;
1080	}
1081
1082	if (key->engine != NULL) {
1083		priv.elements[i].tag = TAG_RSA_ENGINE;
1084		priv.elements[i].length = strlen(key->engine) + 1;
1085		priv.elements[i].data = (unsigned char *)key->engine;
1086		i++;
1087	}
1088
1089	if (key->label != NULL) {
1090		priv.elements[i].tag = TAG_RSA_LABEL;
1091		priv.elements[i].length = strlen(key->label) + 1;
1092		priv.elements[i].data = (unsigned char *)key->label;
1093		i++;
1094	}
1095
1096
1097	priv.nelements = i;
1098	result = dst__privstruct_writefile(key, &priv, directory);
1099 fail:
1100#if USE_EVP
1101	RSA_free(rsa);
1102#endif
1103	for (i = 0; i < 8; i++) {
1104		if (bufs[i] == NULL)
1105			break;
1106		isc_mem_put(key->mctx, bufs[i], BN_num_bytes(rsa->n));
1107	}
1108	return (result);
1109}
1110
1111static isc_result_t
1112rsa_check(RSA *rsa, RSA *pub)
1113{
1114	/* Public parameters should be the same but if they are not set
1115	 * copy them from the public key. */
1116	if (pub != NULL) {
1117		if (rsa->n != NULL) {
1118			if (BN_cmp(rsa->n, pub->n) != 0)
1119				return (DST_R_INVALIDPRIVATEKEY);
1120		} else {
1121			rsa->n = pub->n;
1122			pub->n = NULL;
1123		}
1124		if (rsa->e != NULL) {
1125			if (BN_cmp(rsa->e, pub->e) != 0)
1126				return (DST_R_INVALIDPRIVATEKEY);
1127		} else {
1128			rsa->e = pub->e;
1129			pub->e = NULL;
1130		}
1131	}
1132	if (rsa->n == NULL || rsa->e == NULL)
1133		return (DST_R_INVALIDPRIVATEKEY);
1134	return (ISC_R_SUCCESS);
1135}
1136
1137static isc_result_t
1138opensslrsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
1139	dst_private_t priv;
1140	isc_result_t ret;
1141	int i;
1142	RSA *rsa = NULL, *pubrsa = NULL;
1143#ifdef USE_ENGINE
1144	ENGINE *e = NULL;
1145#endif
1146	isc_mem_t *mctx = key->mctx;
1147	const char *engine = NULL, *label = NULL;
1148#if defined(USE_ENGINE) || USE_EVP
1149	EVP_PKEY *pkey = NULL;
1150#endif
1151
1152#if USE_EVP
1153	if (pub != NULL && pub->keydata.pkey != NULL)
1154		pubrsa = EVP_PKEY_get1_RSA(pub->keydata.pkey);
1155#else
1156	if (pub != NULL && pub->keydata.rsa != NULL) {
1157		pubrsa = pub->keydata.rsa;
1158		pub->keydata.rsa = NULL;
1159	}
1160#endif
1161
1162	/* read private key file */
1163	ret = dst__privstruct_parse(key, DST_ALG_RSA, lexer, mctx, &priv);
1164	if (ret != ISC_R_SUCCESS)
1165		return (ret);
1166
1167	for (i = 0; i < priv.nelements; i++) {
1168		switch (priv.elements[i].tag) {
1169		case TAG_RSA_ENGINE:
1170			engine = (char *)priv.elements[i].data;
1171			break;
1172		case TAG_RSA_LABEL:
1173			label = (char *)priv.elements[i].data;
1174			break;
1175		default:
1176			break;
1177		}
1178	}
1179	/*
1180	 * Is this key is stored in a HSM?
1181	 * See if we can fetch it.
