GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/crypto/../../libssl/src/crypto/rsa/rsa_pmeth.c Lines: 73 275 26.5 %
Date: 2016-12-06 Branches: 20 194 10.3 %

Line Branch Exec Source
1
/* $OpenBSD: rsa_pmeth.c,v 1.17 2015/06/20 01:07:25 doug Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 2006.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <limits.h>
60
#include <stdio.h>
61
#include <string.h>
62
63
#include <openssl/opensslconf.h>
64
65
#include <openssl/asn1t.h>
66
#include <openssl/bn.h>
67
#include <openssl/err.h>
68
#include <openssl/evp.h>
69
#include <openssl/rsa.h>
70
#include <openssl/x509.h>
71
72
#ifndef OPENSSL_NO_CMS
73
#include <openssl/cms.h>
74
#endif
75
76
#include "evp_locl.h"
77
#include "rsa_locl.h"
78
79
/* RSA pkey context structure */
80
81
typedef struct {
82
	/* Key gen parameters */
83
	int nbits;
84
	BIGNUM *pub_exp;
85
	/* Keygen callback info */
86
	int gentmp[2];
87
	/* RSA padding mode */
88
	int pad_mode;
89
	/* message digest */
90
	const EVP_MD *md;
91
	/* message digest for MGF1 */
92
	const EVP_MD *mgf1md;
93
	/* PSS/OAEP salt length */
94
	int saltlen;
95
	/* Temp buffer */
96
	unsigned char *tbuf;
97
} RSA_PKEY_CTX;
98
99
static int
100
pkey_rsa_init(EVP_PKEY_CTX *ctx)
101
19
{
102
	RSA_PKEY_CTX *rctx;
103
104
19
	rctx = malloc(sizeof(RSA_PKEY_CTX));
105
19
	if (!rctx)
106
		return 0;
107
19
	rctx->nbits = 2048;
108
19
	rctx->pub_exp = NULL;
109
19
	rctx->pad_mode = RSA_PKCS1_PADDING;
110
19
	rctx->md = NULL;
111
19
	rctx->mgf1md = NULL;
112
19
	rctx->tbuf = NULL;
113
114
19
	rctx->saltlen = -2;
115
116
19
	ctx->data = rctx;
117
19
	ctx->keygen_info = rctx->gentmp;
118
19
	ctx->keygen_info_count = 2;
119
120
19
	return 1;
121
}
122
123
static int
124
pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
125
7
{
126
	RSA_PKEY_CTX *dctx, *sctx;
127
128
7
	if (!pkey_rsa_init(dst))
129
		return 0;
130
7
	sctx = src->data;
131
7
	dctx = dst->data;
132
7
	dctx->nbits = sctx->nbits;
133
7
	if (sctx->pub_exp) {
134
		dctx->pub_exp = BN_dup(sctx->pub_exp);
135
		if (!dctx->pub_exp)
136
			return 0;
137
	}
138
7
	dctx->pad_mode = sctx->pad_mode;
139
7
	dctx->md = sctx->md;
140
7
	return 1;
141
}
142
143
static int
144
setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
145
{
146
	if (ctx->tbuf)
147
		return 1;
148
	ctx->tbuf = malloc(EVP_PKEY_size(pk->pkey));
149
	if (!ctx->tbuf)
150
		return 0;
151
	return 1;
152
}
153
154
static void
155
pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
156
19
{
157
19
	RSA_PKEY_CTX *rctx = ctx->data;
158
159
19
	if (rctx) {
160
19
		BN_free(rctx->pub_exp);
161
19
		free(rctx->tbuf);
162
19
		free(rctx);
163
	}
164
19
}
165
166
static int
167
pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
168
    const unsigned char *tbs, size_t tbslen)
169
2
{
170
	int ret;
171
2
	RSA_PKEY_CTX *rctx = ctx->data;
172
2
	RSA *rsa = ctx->pkey->pkey.rsa;
173
174
2
	if (rctx->md) {
175
2
		if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
176
			RSAerr(RSA_F_PKEY_RSA_SIGN,
177
			    RSA_R_INVALID_DIGEST_LENGTH);
178
			return -1;
179
		}
180
181
2
		if (rctx->pad_mode == RSA_X931_PADDING) {
182
			if (!setup_tbuf(rctx, ctx))
183
				return -1;
184
			memcpy(rctx->tbuf, tbs, tbslen);
185
			rctx->tbuf[tbslen] =
186
			    RSA_X931_hash_id(EVP_MD_type(rctx->md));
187
			ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig,
188
			    rsa, RSA_X931_PADDING);
189
2
		} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
190
			unsigned int sltmp;
191
192
2
			ret = RSA_sign(EVP_MD_type(rctx->md), tbs, tbslen, sig,
193
			    &sltmp, rsa);
194
2
			if (ret <= 0)
195
				return ret;
196
2
			ret = sltmp;
197
		} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
198
			if (!setup_tbuf(rctx, ctx))
199
				return -1;
