![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to openssl_rsa_private_key.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / openssl|
Return to openssl_rsa_private_key.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / openssl |
1.1 misho 1: /*
2: * Copyright (C) 2008-2017 Tobias Brunner
3: * Copyright (C) 2009 Martin Willi
4: * HSR Hochschule fuer Technik Rapperswil
5: *
6: * This program is free software; you can redistribute it and/or modify it
7: * under the terms of the GNU General Public License as published by the
8: * Free Software Foundation; either version 2 of the License, or (at your
9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10: *
11: * This program is distributed in the hope that it will be useful, but
12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14: * for more details.
15: */
16:
17: #include <openssl/opensslconf.h>
18:
19: #ifndef OPENSSL_NO_RSA
20:
21: #include "openssl_rsa_private_key.h"
22: #include "openssl_rsa_public_key.h"
23: #include "openssl_hasher.h"
24: #include "openssl_util.h"
25:
26: #include <utils/debug.h>
27: #include <credentials/keys/signature_params.h>
28:
29: #include <openssl/bn.h>
30: #include <openssl/evp.h>
31: #include <openssl/rsa.h>
32:
33: /**
34: * Public exponent to use for key generation.
35: */
36: #define PUBLIC_EXPONENT 0x10001
37:
38: #if OPENSSL_VERSION_NUMBER < 0x10100000L
39: OPENSSL_KEY_FALLBACK(RSA, key, n, e, d)
40: OPENSSL_KEY_FALLBACK(RSA, factors, p, q)
41: OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp)
42: #define BN_secure_new() BN_new()
43: #endif
44:
45: typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
46:
47: /**
48: * Private data of a openssl_rsa_private_key_t object.
49: */
50: struct private_openssl_rsa_private_key_t {
51: /**
52: * Public interface for this signer.
53: */
54: openssl_rsa_private_key_t public;
55:
56: /**
57: * RSA object from OpenSSL
58: */
59: RSA *rsa;
60:
61: /**
62: * TRUE if the key is from an OpenSSL ENGINE and might not be readable
63: */
64: bool engine;
65:
66: /**
67: * reference count
68: */
69: refcount_t ref;
70: };
71:
72: /* implemented in rsa public key */
73: bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp);
74:
75: #if OPENSSL_VERSION_NUMBER >= 0x10000000L
76:
77: /**
78: * Build RSA signature
79: */
80: static bool build_signature(private_openssl_rsa_private_key_t *this,
81: const EVP_MD *md, rsa_pss_params_t *pss,
82: chunk_t data, chunk_t *sig)
83: {
84: EVP_PKEY_CTX *pctx = NULL;
85: EVP_MD_CTX *mctx = NULL;
86: EVP_PKEY *key;
87: bool success = FALSE;
88:
89: mctx = EVP_MD_CTX_create();
90: key = EVP_PKEY_new();
91: if (!mctx || !key)
92: {
93: goto error;
94: }
95: if (!EVP_PKEY_set1_RSA(key, this->rsa))
96: {
97: goto error;
98: }
99: if (EVP_DigestSignInit(mctx, &pctx, md, NULL, key) <= 0)
100: {
101: goto error;
102: }
103: if (pss)
104: {
105: const EVP_MD *mgf1md = openssl_get_md(pss->mgf1_hash);
106: if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 ||
107: EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, pss->salt_len) <= 0 ||
108: EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md) <= 0)
109: {
110: goto error;
111: }
112: }
113: if (EVP_DigestSignUpdate(mctx, data.ptr, data.len) <= 0)
114: {
115: goto error;
116: }
117: success = (EVP_DigestSignFinal(mctx, sig->ptr, &sig->len) == 1);
118:
119: error:
120: if (key)
121: {
122: EVP_PKEY_free(key);
123: }
124: if (mctx)
125: {
126: EVP_MD_CTX_destroy(mctx);
127: }
128: return success;
129: }
130:
131: /**
132: * Build an EMSA PKCS1 signature described in PKCS#1
133: */
134: static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
135: int type, chunk_t data, chunk_t *sig)
136: {
137: const EVP_MD *md;
138:
