commit 839b881c612c698d7331191beac7d565649f5351
author Adam Langley <alangley@gmail.com> Tue May 26 11:36:46 2015 -0700
committer Adam Langley <agl@google.com> Fri Jun 05 18:39:44 2015 +0000
tree 0ab948fffb1c878944ef828f0cb567691b7ccebd
parent af0e32cb84f0c9cc65b9233a3414d2562642b342

Multi-prime RSA support.

RSA with more than two primes is specified in
https://tools.ietf.org/html/rfc3447, although the idea goes back far
earier than that.

This change ports some of the changes in
http://rt.openssl.org/Ticket/Display.html?id=3477&user=guest&pass=guest
to BoringSSL—specifically those bits that are under an OpenSSL license.

Change-Id: I51e8e345e2148702b8ce12e00518f6ef4683d3e1
Reviewed-on: https://boringssl-review.googlesource.com/4870
Reviewed-by: Adam Langley <agl@google.com>

include/openssl/rsa.h

diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 9b415d7..ff0a9a9 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -100,6 +100,12 @@
 OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
                                        BN_GENCB *cb);
 
+/* RSA_generate_multi_prime_key acts like |RSA_generate_key_ex| but can
+ * generate an RSA private key with more than two primes. */
+OPENSSL_EXPORT int RSA_generate_multi_prime_key(RSA *rsa, int bits,
+                                                int num_primes, BIGNUM *e,
+                                                BN_GENCB *cb);
+
 
 /* Encryption / Decryption */
 
@@ -450,6 +456,9 @@
 
   int (*keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
 
+  int (*multi_prime_keygen)(RSA *rsa, int bits, int num_primes, BIGNUM *e,
+                            BN_GENCB *cb);
+
   /* supports_digest returns one if |rsa| supports digests of type
    * |md|. If null, it is assumed that all digests are supported. */
   int (*supports_digest)(const RSA *rsa, const EVP_MD *md);
@@ -473,6 +482,9 @@
   BIGNUM *dmp1;
   BIGNUM *dmq1;
   BIGNUM *iqmp;
+
+  STACK_OF(RSA_additional_prime) *additional_primes;
+
   /* be careful using this if the RSA structure is shared */
   CRYPTO_EX_DATA ex_data;
   CRYPTO_refcount_t references;
@@ -530,6 +542,7 @@
 #define RSA_F_rsa_setup_blinding 125
 #define RSA_F_sign_raw 126
 #define RSA_F_verify_raw 127
+#define RSA_F_keygen_multiprime 128
 #define RSA_R_BAD_E_VALUE 100
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT 101
 #define RSA_R_BAD_PAD_BYTE_COUNT 102
@@ -571,5 +584,7 @@
 #define RSA_R_UNKNOWN_PADDING_TYPE 138
 #define RSA_R_VALUE_MISSING 139
 #define RSA_R_WRONG_SIGNATURE_LENGTH 140
+#define RSA_R_MUST_HAVE_AT_LEAST_TWO_PRIMES 141
+#define RSA_R_CANNOT_RECOVER_MULTI_PRIME_KEY 142
 
 #endif  /* OPENSSL_HEADER_RSA_H */