200
			if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf,
201
			    tbs, rctx->md, rctx->mgf1md, rctx->saltlen))
202
				return -1;
203
			ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
204
			    sig, rsa, RSA_NO_PADDING);
205
		} else
206
			return -1;
207
	} else
208
		ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
209
		    rctx->pad_mode);
210
2
	if (ret < 0)
211
		return ret;
212
2
	*siglen = ret;
213
2
	return 1;
214
}
215
216
static int
217
pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
218
    const unsigned char *sig, size_t siglen)
219
{
220
	int ret;
221
	RSA_PKEY_CTX *rctx = ctx->data;
222
223
	if (rctx->md) {
224
		if (rctx->pad_mode == RSA_X931_PADDING) {
225
			if (!setup_tbuf(rctx, ctx))
226
				return -1;
227
			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
228
			    ctx->pkey->pkey.rsa, RSA_X931_PADDING);
229
			if (ret < 1)
230
				return 0;
231
			ret--;
232
			if (rctx->tbuf[ret] !=
233
				RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
234
				RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
235
				    RSA_R_ALGORITHM_MISMATCH);
236
				return 0;
237
			}
238
			if (ret != EVP_MD_size(rctx->md)) {
239
				RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
240
				    RSA_R_INVALID_DIGEST_LENGTH);
241
				return 0;
242
			}
243
			if (rout)
244
				memcpy(rout, rctx->tbuf, ret);
245
		} else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
246
			size_t sltmp;
247
248
			ret = int_rsa_verify(EVP_MD_type(rctx->md), NULL, 0,
249
			    rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa);
250
			if (ret <= 0)
251
				return 0;
252
			ret = sltmp;
253
		} else
254
			return -1;
255
	} else
256
		ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
257
		    rctx->pad_mode);
258
	if (ret < 0)
259
		return ret;
260
	*routlen = ret;
261
	return 1;
262
}
263
264
static int
265
pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
266
    const unsigned char *tbs, size_t tbslen)
267
8
{
268
8
	RSA_PKEY_CTX *rctx = ctx->data;
269
8
	RSA *rsa = ctx->pkey->pkey.rsa;
270
	size_t rslen;
271
272
8
	if (rctx->md) {
273
8
		if (rctx->pad_mode == RSA_PKCS1_PADDING)
274
8
			return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
275
			    sig, siglen, rsa);
276
		if (rctx->pad_mode == RSA_X931_PADDING) {
277
			if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig,
278
			    siglen) <= 0)
279
				return 0;
280
		} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
281
			int ret;
282
283
			if (!setup_tbuf(rctx, ctx))
284
				return -1;
285
			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
286
			    rsa, RSA_NO_PADDING);
287
			if (ret <= 0)
288
				return 0;
289
			ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md,
290
			    rctx->mgf1md, rctx->tbuf, rctx->saltlen);
291
			if (ret <= 0)
292
				return 0;
293
			return 1;
294
		} else
295
			return -1;
296
	} else {
297
		if (!setup_tbuf(rctx, ctx))
298
			return -1;
299
		rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa,
300
		    rctx->pad_mode);
301
		if (rslen == 0)
302
			return 0;
303
	}
304
305
	if (rslen != tbslen || memcmp(tbs, rctx->tbuf, rslen))
306
		return 0;
307
308
	return 1;
309
}
310
311
static int
312
pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
313
    const unsigned char *in, size_t inlen)
314
1
{
315
	int ret;
316
1
	RSA_PKEY_CTX *rctx = ctx->data;
317
318
1
	ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
319
	    rctx->pad_mode);
320
1
	if (ret < 0)
321
		return ret;
322
1
	*outlen = ret;
323
1
	return 1;
324
}
325
326
static int
327
pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
328
    const unsigned char *in, size_t inlen)
329
1
{
330
	int ret;
331
1
	RSA_PKEY_CTX *rctx = ctx->data;
332
333