139: *sig = chunk_alloc(RSA_size(this->rsa));
140:
141: if (type == NID_undef)
142: {
143: if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa,
144: RSA_PKCS1_PADDING) == sig->len)
145: {
146: return TRUE;
147: }
148: }
149: else
150: {
151: md = EVP_get_digestbynid(type);
152: if (md && build_signature(this, md, NULL, data, sig))
153: {
154: return TRUE;
155: }
156: }
157: chunk_free(sig);
158: return FALSE;
159: }
160:
161: /**
162: * Build an EMSA PSS signature described in PKCS#1
163: */
164: static bool build_emsa_pss_signature(private_openssl_rsa_private_key_t *this,
165: rsa_pss_params_t *params, chunk_t data,
166: chunk_t *sig)
167: {
168: const EVP_MD *md;
169:
170: if (!params)
171: {
172: return FALSE;
173: }
174:
175: *sig = chunk_alloc(RSA_size(this->rsa));
176:
177: md = openssl_get_md(params->hash);
178: if (md && build_signature(this, md, params, data, sig))
179: {
180: return TRUE;
181: }
182: chunk_free(sig);
183: return FALSE;
184: }
185:
186: #else /* OPENSSL_VERSION_NUMBER < 1.0 */
187:
188: /**
189: * Build an EMSA PKCS1 signature described in PKCS#1
190: */
191: static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
192: int type, chunk_t data, chunk_t *sig)
193: {
194: bool success = FALSE;
195:
196: *sig = chunk_alloc(RSA_size(this->rsa));
197:
198: if (type == NID_undef)
199: {
200: if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa,
201: RSA_PKCS1_PADDING) == sig->len)
202: {
203: success = TRUE;
204: }
205: }
206: else
207: {
208: EVP_MD_CTX *ctx = NULL;
209: EVP_PKEY *key = NULL;
210: const EVP_MD *hasher;
211: u_int len;
212:
213: hasher = EVP_get_digestbynid(type);
214: if (!hasher)
215: {
216: goto error;
217: }
218:
219: ctx = EVP_MD_CTX_create();
220: key = EVP_PKEY_new();
221: if (!ctx || !key)
222: {
223: goto error;
224: }
225: if (!EVP_PKEY_set1_RSA(key, this->rsa))
226: {
227: goto error;
228: }
229: if (!EVP_SignInit_ex(ctx, hasher, NULL))
230: {
231: goto error;
232: }
233: if (!EVP_SignUpdate(ctx, data.ptr, data.len))
234: {
235: goto error;
236: }
237: if (EVP_SignFinal(ctx, sig->ptr, &len, key))
238: {
239: success = TRUE;
240: }
241:
242: error:
243: if (key)
244: {
245: EVP_PKEY_free(key);
246: }
247: if (ctx)
248: {
249: EVP_MD_CTX_destroy(ctx);
250: }
251: }
252: if (!success)
253: {
254: free(sig->ptr);
255: }
256: return success;
257: }
258: #endif /* OPENSSL_VERSION_NUMBER < 1.0 */
259:
260: METHOD(private_key_t, get_type, key_type_t,
261: private_openssl_rsa_private_key_t *this)
262: {
263: return KEY_RSA;
264: }
265:
266: METHOD(private_key_t, sign, bool,
267: private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
268: void *params, chunk_t data, chunk_t *signature)
269: {
270: switch (scheme)
271: {
272: case SIGN_RSA_EMSA_PKCS1_NULL:
273: return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
274: case SIGN_RSA_EMSA_PKCS1_SHA2_224:
275: return build_emsa_pkcs1_signature(this, NID_sha224, data, signature);
276: case SIGN_RSA_EMSA_PKCS1_SHA2_256:
277: return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
278: case SIGN_RSA_EMSA_PKCS1_SHA2_384:
279: return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
280: case SIGN_RSA_EMSA_PKCS1_SHA2_512:
281: return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
282: case SIGN_RSA_EMSA_PKCS1_SHA1:
283: return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
284: case SIGN_RSA_EMSA_PKCS1_MD5:
285: return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
286: #if OPENSSL_VERSION_NUMBER >= 0x10000000L
287: case SIGN_RSA_EMSA_PSS:
288: return build_emsa_pss_signature(this, params, data, signature);
289: #endif
290: default:
291: DBG1(DBG_LIB, "signature scheme %N not supported in RSA",
292: signature_scheme_names, scheme);
293: return FALSE;
294: }
