1 /* $OpenBSD: rsa_ameth.c,v 1.19 2018/08/24 20:22:15 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/opensslconf.h> 62 63 #include <openssl/asn1t.h> 64 #include <openssl/bn.h> 65 #include <openssl/err.h> 66 #include <openssl/rsa.h> 67 #include <openssl/x509.h> 68 69 70 #include "asn1_locl.h" 71 72 static int 73 rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 74 { 75 unsigned char *penc = NULL; 76 int penclen; 77 78 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); 79 if (penclen <= 0) 80 return 0; 81 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), 82 V_ASN1_NULL, NULL, penc, penclen)) 83 return 1; 84 85 free(penc); 86 return 0; 87 } 88 89 static int 90 rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 91 { 92 const unsigned char *p; 93 int pklen; 94 RSA *rsa = NULL; 95 96 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) 97 return 0; 98 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { 99 RSAerror(ERR_R_RSA_LIB); 100 return 0; 101 } 102 EVP_PKEY_assign_RSA (pkey, rsa); 103 return 1; 104 } 105 106 static int 107 rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 108 { 109 if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 || 110 BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) 111 return 0; 112 return 1; 113 } 114 115 static int 116 old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) 117 { 118 RSA *rsa; 119 120 if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) { 121 RSAerror(ERR_R_RSA_LIB); 122 return 0; 123 } 124 EVP_PKEY_assign_RSA(pkey, rsa); 125 return 1; 126 } 127 128 static int 129 old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) 130 { 131 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); 132 } 133 134 static int 135 rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 136 { 137 unsigned char *rk = NULL; 138 int rklen; 139 140 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); 141 142 if (rklen <= 0) { 143 RSAerror(ERR_R_MALLOC_FAILURE); 144 return 0; 145 } 146 147 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, 148 V_ASN1_NULL, NULL, rk, rklen)) { 149 RSAerror(ERR_R_MALLOC_FAILURE); 150 return 0; 151 } 152 153 return 1; 154 } 155 156 static int 157 rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) 158 { 159 const unsigned char *p; 160 int pklen; 161 162 if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) 163 return 0; 164 return old_rsa_priv_decode(pkey, &p, pklen); 165 } 166 167 static int 168 int_rsa_size(const EVP_PKEY *pkey) 169 { 170 return RSA_size(pkey->pkey.rsa); 171 } 172 173 static int 174 rsa_bits(const EVP_PKEY *pkey) 175 { 176 return BN_num_bits(pkey->pkey.rsa->n); 177 } 178 179 static void 180 int_rsa_free(EVP_PKEY *pkey) 181 { 182 RSA_free(pkey->pkey.rsa); 183 } 184 185 static void 186 update_buflen(const BIGNUM *b, size_t *pbuflen) 187 { 188 size_t i; 189 190 if (!b) 191 return; 192 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 193 *pbuflen = i; 194 } 195 196 static int 197 do_rsa_print(BIO *bp, const RSA *x, int off, int priv) 198 { 199 char *str; 200 const char *s; 201 unsigned char *m = NULL; 202 int ret = 0, mod_len = 0; 203 size_t buf_len = 0; 204 205 update_buflen(x->n, &buf_len); 206 update_buflen(x->e, &buf_len); 207 208 if (priv) { 209 update_buflen(x->d, &buf_len); 210 update_buflen(x->p, &buf_len); 211 update_buflen(x->q, &buf_len); 212 update_buflen(x->dmp1, &buf_len); 213 update_buflen(x->dmq1, &buf_len); 214 update_buflen(x->iqmp, &buf_len); 215 } 216 217 m = malloc(buf_len + 10); 218 if (m == NULL) { 219 RSAerror(ERR_R_MALLOC_FAILURE); 220 goto err; 221 } 222 223 if (x->n != NULL) 224 mod_len = BN_num_bits(x->n); 225 226 if (!BIO_indent(bp, off, 128)) 227 goto err; 228 229 if (priv && x->d) { 230 if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) 231 goto err; 232 str = "modulus:"; 233 s = "publicExponent:"; 234 } else { 235 if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) 236 goto err; 237 str = "Modulus:"; 238 s= "Exponent:"; 239 } 240 if (!ASN1_bn_print(bp, str, x->n, m, off)) 241 goto err; 242 if (!ASN1_bn_print(bp, s, x->e, m, off)) 243 goto err; 244 if (priv) { 245 if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off)) 246 goto err; 247 if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) 248 goto err; 249 