int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
BN_CTX *ctx_passed, void *cb_arg)
{
BN_GENCB cb;
BN_GENCB_set_old(&cb, callback, cb_arg);
return BN_is_prime_ex(a, checks, ctx_passed, &cb);
}
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <time.h>
# include "internal/cryptlib.h"
# include "bn_lcl.h"
BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
const BIGNUM *add, const BIGNUM *rem,
void (*callback) (int, int, void *), void *cb_arg)
{
BN_GENCB cb;
BIGNUM *rnd = NULL;
BN_GENCB_set_old(&cb, callback, cb_arg);
if (ret == NULL) {
if ((rnd = BN_new()) == NULL)
goto err;
} else
rnd = ret;
if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
goto err;
/* we have a prime :-) */
return ret;
err:
BN_free(rnd);
return NULL;
}
static isc_result_t
openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
DSA *dsa;
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
isc_result_t result;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB cb;
union {
void *dptr;
void (*fptr)(int);
} u;
#else
UNUSED(callback);
#endif
UNUSED(unused);
result = dst__entropy_getdata(rand_array, sizeof(rand_array),
ISC_FALSE);
if (result != ISC_R_SUCCESS)
return (result);
#if OPENSSL_VERSION_NUMBER > 0x00908000L
dsa = DSA_new();
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
if (callback == NULL) {
BN_GENCB_set_old(&cb, NULL, NULL);
} else {
u.fptr = callback;
BN_GENCB_set(&cb, &progress_cb, u.dptr);
}
if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
&cb))
{
DSA_free(dsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
#else
dsa = DSA_generate_parameters(key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
NULL, NULL);
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
#endif
if (DSA_generate_key(dsa) == 0) {
DSA_free(dsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
key->keydata.dsa = dsa;
return (ISC_R_SUCCESS);
}
RSA *RSA_generate_key(int bits, unsigned long e_value,
void (*callback) (int, int, void *), void *cb_arg)
{
int i;
BN_GENCB *cb = BN_GENCB_new();
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
if (cb == NULL || rsa == NULL || e == NULL)
goto err;
/*
* The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long
* can be larger
*/
for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) {
if (e_value & (1UL << i))
if (BN_set_bit(e, i) == 0)
goto err;
}
BN_GENCB_set_old(cb, callback, cb_arg);
if (RSA_generate_key_ex(rsa, bits, e, cb)) {
BN_free(e);
BN_GENCB_free(cb);
return rsa;
}
err:
BN_free(e);
RSA_free(rsa);
BN_GENCB_free(cb);
return 0;
}
DSA *DSA_generate_parameters(int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
void (*callback) (int, int, void *),
void *cb_arg)
{
BN_GENCB *cb;
DSA *ret;
if ((ret = DSA_new()) == NULL)
return NULL;
cb = BN_GENCB_new();
if (cb == NULL)
goto err;
BN_GENCB_set_old(cb, callback, cb_arg);
if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
counter_ret, h_ret, cb)) {
BN_GENCB_free(cb);
return ret;
}
BN_GENCB_free(cb);
err:
DSA_free(ret);
return NULL;
}
BIGNUM *
BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
const BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg)
{
BN_GENCB cb;
BIGNUM *rnd = NULL;
int found = 0;
BN_GENCB_set_old(&cb, callback, cb_arg);
if (ret == NULL) {
if ((rnd = BN_new()) == NULL)
goto err;
} else
rnd = ret;
if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
goto err;
/* we have a prime :-) */
found = 1;
err:
if (!found && (ret == NULL) && (rnd != NULL))
BN_free(rnd);
return (found ? rnd : NULL);
}
RSA *RSA_generate_key(int bits, unsigned long e_value,
void (*callback)(int,int,void *), void *cb_arg)
{
BN_GENCB cb;
int i;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
if(!rsa || !e) goto err;
/* The problem is when building with 8, 16, or 32 BN_ULONG,
* unsigned long can be larger */
for (i=0; i<(int)sizeof(unsigned long)*8; i++)
{
if (e_value & (1UL<<i))
BN_set_bit(e,i);
}
BN_GENCB_set_old(&cb, callback, cb_arg);
if(RSA_generate_key_ex(rsa, bits, e, &cb)) {
BN_free(e);
return rsa;
}
err:
if(e) BN_free(e);
if(rsa) RSA_free(rsa);
return 0;
}
int BN_is_prime_fasttest(const BIGNUM *a, int checks,
void (*callback) (int, int, void *),
BN_CTX *ctx_passed, void *cb_arg,
int do_trial_division)
{
BN_GENCB cb;
BN_GENCB_set_old(&cb, callback, cb_arg);
return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
do_trial_division, &cb);
}
int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
void (*callback)(int, int, void *), void *cb_arg,
const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
const BIGNUM *e)
{
BN_GENCB cb;
BN_GENCB_set_old(&cb, callback, cb_arg);
return RSA_X931_derive_ex(rsa, p1, p2, q1, q2, Xp1, Xp2, Xp,
Xq1, Xq2, Xq, e, &cb);
}
static isc_result_t
openssldsa_generate(dst_key_t *key, int unused) {
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB cb;
#endif
DSA *dsa;
unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
isc_result_t result;
UNUSED(unused);
result = dst__entropy_getdata(rand_array, sizeof(rand_array),
ISC_FALSE);
if (result != ISC_R_SUCCESS)
return (result);
#if OPENSSL_VERSION_NUMBER > 0x00908000L
dsa = DSA_new();
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
BN_GENCB_set_old(&cb, NULL, NULL);
if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
&cb))
{
DSA_free(dsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
#else
dsa = DSA_generate_parameters(key->key_size, rand_array,
ISC_SHA1_DIGESTLENGTH, NULL, NULL,
NULL, NULL);
if (dsa == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
#endif
if (DSA_generate_key(dsa) == 0) {
DSA_free(dsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
key->opaque = dsa;
return (ISC_R_SUCCESS);
}
RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
void (*callback)(int,int,void *), void *cb_arg)
{
BN_GENCB cb;
int ret;
RSA *rsa = RSA_new();
if (!rsa)
return NULL;
BN_GENCB_set_old(&cb, callback, cb_arg);
ret = RSA_X931_generate_key_ex(rsa, bits, e, &cb);
if (ret)
return rsa;
RSA_free(rsa);
return NULL;
}
DH *DH_generate_parameters(int prime_len, int generator,
void (*callback)(int,int,void *), void *cb_arg)
{
BN_GENCB cb;
DH *ret=NULL;
if((ret=DH_new()) == NULL)
return NULL;
BN_GENCB_set_old(&cb, callback, cb_arg);
if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))
return ret;
DH_free(ret);
return NULL;
}
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <time.h>
# include "internal/cryptlib.h"
# include <openssl/bn.h>
# include <openssl/rsa.h>
RSA *RSA_generate_key(int bits, unsigned long e_value,
void (*callback) (int, int, void *), void *cb_arg)
{
int i;
BN_GENCB *cb = BN_GENCB_new();
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
if (cb == NULL || rsa == NULL || e == NULL)
goto err;
/*
* The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long
* can be larger
*/
for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) {
if (e_value & (1UL << i))
if (BN_set_bit(e, i) == 0)
goto err;
}
BN_GENCB_set_old(cb, callback, cb_arg);
if (RSA_generate_key_ex(rsa, bits, e, cb)) {
BN_free(e);
BN_GENCB_free(cb);
return rsa;
}
err:
BN_free(e);
RSA_free(rsa);
BN_GENCB_free(cb);
return 0;
}
EXPORT_C DSA *DSA_generate_parameters(int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
void (*callback)(int, int, void *),
void *cb_arg)
{
BN_GENCB cb;
DSA *ret;
if ((ret=DSA_new()) == NULL) return NULL;
BN_GENCB_set_old(&cb, callback, cb_arg);
if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
counter_ret, h_ret, &cb))
return ret;
DSA_free(ret);
return NULL;
}
NON_EMPTY_TRANSLATION_UNIT
#else
# include <stdio.h>
# include <time.h>
# include "internal/cryptlib.h"
# include <openssl/evp.h>
# include <openssl/bn.h>
# include <openssl/dsa.h>
# include <openssl/sha.h>
DSA *DSA_generate_parameters(int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret,
void (*callback) (int, int, void *),
void *cb_arg)
{
BN_GENCB *cb;
DSA *ret;
if ((ret = DSA_new()) == NULL)
return NULL;
cb = BN_GENCB_new();
if (cb == NULL)
goto err;
BN_GENCB_set_old(cb, callback, cb_arg);
if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
