Return to openssl_rsa_private_key.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / openssl |
1.1 misho 1: /* 2: * Copyright (C) 2008-2017 Tobias Brunner 3: * Copyright (C) 2009 Martin Willi 4: * HSR Hochschule fuer Technik Rapperswil 5: * 6: * This program is free software; you can redistribute it and/or modify it 7: * under the terms of the GNU General Public License as published by the 8: * Free Software Foundation; either version 2 of the License, or (at your 9: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 10: * 11: * This program is distributed in the hope that it will be useful, but 12: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 13: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14: * for more details. 15: */ 16: 17: #include <openssl/opensslconf.h> 18: 19: #ifndef OPENSSL_NO_RSA 20: 21: #include "openssl_rsa_private_key.h" 22: #include "openssl_rsa_public_key.h" 23: #include "openssl_hasher.h" 24: #include "openssl_util.h" 25: 26: #include <utils/debug.h> 27: #include <credentials/keys/signature_params.h> 28: 29: #include <openssl/bn.h> 30: #include <openssl/evp.h> 31: #include <openssl/rsa.h> 32: 33: /** 34: * Public exponent to use for key generation. 35: */ 36: #define PUBLIC_EXPONENT 0x10001 37: 38: #if OPENSSL_VERSION_NUMBER < 0x10100000L 39: OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) 40: OPENSSL_KEY_FALLBACK(RSA, factors, p, q) 41: OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp) 42: #define BN_secure_new() BN_new() 43: #endif 44: 45: typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t; 46: 47: /** 48: * Private data of a openssl_rsa_private_key_t object. 49: */ 50: struct private_openssl_rsa_private_key_t { 51: /** 52: * Public interface for this signer. 53: */ 54: openssl_rsa_private_key_t public; 55: 56: /** 57: * RSA object from OpenSSL 58: */ 59: RSA *rsa; 60: 61: /** 62: * TRUE if the key is from an OpenSSL ENGINE and might not be readable 63: */ 64: bool engine; 65: 66: /** 67: * reference count 68: */ 69: refcount_t ref; 70: }; 71: 72: /* implemented in rsa public key */ 73: bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp); 74: 75: #if OPENSSL_VERSION_NUMBER >= 0x10000000L 76: 77: /** 78: * Build RSA signature 79: */ 80: static bool build_signature(private_openssl_rsa_private_key_t *this, 81: const EVP_MD *md, rsa_pss_params_t *pss, 82: chunk_t data, chunk_t *sig) 83: { 84: EVP_PKEY_CTX *pctx = NULL; 85: EVP_MD_CTX *mctx = NULL; 86: EVP_PKEY *key; 87: bool success = FALSE; 88: 89: mctx = EVP_MD_CTX_create(); 90: key = EVP_PKEY_new(); 91: if (!mctx || !key) 92: { 93: goto error; 94: } 95: if (!EVP_PKEY_set1_RSA(key, this->rsa)) 96: { 97: goto error; 98: } 99: if (EVP_DigestSignInit(mctx, &pctx, md, NULL, key) <= 0) 100: { 101: goto error; 102: } 103: if (pss) 104: { 105: const EVP_MD *mgf1md = openssl_get_md(pss->mgf1_hash); 106: if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0 || 107: EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, pss->salt_len) <= 0 || 108: EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md) <= 0) 109: { 110: goto error; 111: } 112: } 113: if (EVP_DigestSignUpdate(mctx, data.ptr, data.len) <= 0) 114: { 115: goto error; 