1
	ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
334
	    rctx->pad_mode);
335
1
	if (ret < 0)
336
		return ret;
337
1
	*outlen = ret;
338
1
	return 1;
339
}
340
341
static int
342
check_padding_md(const EVP_MD *md, int padding)
343
10
{
344
10
	if (!md)
345
		return 1;
346
347
10
	if (padding == RSA_NO_PADDING) {
348
		RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
349
		return 0;
350
	}
351
352
10
	if (padding == RSA_X931_PADDING) {
353
		if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {
354
			RSAerr(RSA_F_CHECK_PADDING_MD,
355
			    RSA_R_INVALID_X931_DIGEST);
356
			return 0;
357
		}
358
		return 1;
359
	}
360
361
10
	return 1;
362
}
363
364
static int
365
pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
366
23
{
367
23
	RSA_PKEY_CTX *rctx = ctx->data;
368
369


23
	switch (type) {
370
	case EVP_PKEY_CTRL_RSA_PADDING:
371
		if (p1 >= RSA_PKCS1_PADDING && p1 <= RSA_PKCS1_PSS_PADDING) {
372
			if (!check_padding_md(rctx->md, p1))
373
				return 0;
374
			if (p1 == RSA_PKCS1_PSS_PADDING) {
375
				if (!(ctx->operation &
376
				    (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
377
					goto bad_pad;
378
				if (!rctx->md)
379
					rctx->md = EVP_sha1();
380
			}
381
			if (p1 == RSA_PKCS1_OAEP_PADDING) {
382
				if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
383
					goto bad_pad;
384
				if (!rctx->md)
385
					rctx->md = EVP_sha1();
386
			}
387
			rctx->pad_mode = p1;
388
			return 1;
389
		}
390
bad_pad:
391
		RSAerr(RSA_F_PKEY_RSA_CTRL,
392
		    RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
393
		return -2;
394
395
	case EVP_PKEY_CTRL_GET_RSA_PADDING:
396
		*(int *)p2 = rctx->pad_mode;
397
		return 1;
398
399
	case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
400
	case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
401
		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
402
			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
403
			return -2;
404
		}
405
		if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
406
			*(int *)p2 = rctx->saltlen;
407
		else {
408
			if (p1 < -2)
409
				return -2;
410
			rctx->saltlen = p1;
411
		}
412
		return 1;
413
414
	case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
415
		if (p1 < 256) {
416
			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
417
			return -2;
418
		}
419
		rctx->nbits = p1;
420
		return 1;
421
422
	case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
423
		if (!p2)
424
			return -2;
425
		rctx->pub_exp = p2;
426
		return 1;
427
428
	case EVP_PKEY_CTRL_MD:
429
10
		if (!check_padding_md(p2, rctx->pad_mode))
430
			return 0;
431
10
		rctx->md = p2;
432
10
		return 1;
433
434
	case EVP_PKEY_CTRL_RSA_MGF1_MD:
435
	case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
436
		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
437
			RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
438
			return -2;
439
		}
440
		if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
441
			if (rctx->mgf1md)
442
				*(const EVP_MD **)p2 = rctx->mgf1md;
443
			else
444
				*(const EVP_MD **)p2 = rctx->md;
445
		} else
446
			rctx->mgf1md = p2;
447
		return 1;
448
449
	case EVP_PKEY_CTRL_DIGESTINIT:
450
	case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
451
	case EVP_PKEY_CTRL_PKCS7_DECRYPT:
452
	case EVP_PKEY_CTRL_PKCS7_SIGN:
453
13
		return 1;
454
#ifndef OPENSSL_NO_CMS
455
	case EVP_PKEY_CTRL_CMS_DECRYPT:
456
		{
457
			X509_ALGOR *alg = NULL;
458
			ASN1_OBJECT *encalg = NULL;
459
460
			if (p2)
461
				CMS_RecipientInfo_ktri_get0_algs(p2, NULL,
462
				    NULL, &alg);
463
			if (alg)
464
				X509_ALGOR_get0(&encalg, NULL, NULL, alg);
465
			if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
466
				rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
