1 /* crypto/rsa/rsa_ameth.c */
2 /*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 2006.
5 */
6 /* ====================================================================
7 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60 #include <stdio.h>
61 #include "cryptlib.h"
62 #include <openssl/asn1t.h>
63 #include <openssl/x509.h>
64 #include <openssl/rsa.h>
65 #include <openssl/bn.h>
66 #ifndef OPENSSL_NO_CMS
67 # include <openssl/cms.h>
68 #endif
69 #include "asn1_locl.h"
70
rsa_pub_encode(X509_PUBKEY * pk,const EVP_PKEY * pkey)71 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
72 {
73 unsigned char *penc = NULL;
74 int penclen;
75 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
76 if (penclen <= 0)
77 return 0;
78 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
79 V_ASN1_NULL, NULL, penc, penclen))
80 return 1;
81
82 OPENSSL_free(penc);
83 return 0;
84 }
85
rsa_pub_decode(EVP_PKEY * pkey,X509_PUBKEY * pubkey)86 static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
87 {
88 const unsigned char *p;
89 int pklen;
90 RSA *rsa = NULL;
91 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
92 return 0;
93 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
94 RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
95 return 0;
96 }
97 EVP_PKEY_assign_RSA(pkey, rsa);
98 return 1;
99 }
100
rsa_pub_cmp(const EVP_PKEY * a,const EVP_PKEY * b)101 static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
102 {
103 if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
104 || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
105 return 0;
106 return 1;
107 }
108
old_rsa_priv_decode(EVP_PKEY * pkey,const unsigned char ** pder,int derlen)109 static int old_rsa_priv_decode(EVP_PKEY *pkey,
110 const unsigned char **pder, int derlen)
111 {
112 RSA *rsa;
113 if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) {
114 RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
115 return 0;
116 }
117 EVP_PKEY_assign_RSA(pkey, rsa);
118 return 1;
119 }
120
old_rsa_priv_encode(const EVP_PKEY * pkey,unsigned char ** pder)121 static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
122 {
123 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
124 }
125
rsa_priv_encode(PKCS8_PRIV_KEY_INFO * p8,const EVP_PKEY * pkey)126 static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
127 {
128 unsigned char *rk = NULL;
129 int rklen;
130 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
131
132 if (rklen <= 0) {
133 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
134 return 0;
135 }
136
137 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
138 V_ASN1_NULL, NULL, rk, rklen)) {
139 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
140 return 0;
141 }
142
143 return 1;
144 }
145
rsa_priv_decode(EVP_PKEY * pkey,PKCS8_PRIV_KEY_INFO * p8)146 static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
147 {
148 const unsigned char *p;
149 int pklen;
150 if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
151 return 0;
152 return old_rsa_priv_decode(pkey, &p, pklen);
153 }
154
int_rsa_size(const EVP_PKEY * pkey)155 static int int_rsa_size(const EVP_PKEY *pkey)
156 {
157 return RSA_size(pkey->pkey.rsa);
158 }
159
rsa_bits(const EVP_PKEY * pkey)160 static int rsa_bits(const EVP_PKEY *pkey)
161 {
162 return BN_num_bits(pkey->pkey.rsa->n);
163 }
164
int_rsa_free(EVP_PKEY * pkey)165 static void int_rsa_free(EVP_PKEY *pkey)
166 {
167 RSA_free(pkey->pkey.rsa);
168 }
169
update_buflen(const BIGNUM * b,size_t * pbuflen)170 static void update_buflen(const BIGNUM *b, size_t *pbuflen)
171 {
172 size_t i;
173 if (!b)
174 return;
175 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
176 *pbuflen = i;
177 }
178
do_rsa_print(BIO * bp,const RSA * x,int off,int priv)179 static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
180 {
181 char *str;
182 const char *s;
183 unsigned char *m = NULL;
184 int ret = 0, mod_len = 0;
185 size_t buf_len = 0;
186
187 update_buflen(x->n, &buf_len);
188 update_buflen(x->e, &buf_len);
189
190 if (priv) {
191 update_buflen(x->d, &buf_len);
192 update_buflen(x->p, &buf_len);
193 update_buflen(x->q, &buf_len);
194 update_buflen(x->dmp1, &buf_len);
195 update_buflen(x->dmq1, &buf_len);
196 update_buflen(x->iqmp, &buf_len);
197 }
198