116: } 117: success = (EVP_DigestSignFinal(mctx, sig->ptr, &sig->len) == 1); 118: 119: error: 120: if (key) 121: { 122: EVP_PKEY_free(key); 123: } 124: if (mctx) 125: { 126: EVP_MD_CTX_destroy(mctx); 127: } 128: return success; 129: } 130: 131: /** 132: * Build an EMSA PKCS1 signature described in PKCS#1 133: */ 134: static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, 135: int type, chunk_t data, chunk_t *sig) 136: { 137: const EVP_MD *md; 138: 139: *sig = chunk_alloc(RSA_size(this->rsa)); 140: 141: if (type == NID_undef) 142: { 143: if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa, 144: RSA_PKCS1_PADDING) == sig->len) 145: { 146: return TRUE; 147: } 148: } 149: else 150: { 151: md = EVP_get_digestbynid(type); 152: if (md && build_signature(this, md, NULL, data, sig)) 153: { 154: return TRUE; 155: } 156: } 157: chunk_free(sig); 158: return FALSE; 159: } 160: 161: /** 162: * Build an EMSA PSS signature described in PKCS#1 163: */ 164: static bool build_emsa_pss_signature(private_openssl_rsa_private_key_t *this, 165: rsa_pss_params_t *params, chunk_t data, 166: chunk_t *sig) 167: { 168: const EVP_MD *md; 169: 170: if (!params) 171: { 172: return FALSE; 173: } 174: 175: *sig = chunk_alloc(RSA_size(this->rsa)); 176: 177: md = openssl_get_md(params->hash); 178: if (md && build_signature(this, md, params, data, sig)) 179: { 180: return TRUE; 181: } 182: chunk_free(sig); 183: return FALSE; 184: } 185: 186: #else /* OPENSSL_VERSION_NUMBER < 1.0 */ 187: 188: /** 189: * Build an EMSA PKCS1 signature described in PKCS#1 190: */ 191: static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, 192: int type, chunk_t data, chunk_t *sig) 193: { 194: bool success = FALSE; 195: 196: *sig = chunk_alloc(RSA_size(this->rsa)); 197: 198: if (type == NID_undef) 199: { 200: if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa, 201: RSA_PKCS1_PADDING) == sig->len) 202: { 203: success = TRUE; 204: } 205: } 206: else 207: { 208: EVP_MD_CTX *ctx = NULL; 209: EVP_PKEY *key = NULL; 210: const EVP_MD *hasher; 211: u_int len; 212: 213: hasher = EVP_get_digestbynid(type); 214: if (!hasher) 215: { 216: goto error; 217: } 218: 219: ctx = EVP_MD_CTX_create(); 220: key = EVP_PKEY_new(); 221: if (!ctx || !key) 222: { 223: goto error; 224: } 225: if (!EVP_PKEY_set1_RSA(key, this->rsa)) 226: { 227: goto error; 228: } 229: if (!EVP_SignInit_ex(ctx, hasher, NULL)) 230: { 231: goto error; 232: } 233: if (!EVP_SignUpdate(ctx, data.ptr, data.len)) 234: { 235: goto error; 236: } 237: if (EVP_SignFinal(ctx, sig->ptr, &len, key)) 238: { 239: success = TRUE; 240: } 241: 242: error: 243: if (key) 244: { 245: EVP_PKEY_free(key); 246: } 247: if (ctx) 248: { 249: EVP_MD_CTX_destroy(ctx); 250: } 251: } 252: if (!success) 253: { 254: free(sig->ptr); 255: } 256: return success; 257: } 258: #endif /* OPENSSL_VERSION_NUMBER < 1.0 */ 259: 260: METHOD(private_key_t, get_type, key_type_t, 261: private_openssl_rsa_private_key_t *this) 262: { 263: return KEY_RSA; 264: } 265: 266: METHOD(private_key_t, sign, bool, 267: private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, 268: void *params, chunk_t data, chunk_t *signature) 269: { 270: switch (scheme) 271: { 272: case