295: }
296:
297: METHOD(private_key_t, decrypt, bool,
298: private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme,
299: chunk_t crypto, chunk_t *plain)
300: {
301: int padding, len;
302: char *decrypted;
303:
304: switch (scheme)
305: {
306: case ENCRYPT_RSA_PKCS1:
307: padding = RSA_PKCS1_PADDING;
308: break;
309: case ENCRYPT_RSA_OAEP_SHA1:
310: padding = RSA_PKCS1_OAEP_PADDING;
311: break;
312: default:
313: DBG1(DBG_LIB, "encryption scheme %N not supported via openssl",
314: encryption_scheme_names, scheme);
315: return FALSE;
316: }
317: decrypted = malloc(RSA_size(this->rsa));
318: len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted,
319: this->rsa, padding);
320: if (len < 0)
321: {
322: DBG1(DBG_LIB, "RSA decryption failed");
323: free(decrypted);
324: return FALSE;
325: }
326: *plain = chunk_create(decrypted, len);
327: return TRUE;
328: }
329:
330: METHOD(private_key_t, get_keysize, int,
331: private_openssl_rsa_private_key_t *this)
332: {
333: return RSA_size(this->rsa) * 8;
334: }
335:
336: METHOD(private_key_t, get_public_key, public_key_t*,
337: private_openssl_rsa_private_key_t *this)
338: {
339: chunk_t enc;
340: public_key_t *key;
341: u_char *p;
342:
343: enc = chunk_alloc(i2d_RSAPublicKey(this->rsa, NULL));
344: p = enc.ptr;
345: i2d_RSAPublicKey(this->rsa, &p);
346: key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
347: BUILD_BLOB_ASN1_DER, enc, BUILD_END);
348: free(enc.ptr);
349: return key;
350: }
351:
352: METHOD(private_key_t, get_fingerprint, bool,
353: private_openssl_rsa_private_key_t *this, cred_encoding_type_t type,
354: chunk_t *fingerprint)
355: {
356: return openssl_rsa_fingerprint(this->rsa, type, fingerprint);
357: }
358:
359: METHOD(private_key_t, get_encoding, bool,
360: private_openssl_rsa_private_key_t *this, cred_encoding_type_t type,
361: chunk_t *encoding)
362: {
363: u_char *p;
364:
365: if (this->engine)
366: {
367: return FALSE;
368: }
369: switch (type)
370: {
371: case PRIVKEY_ASN1_DER:
372: case PRIVKEY_PEM:
373: {
374: bool success = TRUE;
375:
376: *encoding = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL));
377: p = encoding->ptr;
378: i2d_RSAPrivateKey(this->rsa, &p);
379:
380: if (type == PRIVKEY_PEM)
381: {
382: chunk_t asn1_encoding = *encoding;
383:
384: success = lib->encoding->encode(lib->encoding, PRIVKEY_PEM,
385: NULL, encoding, CRED_PART_RSA_PRIV_ASN1_DER,
386: asn1_encoding, CRED_PART_END);
387: chunk_clear(&asn1_encoding);
388: }
389: return success;
390: }
391: default:
392: return FALSE;
393: }
394: }
395:
396: METHOD(private_key_t, get_ref, private_key_t*,
397: private_openssl_rsa_private_key_t *this)
398: {
399: ref_get(&this->ref);
400: return &this->public.key;
401: }
402:
403: METHOD(private_key_t, destroy, void,
404: private_openssl_rsa_private_key_t *this)
405: {
406: if (ref_put(&this->ref))
407: {
408: if (this->rsa)
409: {
410: lib->encoding->clear_cache(lib->encoding, this->rsa);
411: RSA_free(this->rsa);
412: }
413: free(this);
414: }
415: }
416:
417: /**
418: * Internal generic constructor
419: */
420: static private_openssl_rsa_private_key_t *create_empty()
421: {
422: private_openssl_rsa_private_key_t *this;
423:
424: INIT(this,
425: .public = {
426: .key = {
427: .get_type = _get_type,
428: .sign = _sign,
429: .decrypt = _decrypt,
430: .get_keysize = _get_keysize,
431: .get_public_key = _get_public_key,
432: .equals = private_key_equals,
433: .belongs_to = private_key_belongs_to,
434: .get_fingerprint = _get_fingerprint,
435: .has_fingerprint = private_key_has_fingerprint,
436: .get_encoding = _get_encoding,
437: .get_ref = _get_ref,
438: .destroy = _destroy,
439: },
440: },
441: .ref = 1,
442: );
443:
444: return this;
445: }
446:
447: /*
448: * See header.