1182	 */
1183	if (label != NULL) {
1184#ifdef USE_ENGINE
1185		if (engine == NULL)
1186			DST_RET(DST_R_NOENGINE);
1187		e = dst__openssl_getengine(engine);
1188		if (e == NULL)
1189			DST_RET(DST_R_NOENGINE);
1190		pkey = ENGINE_load_private_key(e, label, NULL, NULL);
1191		if (pkey == NULL) {
1192			/* ERR_print_errors_fp(stderr); */
1193			DST_RET(ISC_R_NOTFOUND);
1194		}
1195		key->engine = isc_mem_strdup(key->mctx, engine);
1196		if (key->engine == NULL)
1197			DST_RET(ISC_R_NOMEMORY);
1198		key->label = isc_mem_strdup(key->mctx, label);
1199		if (key->label == NULL)
1200			DST_RET(ISC_R_NOMEMORY);
1201		rsa = EVP_PKEY_get1_RSA(pkey);
1202		if (rsa == NULL)
1203			DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1204		if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
1205			DST_RET(DST_R_INVALIDPRIVATEKEY);
1206		if (pubrsa != NULL)
1207			RSA_free(pubrsa);
1208		key->key_size = EVP_PKEY_bits(pkey);
1209#if USE_EVP
1210		key->keydata.pkey = pkey;
1211		RSA_free(rsa);
1212#else
1213		key->keydata.rsa = rsa;
1214		EVP_PKEY_free(pkey);
1215#endif
1216		dst__privstruct_free(&priv, mctx);
1217		memset(&priv, 0, sizeof(priv));
1218		return (ISC_R_SUCCESS);
1219#else
1220		DST_RET(DST_R_NOENGINE);
1221#endif
1222	}
1223
1224	rsa = RSA_new();
1225	if (rsa == NULL)
1226		DST_RET(ISC_R_NOMEMORY);
1227	SET_FLAGS(rsa);
1228
1229#if USE_EVP
1230	pkey = EVP_PKEY_new();
1231	if (pkey == NULL)
1232		DST_RET(ISC_R_NOMEMORY);
1233	if (!EVP_PKEY_set1_RSA(pkey, rsa))
1234		DST_RET(ISC_R_FAILURE);
1235	key->keydata.pkey = pkey;
1236#else
1237	key->keydata.rsa = rsa;
1238#endif
1239
1240	for (i = 0; i < priv.nelements; i++) {
1241		BIGNUM *bn;
1242		switch (priv.elements[i].tag) {
1243		case TAG_RSA_ENGINE:
1244			continue;
1245		case TAG_RSA_LABEL:
1246			continue;
1247		case TAG_RSA_PIN:
1248			continue;
1249		default:
1250			bn = BN_bin2bn(priv.elements[i].data,
1251				       priv.elements[i].length, NULL);
1252			if (bn == NULL)
1253				DST_RET(ISC_R_NOMEMORY);
1254		}
1255
1256		switch (priv.elements[i].tag) {
1257			case TAG_RSA_MODULUS:
1258				rsa->n = bn;
1259				break;
1260			case TAG_RSA_PUBLICEXPONENT:
1261				rsa->e = bn;
1262				break;
1263			case TAG_RSA_PRIVATEEXPONENT:
1264				rsa->d = bn;
1265				break;
1266			case TAG_RSA_PRIME1:
1267				rsa->p = bn;
1268				break;
1269			case TAG_RSA_PRIME2:
1270				rsa->q = bn;
1271				break;
1272			case TAG_RSA_EXPONENT1:
1273				rsa->dmp1 = bn;
1274				break;
1275			case TAG_RSA_EXPONENT2:
1276				rsa->dmq1 = bn;
1277				break;
1278			case TAG_RSA_COEFFICIENT:
1279				rsa->iqmp = bn;
1280				break;
1281		}
1282	}
1283	dst__privstruct_free(&priv, mctx);
1284	memset(&priv, 0, sizeof(priv));
1285
1286	if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
1287		DST_RET(DST_R_INVALIDPRIVATEKEY);
1288	key->key_size = BN_num_bits(rsa->n);
1289	if (pubrsa != NULL)
1290		RSA_free(pubrsa);
1291#if USE_EVP
1292	RSA_free(rsa);
1293#endif
1294
1295	return (ISC_R_SUCCESS);
1296
1297 err:
1298#if USE_EVP
1299	if (pkey != NULL)
1300		EVP_PKEY_free(pkey);
1301#endif
1302	if (rsa != NULL)
1303		RSA_free(rsa);
1304	if (pubrsa != NULL)
1305		RSA_free(pubrsa);
1306	opensslrsa_destroy(key);
1307	dst__privstruct_free(&priv, mctx);
1308	memset(&priv, 0, sizeof(priv));
1309	return (ret);
1310}
1311
1312static isc_result_t