SIGN_RSA_EMSA_PKCS1_NULL: 273: return build_emsa_pkcs1_signature(this, NID_undef, data, signature); 274: case SIGN_RSA_EMSA_PKCS1_SHA2_224: 275: return build_emsa_pkcs1_signature(this, NID_sha224, data, signature); 276: case SIGN_RSA_EMSA_PKCS1_SHA2_256: 277: return build_emsa_pkcs1_signature(this, NID_sha256, data, signature); 278: case SIGN_RSA_EMSA_PKCS1_SHA2_384: 279: return build_emsa_pkcs1_signature(this, NID_sha384, data, signature); 280: case SIGN_RSA_EMSA_PKCS1_SHA2_512: 281: return build_emsa_pkcs1_signature(this, NID_sha512, data, signature); 282: case SIGN_RSA_EMSA_PKCS1_SHA1: 283: return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); 284: case SIGN_RSA_EMSA_PKCS1_MD5: 285: return build_emsa_pkcs1_signature(this, NID_md5, data, signature); 286: #if OPENSSL_VERSION_NUMBER >= 0x10000000L 287: case SIGN_RSA_EMSA_PSS: 288: return build_emsa_pss_signature(this, params, data, signature); 289: #endif 290: default: 291: DBG1(DBG_LIB, "signature scheme %N not supported in RSA", 292: signature_scheme_names, scheme); 293: return FALSE; 294: } 295: } 296: 297: METHOD(private_key_t, decrypt, bool, 298: private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme, 299: chunk_t crypto, chunk_t *plain) 300: { 301: int padding, len; 302: char *decrypted; 303: 304: switch (scheme) 305: { 306: case ENCRYPT_RSA_PKCS1: 307: padding = RSA_PKCS1_PADDING; 308: break; 309: case ENCRYPT_RSA_OAEP_SHA1: 310: padding = RSA_PKCS1_OAEP_PADDING; 311: break; 312: default: 313: DBG1(DBG_LIB, "encryption scheme %N not supported via openssl", 314: encryption_scheme_names, scheme); 315: return FALSE; 316: } 317: decrypted = malloc(RSA_size(this->rsa)); 318: len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted, 319: this->rsa, padding); 320: if (len < 0) 321: { 322: DBG1(DBG_LIB, "RSA decryption failed"); 323: free(decrypted); 324: return FALSE; 325: } 326: *plain = chunk_create(decrypted, len); 327: return TRUE; 328: } 329: 330: METHOD(private_key_t, get_keysize, int, 331: private_openssl_rsa_private_key_t *this) 332: { 333: return RSA_size(this->rsa) * 8; 334: } 335: 336: METHOD(private_key_t, get_public_key, public_key_t*, 337: private_openssl_rsa_private_key_t *this) 338: { 339: chunk_t enc; 340: public_key_t *key; 341: u_char *p; 342: 343: enc = chunk_alloc(i2d_RSAPublicKey(this->rsa, NULL)); 344: p = enc.ptr; 345: i2d_RSAPublicKey(this->rsa, &p); 346: key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, 347: BUILD_BLOB_ASN1_DER, enc, BUILD_END); 348: free(enc.ptr); 349: return key; 350: } 351: 352: METHOD(private_key_t, get_fingerprint, bool, 353: private_openssl_rsa_private_key_t *this, cred_encoding_type_t type, 354: chunk_t *fingerprint) 355: { 356: return openssl_rsa_fingerprint(this->rsa, type, fingerprint); 357: } 358: 359: METHOD(private_key_t, get_encoding, bool, 360: private_openssl_rsa_private_key_t *this, cred_encoding_type_t type, 361: chunk_t *encoding) 362: { 363: u_char *p; 364: 365: if (this->engine) 366: { 367: return FALSE; 368: } 369: switch (type) 370: { 371: case PRIVKEY_ASN1_DER: 372: case PRIVKEY_PEM: 373: { 374: bool success = TRUE; 375: 376: *encoding = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL)); 377: p = encoding->ptr; 