199 m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
200 if (m == NULL) {
201 RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
202 goto err;
203 }
204
205 if (x->n != NULL)
206 mod_len = BN_num_bits(x->n);
207
208 if (!BIO_indent(bp, off, 128))
209 goto err;
210
211 if (priv && x->d) {
212 if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len)
213 <= 0)
214 goto err;
215 str = "modulus:";
216 s = "publicExponent:";
217 } else {
218 if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len)
219 <= 0)
220 goto err;
221 str = "Modulus:";
222 s = "Exponent:";
223 }
224 if (!ASN1_bn_print(bp, str, x->n, m, off))
225 goto err;
226 if (!ASN1_bn_print(bp, s, x->e, m, off))
227 goto err;
228 if (priv) {
229 if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off))
230 goto err;
231 if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
232 goto err;
233 if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
234 goto err;
235 if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
236 goto err;
237 if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
238 goto err;
239 if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
240 goto err;
241 }
242 ret = 1;
243 err:
244 if (m != NULL)
245 OPENSSL_free(m);
246 return (ret);
247 }
248
rsa_pub_print(BIO * bp,const EVP_PKEY * pkey,int indent,ASN1_PCTX * ctx)249 static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
250 ASN1_PCTX *ctx)
251 {
252 return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
253 }
254
rsa_priv_print(BIO * bp,const EVP_PKEY * pkey,int indent,ASN1_PCTX * ctx)255 static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
256 ASN1_PCTX *ctx)
257 {
258 return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
259 }
260
rsa_pss_decode(const X509_ALGOR * alg,X509_ALGOR ** pmaskHash)261 static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
262 X509_ALGOR **pmaskHash)
263 {
264 const unsigned char *p;
265 int plen;
266 RSA_PSS_PARAMS *pss;
267
268 *pmaskHash = NULL;
269
270 if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
271 return NULL;
272 p = alg->parameter->value.sequence->data;
273 plen = alg->parameter->value.sequence->length;
274 pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
275
276 if (!pss)
277 return NULL;
278
279 if (pss->maskGenAlgorithm) {
280 ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
281 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
282 && param->type == V_ASN1_SEQUENCE) {
283 p = param->value.sequence->data;
284 plen = param->value.sequence->length;
285 *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
286 }
287 }
288
289 return pss;
290 }
291
rsa_pss_param_print(BIO * bp,RSA_PSS_PARAMS * pss,X509_ALGOR * maskHash,int indent)292 static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
293 X509_ALGOR *maskHash, int indent)
294 {
295 int rv = 0;
296 if (!pss) {
297 if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
298 return 0;
299 return 1;
300 }
301 if (BIO_puts(bp, "\n") <= 0)
302 goto err;
303 if (!BIO_indent(bp, indent, 128))
304 goto err;
305 if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
306 goto err;
307
308 if (pss->hashAlgorithm) {
309 if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
310 goto err;
311 } else if (BIO_puts(bp, "sha1 (default)") <= 0)
312 goto err;
313
314 if (BIO_puts(bp, "\n") <= 0)
315 goto err;
316
317 if (!BIO_indent(bp, indent, 128))
318 goto err;
319
320 if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
321 goto err;
322 if (pss->maskGenAlgorithm) {
323 if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
324 goto err;
325 if (BIO_puts(bp, " with ") <= 0)
326 goto err;
327 if (maskHash) {
328 if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
329 goto err;
330 } else if (BIO_puts(bp, "INVALID") <= 0)
331 goto err;
332 } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
333 goto err;
334 BIO_puts(bp, "\n");
335
336 if (!BIO_indent(bp, indent, 128))
337 goto err;
338 if (BIO_puts(bp, "Salt Length: 0x") <= 0)
339 goto err;
340 if (pss->saltLength) {
341 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
342 goto err;
343 } else if (BIO_puts(bp, "14 (default)") <= 0)
344 goto err;
345 BIO_puts(bp, "\n");
346
347 if (!BIO_indent(bp, indent, 128))
348 goto err;