if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) 250 goto err; 251 if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) 252 goto err; 253 if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) 254 goto err; 255 if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) 256 goto err; 257 } 258 ret = 1; 259 err: 260 free(m); 261 return (ret); 262 } 263 264 static int 265 rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) 266 { 267 return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); 268 } 269 270 static int 271 rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) 272 { 273 return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); 274 } 275 276 static RSA_PSS_PARAMS * 277 rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) 278 { 279 const unsigned char *p; 280 int plen; 281 RSA_PSS_PARAMS *pss; 282 283 *pmaskHash = NULL; 284 285 if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) 286 return NULL; 287 288 p = alg->parameter->value.sequence->data; 289 plen = alg->parameter->value.sequence->length; 290 pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); 291 292 if (!pss) 293 return NULL; 294 295 if (pss->maskGenAlgorithm) { 296 ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; 297 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 && 298 param && param->type == V_ASN1_SEQUENCE) { 299 p = param->value.sequence->data; 300 plen = param->value.sequence->length; 301 *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); 302 } 303 } 304 305 return pss; 306 } 307 308 static int 309 rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash, 310 int indent) 311 { 312 int rv = 0; 313 314 if (!pss) { 315 if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) 316 return 0; 317 return 1; 318 } 319 if (BIO_puts(bp, "\n") <= 0) 320 goto err; 321 if (!BIO_indent(bp, indent, 128)) 322 goto err; 323 if (BIO_puts(bp, "Hash Algorithm: ") <= 0) 324 goto err; 325 326 if (pss->hashAlgorithm) { 327 if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) 328 goto err; 329 } else if (BIO_puts(bp, "sha1 (default)") <= 0) 330 goto err; 331 332 if (BIO_puts(bp, "\n") <= 0) 333 goto err; 334 335 if (!BIO_indent(bp, indent, 128)) 336 goto err; 337 338 if (BIO_puts(bp, "Mask Algorithm: ") <= 0) 339 goto err; 340 if (pss->maskGenAlgorithm) { 341 if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) 342 goto err; 343 if (BIO_puts(bp, " with ") <= 0) 344 goto err; 345 if (maskHash) { 346 if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) 347 goto err; 348 } else if (BIO_puts(bp, "INVALID") <= 0) 349 goto err; 350 } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) 351 goto err; 352 BIO_puts(bp, "\n"); 353 354 if (!BIO_indent(bp, indent, 128)) 355 goto err; 356 if (BIO_puts(bp, "Salt Length: 0x") <= 0) 357 goto err; 358 if (pss->saltLength) { 359 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) 360 goto err; 361 } else if (BIO_puts(bp, "14 (default)") <= 0) 362 goto err; 363 BIO_puts(bp, "\n"); 364 365 if (!BIO_indent(bp, indent, 128)) 366 goto err; 367 if (BIO_puts(bp, "Trailer Field: 0x") <= 0) 368 goto err; 369 if (pss->trailerField) { 370 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) 371 goto err; 372 } else if (BIO_puts(bp, "BC (default)") <= 0) 373 goto err; 374 BIO_puts(bp, "\n"); 375 376 rv = 1; 377 378 err: 379 return rv; 380 } 381 382 static int 383 rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, 384 int indent, ASN1_PCTX *pctx) 385 { 386 if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) { 387 int rv; 388 RSA_PSS_PARAMS *pss; 389 X509_ALGOR *maskHash; 390 pss = rsa_pss_decode(sigalg, &maskHash); 391 rv = rsa_pss_param_print(bp, pss, maskHash, indent); 392 if (pss) 393 RSA_PSS_PARAMS_free(pss); 394 if (maskHash) 395 X509_ALGOR_free(maskHash); 396 if (!rv) 397 return 0; 398 } else if (!sig && BIO_puts(bp, "\n") <= 0) 399 return 0; 400 if (sig) 401 return X509_signature_dump(bp, sig, indent); 402 return 1; 403 } 404 405 static int 406 rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 407 { 408 X509_ALGOR *alg = NULL; 409 410 switch (op) { 411 case ASN1_PKEY_CTRL_PKCS7_SIGN: 412 if (arg1 == 0) 413 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); 414 break; 415 416 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: 