378: i2d_RSAPrivateKey(this->rsa, &p); 379: 380: if (type == PRIVKEY_PEM) 381: { 382: chunk_t asn1_encoding = *encoding; 383: 384: success = lib->encoding->encode(lib->encoding, PRIVKEY_PEM, 385: NULL, encoding, CRED_PART_RSA_PRIV_ASN1_DER, 386: asn1_encoding, CRED_PART_END); 387: chunk_clear(&asn1_encoding); 388: } 389: return success; 390: } 391: default: 392: return FALSE; 393: } 394: } 395: 396: METHOD(private_key_t, get_ref, private_key_t*, 397: private_openssl_rsa_private_key_t *this) 398: { 399: ref_get(&this->ref); 400: return &this->public.key; 401: } 402: 403: METHOD(private_key_t, destroy, void, 404: private_openssl_rsa_private_key_t *this) 405: { 406: if (ref_put(&this->ref)) 407: { 408: if (this->rsa) 409: { 410: lib->encoding->clear_cache(lib->encoding, this->rsa); 411: RSA_free(this->rsa); 412: } 413: free(this); 414: } 415: } 416: 417: /** 418: * Internal generic constructor 419: */ 420: static private_openssl_rsa_private_key_t *create_empty() 421: { 422: private_openssl_rsa_private_key_t *this; 423: 424: INIT(this, 425: .public = { 426: .key = { 427: .get_type = _get_type, 428: .sign = _sign, 429: .decrypt = _decrypt, 430: .get_keysize = _get_keysize, 431: .get_public_key = _get_public_key, 432: .equals = private_key_equals, 433: .belongs_to = private_key_belongs_to, 434: .get_fingerprint = _get_fingerprint, 435: .has_fingerprint = private_key_has_fingerprint, 436: .get_encoding = _get_encoding, 437: .get_ref = _get_ref, 438: .destroy = _destroy, 439: }, 440: }, 441: .ref = 1, 442: ); 443: 444: return this; 445: } 446: 447: /* 448: * See header. 449: */ 450: openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, 451: va_list args) 452: { 453: private_openssl_rsa_private_key_t *this; 454: u_int key_size = 0; 455: RSA *rsa = NULL; 456: BIGNUM *e = NULL; 457: 458: while (TRUE) 459: { 460: switch (va_arg(args, builder_part_t)) 461: { 462: case BUILD_KEY_SIZE: 463: key_size = va_arg(args, u_int); 464: continue; 465: case BUILD_END: 466: break; 467: default: 468: return NULL; 469: } 470: break; 471: } 472: if (!key_size) 473: { 474: return NULL; 475: } 476: e = BN_new(); 477: if (!e || !BN_set_word(e, PUBLIC_EXPONENT)) 478: { 479: goto error; 480: } 481: rsa = RSA_new(); 482: if (!rsa || !RSA_generate_key_ex(rsa, key_size, e, NULL)) 483: { 484: goto error; 485: } 486: this = create_empty(); 487: this->rsa = rsa; 488: BN_free(e); 489: return &this->public; 490: 491: error: 492: if (e) 493: { 494: BN_free(e); 495: } 496: if (rsa) 497: { 498: RSA_free(rsa); 499: } 500: return NULL; 501: } 502: 503: /* 504: * See header 505: */ 506: private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key, bool engine) 507: { 508: private_openssl_rsa_private_key_t *this; 509: RSA *rsa; 510: 511: rsa = EVP_PKEY_get1_RSA(key); 512: EVP_PKEY_free(key); 513: if (!rsa) 514: { 515: return NULL; 516: } 517: this = create_empty(); 518: this->rsa = rsa; 519: this->engine = engine; 520: return &this->public.key; 521: } 522: 523: /** 524: * Recover the primes from n, e and d using the algorithm described in 525: * Appendix C of NIST SP 800-56B. 526: */ 527: static bool calculate_pq(BIGNUM *n, BIGNUM *e, BIGNUM *d, 528: BIGNUM **p, BIGNUM **q) 