1313opensslrsa_fromlabel(dst_key_t *key, const char *engine, const char *label,
1314		     const char *pin)
1315{
1316#ifdef USE_ENGINE
1317	ENGINE *e = NULL;
1318	isc_result_t ret;
1319	EVP_PKEY *pkey = NULL;
1320	RSA *rsa = NULL, *pubrsa = NULL;
1321	char *colon;
1322
1323	UNUSED(pin);
1324
1325	if (engine == NULL)
1326		DST_RET(DST_R_NOENGINE);
1327	e = dst__openssl_getengine(engine);
1328	if (e == NULL)
1329		DST_RET(DST_R_NOENGINE);
1330	pkey = ENGINE_load_public_key(e, label, NULL, NULL);
1331	if (pkey != NULL) {
1332		pubrsa = EVP_PKEY_get1_RSA(pkey);
1333		EVP_PKEY_free(pkey);
1334		if (pubrsa == NULL)
1335			DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1336	}
1337	pkey = ENGINE_load_private_key(e, label, NULL, NULL);
1338	if (pkey == NULL)
1339		DST_RET(ISC_R_NOTFOUND);
1340	if (engine != NULL) {
1341		key->engine = isc_mem_strdup(key->mctx, engine);
1342		if (key->engine == NULL)
1343			DST_RET(ISC_R_NOMEMORY);
1344	} else {
1345		key->engine = isc_mem_strdup(key->mctx, label);
1346		if (key->engine == NULL)
1347			DST_RET(ISC_R_NOMEMORY);
1348		colon = strchr(key->engine, ':');
1349		if (colon != NULL)
1350			*colon = '\0';
1351	}
1352	key->label = isc_mem_strdup(key->mctx, label);
1353	if (key->label == NULL)
1354		DST_RET(ISC_R_NOMEMORY);
1355	rsa = EVP_PKEY_get1_RSA(pkey);
1356	if (rsa == NULL)
1357		DST_RET(dst__openssl_toresult(DST_R_OPENSSLFAILURE));
1358	if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
1359		DST_RET(DST_R_INVALIDPRIVATEKEY);
1360	if (pubrsa != NULL)
1361		RSA_free(pubrsa);
1362	key->key_size = EVP_PKEY_bits(pkey);
1363#if USE_EVP
1364	key->keydata.pkey = pkey;
1365	RSA_free(rsa);
1366#else
1367	key->keydata.rsa = rsa;
1368	EVP_PKEY_free(pkey);
1369#endif
1370	return (ISC_R_SUCCESS);
1371
1372 err:
1373	if (rsa != NULL)
1374		RSA_free(rsa);
1375	if (pubrsa != NULL)
1376		RSA_free(pubrsa);
1377	if (pkey != NULL)
1378		EVP_PKEY_free(pkey);
1379	return (ret);
1380#else
1381	UNUSED(key);
1382	UNUSED(engine);
1383	UNUSED(label);
1384	UNUSED(pin);
1385	return(DST_R_NOENGINE);
1386#endif
1387}
1388
1389static dst_func_t opensslrsa_functions = {
1390	opensslrsa_createctx,
1391	opensslrsa_destroyctx,
1392	opensslrsa_adddata,
1393	opensslrsa_sign,
1394	opensslrsa_verify,
1395	NULL, /*%< computesecret */
1396	opensslrsa_compare,
1397	NULL, /*%< paramcompare */
1398	opensslrsa_generate,
1399	opensslrsa_isprivate,
1400	opensslrsa_destroy,
1401	opensslrsa_todns,
1402	opensslrsa_fromdns,
1403	opensslrsa_tofile,
1404	opensslrsa_parse,
1405	NULL, /*%< cleanup */
1406	opensslrsa_fromlabel,
1407	NULL, /*%< dump */
1408	NULL, /*%< restore */
1409};
1410
1411isc_result_t
1412dst__opensslrsa_init(dst_func_t **funcp, unsigned char algorithm) {
1413	REQUIRE(funcp != NULL);
1414
1415	if (*funcp == NULL) {
1416		switch (algorithm) {
1417		case DST_ALG_RSASHA256:
1418#if defined(HAVE_EVP_SHA256) || !USE_EVP
1419			*funcp = &opensslrsa_functions;
1420#endif
1421			break;
1422		case DST_ALG_RSASHA512:
1423#if defined(HAVE_EVP_SHA512) || !USE_EVP
1424			*funcp = &opensslrsa_functions;
1425#endif
1426			break;
1427		default:
1428			*funcp = &opensslrsa_functions;
1429			break;
1430		}
1431	}
1432	return (ISC_R_SUCCESS);
1433}
1434
1435#else /* OPENSSL */
1436
1437#include <isc/util.h>
1438
1439EMPTY_TRANSLATION_UNIT
1440
1441#endif /* OPENSSL */
1442/*! \file */