counter_ret, h_ret, cb)) {
BN_GENCB_free(cb);
return ret;
}
BN_GENCB_free(cb);
err:
DSA_free(ret);
return NULL;
}
static isc_result_t
openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
DH *dh = NULL;
#if OPENSSL_VERSION_NUMBER > 0x00908000L
BN_GENCB *cb;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
BN_GENCB _cb;
#endif
union {
void *dptr;
void (*fptr)(int);
} u;
#else
UNUSED(callback);
#endif
if (generator == 0) {
if (key->key_size == 768 ||
key->key_size == 1024 ||
key->key_size == 1536)
{
dh = DH_new();
if (dh == NULL)
return (dst__openssl_toresult(ISC_R_NOMEMORY));
if (key->key_size == 768)
dh->p = bn768;
else if (key->key_size == 1024)
dh->p = bn1024;
else
dh->p = bn1536;
dh->g = bn2;
} else
generator = 2;
}
if (generator != 0) {
#if OPENSSL_VERSION_NUMBER > 0x00908000L
dh = DH_new();
if (dh == NULL)
return (dst__openssl_toresult(ISC_R_NOMEMORY));
cb = BN_GENCB_new();
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
if (cb == NULL) {
DH_free(dh);
return (dst__openssl_toresult(ISC_R_NOMEMORY));
}
#endif
if (callback == NULL) {
BN_GENCB_set_old(cb, NULL, NULL);
} else {
u.fptr = callback;
BN_GENCB_set(cb, &progress_cb, u.dptr);
}
if (!DH_generate_parameters_ex(dh, key->key_size, generator,
cb)) {
DH_free(dh);
BN_GENCB_free(cb);
return (dst__openssl_toresult2(
"DH_generate_parameters_ex",
DST_R_OPENSSLFAILURE));
}
BN_GENCB_free(cb);
#else
dh = DH_generate_parameters(key->key_size, generator,
NULL, NULL);
if (dh == NULL)
return (dst__openssl_toresult2(
"DH_generate_parameters",
DST_R_OPENSSLFAILURE));
#endif
}
if (DH_generate_key(dh) == 0) {
DH_free(dh);
return (dst__openssl_toresult2("DH_generate_key",
DST_R_OPENSSLFAILURE));
}
dh->flags &= ~DH_FLAG_CACHE_MONT_P;
key->keydata.dh = dh;
return (ISC_R_SUCCESS);
}
static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
#if OPENSSL_VERSION_NUMBER > 0x00908000L
isc_result_t ret = DST_R_OPENSSLFAILURE;
BN_GENCB cb;
union {
void *dptr;
void (*fptr)(int);
} u;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
#if USE_EVP
EVP_PKEY *pkey = EVP_PKEY_new();
#endif
if (rsa == NULL || e == NULL)
goto err;
#if USE_EVP
if (pkey == NULL)
goto err;
if (!EVP_PKEY_set1_RSA(pkey, rsa))
goto err;
#endif
if (exp == 0) {
/* RSA_F4 0x10001 */
BN_set_bit(e, 0);
BN_set_bit(e, 16);
} else {
/* F5 0x100000001 */
BN_set_bit(e, 0);
BN_set_bit(e, 32);
}
if (callback == NULL) {
BN_GENCB_set_old(&cb, NULL, NULL);
} else {
u.fptr = callback;
BN_GENCB_set(&cb, &progress_cb, u.dptr);
}
if (RSA_generate_key_ex(rsa, key->key_size, e, &cb)) {
BN_free(e);
SET_FLAGS(rsa);
#if USE_EVP
key->keydata.pkey = pkey;
RSA_free(rsa);
#else
key->keydata.rsa = rsa;
#endif
return (ISC_R_SUCCESS);
}
ret = dst__openssl_toresult2("RSA_generate_key_ex",
DST_R_OPENSSLFAILURE);
err:
#if USE_EVP
if (pkey != NULL)
EVP_PKEY_free(pkey);
#endif
if (e != NULL)
BN_free(e);
if (rsa != NULL)
RSA_free(rsa);
return (dst__openssl_toresult(ret));
#else
RSA *rsa;
unsigned long e;
#if USE_EVP
EVP_PKEY *pkey = EVP_PKEY_new();
UNUSED(callback);
if (pkey == NULL)
return (ISC_R_NOMEMORY);
#else
UNUSED(callback);
#endif
if (exp == 0)
e = RSA_F4;
else
e = 0x40000003;
rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
if (rsa == NULL) {
#if USE_EVP
EVP_PKEY_free(pkey);
#endif
return (dst__openssl_toresult2("RSA_generate_key",
DST_R_OPENSSLFAILURE));
}
SET_FLAGS(rsa);
#if USE_EVP
if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
EVP_PKEY_free(pkey);
RSA_free(rsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
key->keydata.pkey = pkey;
RSA_free(rsa);
#else
key->keydata.rsa = rsa;
#endif
return (ISC_R_SUCCESS);
#endif
}
static isc_result_t
opensslrsa_generate(dst_key_t *key, int exp, void (*callback)(int)) {
#if OPENSSL_VERSION_NUMBER > 0x00908000L
isc_result_t ret = DST_R_OPENSSLFAILURE;
union {
void *dptr;
void (*fptr)(int);
} u;
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
BN_GENCB _cb;
#endif
BN_GENCB *cb = BN_GENCB_new();
#if USE_EVP
EVP_PKEY *pkey = EVP_PKEY_new();
#endif
/*
* Reject incorrect RSA key lengths.