467
		}
468
		/* FALLTHROUGH */
469
470
	case EVP_PKEY_CTRL_CMS_ENCRYPT:
471
	case EVP_PKEY_CTRL_CMS_SIGN:
472
		return 1;
473
#endif
474
	case EVP_PKEY_CTRL_PEER_KEY:
475
		RSAerr(RSA_F_PKEY_RSA_CTRL,
476
		    RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
477
		return -2;
478
479
	default:
480
		return -2;
481
	}
482
}
483
484
static int
485
pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
486
{
487
	long lval;
488
	char *ep;
489
490
	if (!value) {
491
		RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
492
		return 0;
493
	}
494
	if (!strcmp(type, "rsa_padding_mode")) {
495
		int pm;
496
		if (!strcmp(value, "pkcs1"))
497
			pm = RSA_PKCS1_PADDING;
498
		else if (!strcmp(value, "sslv23"))
499
			pm = RSA_SSLV23_PADDING;
500
		else if (!strcmp(value, "none"))
501
			pm = RSA_NO_PADDING;
502
		else if (!strcmp(value, "oeap"))
503
			pm = RSA_PKCS1_OAEP_PADDING;
504
		else if (!strcmp(value, "oaep"))
505
			pm = RSA_PKCS1_OAEP_PADDING;
506
		else if (!strcmp(value, "x931"))
507
			pm = RSA_X931_PADDING;
508
		else if (!strcmp(value, "pss"))
509
			pm = RSA_PKCS1_PSS_PADDING;
510
		else {
511
			RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
512
			    RSA_R_UNKNOWN_PADDING_TYPE);
513
			return -2;
514
		}
515
		return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
516
	}
517
518
	if (!strcmp(type, "rsa_pss_saltlen")) {
519
		int saltlen;
520
521
		errno = 0;
522
		lval = strtol(value, &ep, 10);
523
		if (value[0] == '\0' || *ep != '\0')
524
			goto not_a_number;
525
		if ((errno == ERANGE &&
526
		    (lval == LONG_MAX || lval == LONG_MIN)) ||
527
		    (lval > INT_MAX || lval < INT_MIN))
528
			goto out_of_range;
529
		saltlen = lval;
530
		return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
531
	}
532
533
	if (!strcmp(type, "rsa_keygen_bits")) {
534
		int nbits;
535
536
		errno = 0;
537
		lval = strtol(value, &ep, 10);
538
		if (value[0] == '\0' || *ep != '\0')
539
			goto not_a_number;
540
		if ((errno == ERANGE &&
541
		    (lval == LONG_MAX || lval == LONG_MIN)) ||
542
		    (lval > INT_MAX || lval < INT_MIN))
543
			goto out_of_range;
544
		nbits = lval;
545
		return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
546
	}
547
548
	if (!strcmp(type, "rsa_keygen_pubexp")) {
549
		int ret;
550
		BIGNUM *pubexp = NULL;
551
552
		if (!BN_asc2bn(&pubexp, value))
553
			return 0;
554
		ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
555
		if (ret <= 0)
556
			BN_free(pubexp);
557
		return ret;
558
	}
559
560
not_a_number:
561
out_of_range:
562
	return -2;
563
}
564
565
static int
566
pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
567
{
568
	RSA *rsa = NULL;
569
	RSA_PKEY_CTX *rctx = ctx->data;
570
	BN_GENCB *pcb, cb;
571
	int ret;
572
573
	if (!rctx->pub_exp) {
574
		rctx->pub_exp = BN_new();
575
		if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
576
			return 0;
577
	}
578
	rsa = RSA_new();
579
	if (!rsa)
580
		return 0;
581
	if (ctx->pkey_gencb) {
582
		pcb = &cb;
583
		evp_pkey_set_cb_translate(pcb, ctx);
584
	} else
585
		pcb = NULL;
586
	ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
587
	if (ret > 0)
588
		EVP_PKEY_assign_RSA(pkey, rsa);
589
	else
590
		RSA_free(rsa);
591
	return ret;
592
}
593
594
const EVP_PKEY_METHOD rsa_pkey_meth = {
595
	.pkey_id = EVP_PKEY_RSA,
596
	.flags = EVP_PKEY_FLAG_AUTOARGLEN,
597
598
	.init = pkey_rsa_init,
599
	.copy = pkey_rsa_copy,
600
	.cleanup = pkey_rsa_cleanup,
601
602
	.keygen = pkey_rsa_keygen,
603
604
	.sign = pkey_rsa_sign,
605
606
	.verify = pkey_rsa_verify,
607
608
	.verify_recover = pkey_rsa_verifyrecover,
609
610
	.encrypt = pkey_rsa_encrypt,
611
612
	.decrypt = pkey_rsa_decrypt,
613
614
	.ctrl = pkey_rsa_ctrl,
615
	.ctrl_str = pkey_rsa_ctrl_str
616
};