349 if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
350 goto err;
351 if (pss->trailerField) {
352 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
353 goto err;
354 } else if (BIO_puts(bp, "BC (default)") <= 0)
355 goto err;
356 BIO_puts(bp, "\n");
357
358 rv = 1;
359
360 err:
361 return rv;
362
363 }
364
rsa_sig_print(BIO * bp,const X509_ALGOR * sigalg,const ASN1_STRING * sig,int indent,ASN1_PCTX * pctx)365 static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
366 const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
367 {
368 if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
369 int rv;
370 RSA_PSS_PARAMS *pss;
371 X509_ALGOR *maskHash;
372 pss = rsa_pss_decode(sigalg, &maskHash);
373 rv = rsa_pss_param_print(bp, pss, maskHash, indent);
374 if (pss)
375 RSA_PSS_PARAMS_free(pss);
376 if (maskHash)
377 X509_ALGOR_free(maskHash);
378 if (!rv)
379 return 0;
380 } else if (!sig && BIO_puts(bp, "\n") <= 0)
381 return 0;
382 if (sig)
383 return X509_signature_dump(bp, sig, indent);
384 return 1;
385 }
386
rsa_pkey_ctrl(EVP_PKEY * pkey,int op,long arg1,void * arg2)387 static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
388 {
389 X509_ALGOR *alg = NULL;
390 switch (op) {
391
392 case ASN1_PKEY_CTRL_PKCS7_SIGN:
393 if (arg1 == 0)
394 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
395 break;
396
397 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
398 if (arg1 == 0)
399 PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
400 break;
401 #ifndef OPENSSL_NO_CMS
402 case ASN1_PKEY_CTRL_CMS_SIGN:
403 if (arg1 == 0)
404 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
405 break;
406
407 case ASN1_PKEY_CTRL_CMS_ENVELOPE:
408 if (arg1 == 0)
409 CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
410 break;
411 #endif
412
413 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
414 *(int *)arg2 = NID_sha1;
415 return 1;
416
417 default:
418 return -2;
419
420 }
421
422 if (alg)
423 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
424
425 return 1;
426
427 }
428
429 /*
430 * Customised RSA item verification routine. This is called when a signature
431 * is encountered requiring special handling. We currently only handle PSS.
432 */
433
rsa_item_verify(EVP_MD_CTX * ctx,const ASN1_ITEM * it,void * asn,X509_ALGOR * sigalg,ASN1_BIT_STRING * sig,EVP_PKEY * pkey)434 static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
435 X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
436 EVP_PKEY *pkey)
437 {
438 int rv = -1;
439 int saltlen;
440 const EVP_MD *mgf1md = NULL, *md = NULL;
441 RSA_PSS_PARAMS *pss;
442 X509_ALGOR *maskHash;
443 EVP_PKEY_CTX *pkctx;
444 /* Sanity check: make sure it is PSS */
445 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
446 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
447 return -1;
448 }
449 /* Decode PSS parameters */
450 pss = rsa_pss_decode(sigalg, &maskHash);
451
452 if (pss == NULL) {
453 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
454 goto err;
455 }
456 /* Check mask and lookup mask hash algorithm */
457 if (pss->maskGenAlgorithm) {
458 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
459 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
460 goto err;
461 }
462 if (!maskHash) {
463 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_PARAMETER);
464 goto err;
465 }
466 mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
467 if (mgf1md == NULL) {
468 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_MASK_DIGEST);
469 goto err;
470 }
471 } else
472 mgf1md = EVP_sha1();
473
474 if (pss->hashAlgorithm) {
475 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
476 if (md == NULL) {
477 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
478 goto err;
479 }
480 } else
481 md = EVP_sha1();
482
483 if (pss->saltLength) {
484 saltlen = ASN1_INTEGER_get(pss->saltLength);
485
486 /*
487 * Could perform more salt length sanity checks but the main RSA
488 * routines will trap other invalid values anyway.
489 */
490 if (saltlen < 0) {
491 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_SALT_LENGTH);
492 goto err;
493 }
494 } else
495 saltlen = 20;
496
497 /*
498 * low-level routines support only trailer field 0xbc (value 1) and
499 * PKCS#1 says we should reject any other value anyway.