*/
switch (key->key_alg) {
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_NSEC3RSASHA1:
/* From RFC 3110 */
if (key->key_size > 4096)
goto err;
break;
case DST_ALG_RSASHA256:
/* From RFC 5702 */
if ((key->key_size < 512) ||
(key->key_size > 4096))
goto err;
break;
case DST_ALG_RSASHA512:
/* From RFC 5702 */
if ((key->key_size < 1024) ||
(key->key_size > 4096))
goto err;
break;
default:
INSIST(0);
}
if (rsa == NULL || e == NULL || cb == NULL)
goto err;
#if USE_EVP
if (pkey == NULL)
goto err;
if (!EVP_PKEY_set1_RSA(pkey, rsa))
goto err;
#endif
if (exp == 0) {
/* RSA_F4 0x10001 */
BN_set_bit(e, 0);
BN_set_bit(e, 16);
} else {
/* (phased-out) F5 0x100000001 */
BN_set_bit(e, 0);
BN_set_bit(e, 32);
}
if (callback == NULL) {
BN_GENCB_set_old(cb, NULL, NULL);
} else {
u.fptr = callback;
BN_GENCB_set(cb, &progress_cb, u.dptr);
}
if (RSA_generate_key_ex(rsa, key->key_size, e, cb)) {
BN_free(e);
BN_GENCB_free(cb);
SET_FLAGS(rsa);
#if USE_EVP
key->keydata.pkey = pkey;
RSA_free(rsa);
#else
key->keydata.rsa = rsa;
#endif
return (ISC_R_SUCCESS);
}
BN_GENCB_free(cb);
ret = dst__openssl_toresult2("RSA_generate_key_ex",
DST_R_OPENSSLFAILURE);
err:
#if USE_EVP
if (pkey != NULL)
EVP_PKEY_free(pkey);
#endif
if (e != NULL)
BN_free(e);
if (rsa != NULL)
RSA_free(rsa);
if (cb != NULL)
BN_GENCB_free(cb);
return (dst__openssl_toresult(ret));
#else
RSA *rsa;
unsigned long e;
#if USE_EVP
EVP_PKEY *pkey = EVP_PKEY_new();
UNUSED(callback);
if (pkey == NULL)
return (ISC_R_NOMEMORY);
#else
UNUSED(callback);
#endif
if (exp == 0)
e = RSA_F4;
else
e = 0x40000003;
rsa = RSA_generate_key(key->key_size, e, NULL, NULL);
if (rsa == NULL) {
#if USE_EVP
EVP_PKEY_free(pkey);
#endif
return (dst__openssl_toresult2("RSA_generate_key",
DST_R_OPENSSLFAILURE));
}
SET_FLAGS(rsa);
#if USE_EVP
if (!EVP_PKEY_set1_RSA(pkey, rsa)) {
EVP_PKEY_free(pkey);
RSA_free(rsa);
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
}
key->keydata.pkey = pkey;
RSA_free(rsa);
#else
key->keydata.rsa = rsa;
#endif
return (ISC_R_SUCCESS);
#endif
}