449: */
450: openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type,
451: va_list args)
452: {
453: private_openssl_rsa_private_key_t *this;
454: u_int key_size = 0;
455: RSA *rsa = NULL;
456: BIGNUM *e = NULL;
457:
458: while (TRUE)
459: {
460: switch (va_arg(args, builder_part_t))
461: {
462: case BUILD_KEY_SIZE:
463: key_size = va_arg(args, u_int);
464: continue;
465: case BUILD_END:
466: break;
467: default:
468: return NULL;
469: }
470: break;
471: }
472: if (!key_size)
473: {
474: return NULL;
475: }
476: e = BN_new();
477: if (!e || !BN_set_word(e, PUBLIC_EXPONENT))
478: {
479: goto error;
480: }
481: rsa = RSA_new();
482: if (!rsa || !RSA_generate_key_ex(rsa, key_size, e, NULL))
483: {
484: goto error;
485: }
486: this = create_empty();
487: this->rsa = rsa;
488: BN_free(e);
489: return &this->public;
490:
491: error:
492: if (e)
493: {
494: BN_free(e);
495: }
496: if (rsa)
497: {
498: RSA_free(rsa);
499: }
500: return NULL;
501: }
502:
503: /*
504: * See header
505: */
506: private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key, bool engine)
507: {
508: private_openssl_rsa_private_key_t *this;
509: RSA *rsa;
510:
511: rsa = EVP_PKEY_get1_RSA(key);
512: EVP_PKEY_free(key);
513: if (!rsa)
514: {
515: return NULL;
516: }
517: this = create_empty();
518: this->rsa = rsa;
519: this->engine = engine;
520: return &this->public.key;
521: }
522:
523: /**
524: * Recover the primes from n, e and d using the algorithm described in
525: * Appendix C of NIST SP 800-56B.
526: */
527: static bool calculate_pq(BIGNUM *n, BIGNUM *e, BIGNUM *d,
528: BIGNUM **p, BIGNUM **q)
529: {
530: BN_CTX *ctx;
531: BIGNUM *k, *r, *g, *y, *n1, *x;
532: int i, t, j;
533: bool success = FALSE;
534:
535: ctx = BN_CTX_new();
536: if (!ctx)
537: {
538: return FALSE;
539: }
540: BN_CTX_start(ctx);
541: k = BN_CTX_get(ctx);
542: r = BN_CTX_get(ctx);
543: g = BN_CTX_get(ctx);
544: y = BN_CTX_get(ctx);
545: n1 = BN_CTX_get(ctx);
546: x = BN_CTX_get(ctx);
547: if (!x)
548: {
549: goto error;
550: }
551: /* k = (d * e) - 1 */
552: if (!BN_mul(k, d, e, ctx) || !BN_sub(k, k, BN_value_one()))
553: {
554: goto error;
555: }
556: /* k must be even */
557: if (BN_is_odd(k))
558: {
559: goto error;
560: }
561: /* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */
562: if (!BN_copy(r, k))
563: {
564: goto error;
565: }
566: for (t = 0; !BN_is_odd(r); t++)
567: { /* r = r/2 */
568: if (!BN_rshift(r, r, 1))
569: {
570: goto error;
571: }
572: }
573: /* we need n-1 below */
574: if (!BN_sub(n1, n, BN_value_one()))
575: {
576: goto error;
577: }
578: for (i = 0; i < 100; i++)
579: { /* generate random integer g in [0, n-1] */
580: if (!BN_pseudo_rand_range(g, n))
581: {
582: goto error;
583: }
584: /* y = g^r mod n */
585: if (!BN_mod_exp(y, g, r, n, ctx))
586: {
587: goto error;
588: }
589: /* try again if y == 1 or y == n-1 */
590: if (BN_is_one(y) || BN_cmp(y, n1) == 0)
591: {
592: continue;
593: }
594: for (j = 0; j < t; j++)
595: { /* x = y^2 mod n */
596: if (!BN_mod_sqr(x, y, n, ctx))
597: {
598: goto error;
599: }
600: /* stop if x == 1 */
601: if (BN_is_one(x))
602: {
603: goto done;
604: }
605: /* retry with new g if x = n-1 */
606: if (BN_cmp(x, n1) == 0)
607: {
608: break;
609: }
610: /* y = x */
611: if (!BN_copy(y, x))
612: {
613: goto error;
614: }
615: }
616: }
617: goto error;
618:
619: done:
620: /* p = gcd(y-1, n) */
621: if (!BN_sub(y, y, BN_value_one()))
622: {
623: goto error;
624: }
625: *p = BN_secure_new();
626: if (!BN_gcd(*p, y, n, ctx))
627: {
628: BN_clear_free(*p);
629: goto error;
630: }
631: /* q = n/p */
632: *q = BN_secure_new();
633: if (!BN_div(*q, NULL, n, *p, ctx))
634: {
635: BN_clear_free(*p);
636: BN_clear_free(*q);
637: goto error;
638: }
639: success = TRUE;
640:
641: error:
642: BN_CTX_end(ctx);
643: BN_CTX_free(ctx);
644: return success;
645: }
646:
647: /**
648: * Calculates dp = d (mod p-1) or dq = d (mod q-1) for the Chinese remainder
649: * algorithm.