529: { 530: BN_CTX *ctx; 531: BIGNUM *k, *r, *g, *y, *n1, *x; 532: int i, t, j; 533: bool success = FALSE; 534: 535: ctx = BN_CTX_new(); 536: if (!ctx) 537: { 538: return FALSE; 539: } 540: BN_CTX_start(ctx); 541: k = BN_CTX_get(ctx); 542: r = BN_CTX_get(ctx); 543: g = BN_CTX_get(ctx); 544: y = BN_CTX_get(ctx); 545: n1 = BN_CTX_get(ctx); 546: x = BN_CTX_get(ctx); 547: if (!x) 548: { 549: goto error; 550: } 551: /* k = (d * e) - 1 */ 552: if (!BN_mul(k, d, e, ctx) || !BN_sub(k, k, BN_value_one())) 553: { 554: goto error; 555: } 556: /* k must be even */ 557: if (BN_is_odd(k)) 558: { 559: goto error; 560: } 561: /* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */ 562: if (!BN_copy(r, k)) 563: { 564: goto error; 565: } 566: for (t = 0; !BN_is_odd(r); t++) 567: { /* r = r/2 */ 568: if (!BN_rshift(r, r, 1)) 569: { 570: goto error; 571: } 572: } 573: /* we need n-1 below */ 574: if (!BN_sub(n1, n, BN_value_one())) 575: { 576: goto error; 577: } 578: for (i = 0; i < 100; i++) 579: { /* generate random integer g in [0, n-1] */ 580: if (!BN_pseudo_rand_range(g, n)) 581: { 582: goto error; 583: } 584: /* y = g^r mod n */ 585: if (!BN_mod_exp(y, g, r, n, ctx)) 586: { 587: goto error; 588: } 589: /* try again if y == 1 or y == n-1 */ 590: if (BN_is_one(y) || BN_cmp(y, n1) == 0) 591: { 592: continue; 593: } 594: for (j = 0; j < t; j++) 595: { /* x = y^2 mod n */ 596: if (!BN_mod_sqr(x, y, n, ctx)) 597: { 598: goto error; 599: } 600: /* stop if x == 1 */ 601: if (BN_is_one(x)) 602: { 603: goto done; 604: } 605: /* retry with new g if x = n-1 */ 606: if (BN_cmp(x, n1) == 0) 607: { 608: break; 609: } 610: /* y = x */ 611: if (!BN_copy(y, x)) 612: { 613: goto error; 614: } 615: } 616: } 617: goto error; 618: 619: done: 620: /* p = gcd(y-1, n) */ 621: if (!BN_sub(y, y, BN_value_one())) 622: { 623: goto error; 624: } 625: *p = BN_secure_new(); 626: if (!BN_gcd(*p, y, n, ctx)) 627: { 628: BN_clear_free(*p); 629: goto error; 630: } 631: /* q = n/p */ 632: *q = BN_secure_new(); 633: if (!BN_div(*q, NULL, n, *p, ctx)) 634: { 635: BN_clear_free(*p); 636: BN_clear_free(*q); 637: goto error; 638: } 639: success = TRUE; 640: 641: error: 642: BN_CTX_end(ctx); 643: BN_CTX_free(ctx); 644: return success; 645: } 646: 647: /** 648: * Calculates dp = d (mod p-1) or dq = d (mod q-1) for the Chinese remainder 649: * algorithm. 650: */ 651: static BIGNUM *dmodpq1(BIGNUM *d, BIGNUM *pq) 652: { 653: BN_CTX *ctx; 654: BIGNUM *res = NULL, *pq1; 655: 656: ctx = BN_CTX_new(); 657: if (!ctx) 658: { 659: return NULL; 660: } 661: BN_CTX_start(ctx); 662: pq1 = BN_CTX_get(ctx); 663: /* p|q - 1 */ 664: if (!BN_sub(pq1, pq, BN_value_one())) 665: { 666: goto error; 667: } 668: /* d (mod p|q -1) */ 669: res = BN_secure_new(); 670: if (!BN_mod(res, d, pq1, ctx)) 671: { 672: BN_clear_free(res); 673: res = NULL; 674: goto error; 675: } 676: 677: error: 678: BN_CTX_end(ctx); 679: BN_CTX_free(ctx); 680: return res; 681: } 682: 683: /** 684: * Calculates qinv = q^-1 (mod p) for the Chinese remainder algorithm. 