500 */
501 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
502 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
503 goto err;
504 }
505
506 /* We have all parameters now set up context */
507
508 if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
509 goto err;
510
511 if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
512 goto err;
513
514 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
515 goto err;
516
517 if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
518 goto err;
519 /* Carry on */
520 rv = 2;
521
522 err:
523 RSA_PSS_PARAMS_free(pss);
524 if (maskHash)
525 X509_ALGOR_free(maskHash);
526 return rv;
527 }
528
rsa_item_sign(EVP_MD_CTX * ctx,const ASN1_ITEM * it,void * asn,X509_ALGOR * alg1,X509_ALGOR * alg2,ASN1_BIT_STRING * sig)529 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
530 X509_ALGOR *alg1, X509_ALGOR *alg2,
531 ASN1_BIT_STRING *sig)
532 {
533 int pad_mode;
534 EVP_PKEY_CTX *pkctx = ctx->pctx;
535 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
536 return 0;
537 if (pad_mode == RSA_PKCS1_PADDING)
538 return 2;
539 if (pad_mode == RSA_PKCS1_PSS_PADDING) {
540 const EVP_MD *sigmd, *mgf1md;
541 RSA_PSS_PARAMS *pss = NULL;
542 X509_ALGOR *mgf1alg = NULL;
543 ASN1_STRING *os1 = NULL, *os2 = NULL;
544 EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
545 int saltlen, rv = 0;
546 sigmd = EVP_MD_CTX_md(ctx);
547 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
548 goto err;
549 if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
550 goto err;
551 if (saltlen == -1)
552 saltlen = EVP_MD_size(sigmd);
553 else if (saltlen == -2) {
554 saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
555 if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
556 saltlen--;
557 }
558 pss = RSA_PSS_PARAMS_new();
559 if (!pss)
560 goto err;
561 if (saltlen != 20) {
562 pss->saltLength = ASN1_INTEGER_new();
563 if (!pss->saltLength)
564 goto err;
565 if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
566 goto err;
567 }
568 if (EVP_MD_type(sigmd) != NID_sha1) {
569 pss->hashAlgorithm = X509_ALGOR_new();
570 if (!pss->hashAlgorithm)
571 goto err;
572 X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
573 }
574 if (EVP_MD_type(mgf1md) != NID_sha1) {
575 ASN1_STRING *stmp = NULL;
576 /* need to embed algorithm ID inside another */
577 mgf1alg = X509_ALGOR_new();
578 X509_ALGOR_set_md(mgf1alg, mgf1md);
579 if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR), &stmp))
580 goto err;
581 pss->maskGenAlgorithm = X509_ALGOR_new();
582 if (!pss->maskGenAlgorithm)
583 goto err;
584 X509_ALGOR_set0(pss->maskGenAlgorithm,
585 OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
586 }
587 /* Finally create string with pss parameter encoding. */
588 if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
589 goto err;
590 if (alg2) {
591 os2 = ASN1_STRING_dup(os1);
592 if (!os2)
593 goto err;
594 X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
595 V_ASN1_SEQUENCE, os2);
596 }
597 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
598 V_ASN1_SEQUENCE, os1);
599 os1 = os2 = NULL;
600 rv = 3;
601 err:
602 if (mgf1alg)
603 X509_ALGOR_free(mgf1alg);
604 if (pss)
605 RSA_PSS_PARAMS_free(pss);
606 if (os1)
607 ASN1_STRING_free(os1);
608 return rv;
609
610 }
611 return 2;
612 }
613
614 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
615 {
616 EVP_PKEY_RSA,
617 EVP_PKEY_RSA,
618 ASN1_PKEY_SIGPARAM_NULL,
619
620 "RSA",
621 "OpenSSL RSA method",
622
623 rsa_pub_decode,
624 rsa_pub_encode,
625 rsa_pub_cmp,
626 rsa_pub_print,
627
628 rsa_priv_decode,
629 rsa_priv_encode,
630 rsa_priv_print,
631
632 int_rsa_size,
633 rsa_bits,
634
635 0, 0, 0, 0, 0, 0,
636
637 rsa_sig_print,
638 int_rsa_free,
639 rsa_pkey_ctrl,
640 old_rsa_priv_decode,
641 old_rsa_priv_encode,
642 rsa_item_verify,
643 rsa_item_sign},
644
645 {
646 EVP_PKEY_RSA2,
647 EVP_PKEY_RSA,
648 ASN1_PKEY_ALIAS}
649 };
650