650: */
651: static BIGNUM *dmodpq1(BIGNUM *d, BIGNUM *pq)
652: {
653: BN_CTX *ctx;
654: BIGNUM *res = NULL, *pq1;
655:
656: ctx = BN_CTX_new();
657: if (!ctx)
658: {
659: return NULL;
660: }
661: BN_CTX_start(ctx);
662: pq1 = BN_CTX_get(ctx);
663: /* p|q - 1 */
664: if (!BN_sub(pq1, pq, BN_value_one()))
665: {
666: goto error;
667: }
668: /* d (mod p|q -1) */
669: res = BN_secure_new();
670: if (!BN_mod(res, d, pq1, ctx))
671: {
672: BN_clear_free(res);
673: res = NULL;
674: goto error;
675: }
676:
677: error:
678: BN_CTX_end(ctx);
679: BN_CTX_free(ctx);
680: return res;
681: }
682:
683: /**
684: * Calculates qinv = q^-1 (mod p) for the Chinese remainder algorithm.
685: */
686: static BIGNUM *qinv(BIGNUM *q, BIGNUM *p)
687: {
688: BN_CTX *ctx;
689: BIGNUM *res = NULL;
690:
691: ctx = BN_CTX_new();
692: if (!ctx)
693: {
694: return NULL;
695: }
696: BN_CTX_start(ctx);
697: /* q^-1 (mod p) */
698: res = BN_secure_new();
699: if (!BN_mod_inverse(res, q, p, ctx))
700: {
701: BN_clear_free(res);
702: res = NULL;
703: goto error;
704: }
705:
706: error:
707: BN_CTX_end(ctx);
708: BN_CTX_free(ctx);
709: return res;
710: }
711:
712: /*
713: * See header
714: */
715: openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
716: va_list args)
717: {
718: private_openssl_rsa_private_key_t *this;
719: chunk_t blob, n, e, d, p, q, exp1, exp2, coeff;
720:
721: blob = n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty;
722: while (TRUE)
723: {
724: switch (va_arg(args, builder_part_t))
725: {
726: case BUILD_BLOB_ASN1_DER:
727: blob = va_arg(args, chunk_t);
728: continue;
729: case BUILD_RSA_MODULUS:
730: n = va_arg(args, chunk_t);
731: continue;
732: case BUILD_RSA_PUB_EXP:
733: e = va_arg(args, chunk_t);
734: continue;
735: case BUILD_RSA_PRIV_EXP:
736: d = va_arg(args, chunk_t);
737: continue;
738: case BUILD_RSA_PRIME1:
739: p = va_arg(args, chunk_t);
740: continue;
741: case BUILD_RSA_PRIME2:
742: q = va_arg(args, chunk_t);
743: continue;
744: case BUILD_RSA_EXP1:
745: exp1 = va_arg(args, chunk_t);
746: continue;
747: case BUILD_RSA_EXP2:
748: exp2 = va_arg(args, chunk_t);
749: continue;
750: case BUILD_RSA_COEFF:
751: coeff = va_arg(args, chunk_t);
752: continue;
753: case BUILD_END:
754: break;
755: default:
756: return NULL;
757: }
758: break;
759: }
760:
761: this = create_empty();
762: if (blob.ptr)
763: {
764: this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
765: if (this->rsa && RSA_check_key(this->rsa) == 1)
766: {
767: return &this->public;
768: }
769: }
770: else if (n.ptr && e.ptr && d.ptr)
771: {
772: BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q;
773: BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
774:
775: this->rsa = RSA_new();
776:
777: bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL);
778: bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL);
779: bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL);
780: if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d))
781: {
782: goto error;
783:
784: }
785: if (p.ptr && q.ptr)
786: {
787: bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL);
788: bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL);
789: }
790: else
791: {
792: if (!calculate_pq(bn_n, bn_e, bn_d, &bn_p, &bn_q))
793: {
794: goto error;
795: }
796: }
797: if (!RSA_set0_factors(this->rsa, bn_p, bn_q))
798: {
799: goto error;
800: }
801: if (exp1.ptr)
802: {
803: dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL);
804: }
805: else
806: {
807: dmp1 = dmodpq1(bn_d, bn_p);
808: }
809: if (exp2.ptr)
810: {
811: dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
812: }
813: else
814: {
815: dmq1 = dmodpq1(bn_d, bn_q);
816: }
817: if (coeff.ptr)
818: {
819: iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
820: }
821: else
822: {
823: iqmp = qinv(bn_q, bn_p);
824: }
825: if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) &&
826: RSA_check_key(this->rsa) == 1)
827: {
828: return &this->public;
829: }
830: }
831: error:
832: destroy(this);
833: return NULL;
834: }
835:
836: #endif /* OPENSSL_NO_RSA */