685: */ 686: static BIGNUM *qinv(BIGNUM *q, BIGNUM *p) 687: { 688: BN_CTX *ctx; 689: BIGNUM *res = NULL; 690: 691: ctx = BN_CTX_new(); 692: if (!ctx) 693: { 694: return NULL; 695: } 696: BN_CTX_start(ctx); 697: /* q^-1 (mod p) */ 698: res = BN_secure_new(); 699: if (!BN_mod_inverse(res, q, p, ctx)) 700: { 701: BN_clear_free(res); 702: res = NULL; 703: goto error; 704: } 705: 706: error: 707: BN_CTX_end(ctx); 708: BN_CTX_free(ctx); 709: return res; 710: } 711: 712: /* 713: * See header 714: */ 715: openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, 716: va_list args) 717: { 718: private_openssl_rsa_private_key_t *this; 719: chunk_t blob, n, e, d, p, q, exp1, exp2, coeff; 720: 721: blob = n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty; 722: while (TRUE) 723: { 724: switch (va_arg(args, builder_part_t)) 725: { 726: case BUILD_BLOB_ASN1_DER: 727: blob = va_arg(args, chunk_t); 728: continue; 729: case BUILD_RSA_MODULUS: 730: n = va_arg(args, chunk_t); 731: continue; 732: case BUILD_RSA_PUB_EXP: 733: e = va_arg(args, chunk_t); 734: continue; 735: case BUILD_RSA_PRIV_EXP: 736: d = va_arg(args, chunk_t); 737: continue; 738: case BUILD_RSA_PRIME1: 739: p = va_arg(args, chunk_t); 740: continue; 741: case BUILD_RSA_PRIME2: 742: q = va_arg(args, chunk_t); 743: continue; 744: case BUILD_RSA_EXP1: 745: exp1 = va_arg(args, chunk_t); 746: continue; 747: case BUILD_RSA_EXP2: 748: exp2 = va_arg(args, chunk_t); 749: continue; 750: case BUILD_RSA_COEFF: 751: coeff = va_arg(args, chunk_t); 752: continue; 753: case BUILD_END: 754: break; 755: default: 756: return NULL; 757: } 758: break; 759: } 760: 761: this = create_empty(); 762: if (blob.ptr) 763: { 764: this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); 765: if (this->rsa && RSA_check_key(this->rsa) == 1) 766: { 767: return &this->public; 768: } 769: } 770: else if (n.ptr && e.ptr && d.ptr) 771: { 772: BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q; 773: BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; 774: 775: this->rsa = RSA_new(); 776: 777: bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); 778: bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); 779: bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); 780: if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d)) 781: { 782: goto error; 783: 784: } 785: if (p.ptr && q.ptr) 786: { 787: bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); 788: bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); 789: } 790: else 791: { 792: if (!calculate_pq(bn_n, bn_e, bn_d, &bn_p, &bn_q)) 793: { 794: goto error; 795: } 796: } 797: if (!RSA_set0_factors(this->rsa, bn_p, bn_q)) 798: { 799: goto error; 800: } 801: if (exp1.ptr) 802: { 803: dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); 804: } 805: else 806: { 807: dmp1 = dmodpq1(bn_d, bn_p); 808: } 809: if (exp2.ptr) 810: { 811: dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); 812: } 813: else 814: { 815: dmq1 = dmodpq1(bn_d, bn_q); 816: } 817: if (coeff.ptr) 818: { 819: iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); 820: } 821: else 822: { 823: iqmp = qinv(bn_q, bn_p); 824: } 825: if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) && 826: RSA_check_key(this->rsa) == 1) 827: { 828: return &this->public; 829: } 830: } 831: error: 832: destroy(this); 833: return NULL; 834: } 835: 836: #endif /* OPENSSL_NO_RSA */