417 if (arg1 == 0) 418 PKCS7_RECIP_INFO_get0_alg(arg2, &alg); 419 break; 420 421 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 422 *(int *)arg2 = NID_sha1; 423 return 1; 424 425 default: 426 return -2; 427 } 428 429 if (alg) 430 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), 431 V_ASN1_NULL, 0); 432 433 return 1; 434 } 435 436 /* Customised RSA item verification routine. This is called 437 * when a signature is encountered requiring special handling. We 438 * currently only handle PSS. 439 */ 440 static int 441 rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 442 X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey) 443 { 444 int rv = -1; 445 int saltlen; 446 const EVP_MD *mgf1md = NULL, *md = NULL; 447 RSA_PSS_PARAMS *pss; 448 X509_ALGOR *maskHash; 449 EVP_PKEY_CTX *pkctx; 450 451 /* Sanity check: make sure it is PSS */ 452 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { 453 RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE); 454 return -1; 455 } 456 457 /* Decode PSS parameters */ 458 pss = rsa_pss_decode(sigalg, &maskHash); 459 460 if (pss == NULL) { 461 RSAerror(RSA_R_INVALID_PSS_PARAMETERS); 462 goto err; 463 } 464 /* Check mask and lookup mask hash algorithm */ 465 if (pss->maskGenAlgorithm) { 466 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) { 467 RSAerror(RSA_R_UNSUPPORTED_MASK_ALGORITHM); 468 goto err; 469 } 470 if (!maskHash) { 471 RSAerror(RSA_R_UNSUPPORTED_MASK_PARAMETER); 472 goto err; 473 } 474 mgf1md = EVP_get_digestbyobj(maskHash->algorithm); 475 if (mgf1md == NULL) { 476 RSAerror(RSA_R_UNKNOWN_MASK_DIGEST); 477 goto err; 478 } 479 } else 480 mgf1md = EVP_sha1(); 481 482 if (pss->hashAlgorithm) { 483 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm); 484 if (md == NULL) { 485 RSAerror(RSA_R_UNKNOWN_PSS_DIGEST); 486 goto err; 487 } 488 } else 489 md = EVP_sha1(); 490 491 if (pss->saltLength) { 492 saltlen = ASN1_INTEGER_get(pss->saltLength); 493 494 /* Could perform more salt length sanity checks but the main 495 * RSA routines will trap other invalid values anyway. 496 */ 497 if (saltlen < 0) { 498 RSAerror(RSA_R_INVALID_SALT_LENGTH); 499 goto err; 500 } 501 } else 502 saltlen = 20; 503 504 /* low-level routines support only trailer field 0xbc (value 1) 505 * and PKCS#1 says we should reject any other value anyway. 506 */ 507 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { 508 RSAerror(RSA_R_INVALID_TRAILER); 509 goto err; 510 } 511 512 /* We have all parameters now set up context */ 513 514 if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) 515 goto err; 516 517 if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) 518 goto err; 519 520 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) 521 goto err; 522 523 if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) 524 goto err; 525 /* Carry on */ 526 rv = 2; 527 528 err: 529 RSA_PSS_PARAMS_free(pss); 530 if (maskHash) 531 X509_ALGOR_free(maskHash); 532 return rv; 533 } 534 535 static int 536 rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 537 X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig) 538 { 539 int pad_mode; 540 EVP_PKEY_CTX *pkctx = ctx->pctx; 541 542 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) 543 return 0; 544 if (pad_mode == RSA_PKCS1_PADDING) 545 return 2; 546 if (pad_mode == RSA_PKCS1_PSS_PADDING) { 547 const EVP_MD *sigmd, *mgf1md; 548 RSA_PSS_PARAMS *pss = NULL; 549 X509_ALGOR *mgf1alg = NULL; 550 ASN1_STRING *os1 = NULL, *os2 = NULL; 551 EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); 552 int saltlen, rv = 0; 553 554 sigmd = EVP_MD_CTX_md(ctx); 555 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) 556 goto err; 557 if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) 558 goto err; 559 if (saltlen == -1) 560 saltlen = EVP_MD_size(sigmd); 561 else if (saltlen == -2) { 562 saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; 563 if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) 564 saltlen--; 565 } 566 pss = RSA_PSS_PARAMS_new(); 567 if (!pss) 568 goto err; 569 if (saltlen != 20) { 570 pss->saltLength = ASN1_INTEGER_new(); 571 if (!pss->saltLength) 572 goto err; 573 if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) 574 goto err; 575 } 576 if (EVP_MD_type(sigmd) != NID_sha1) { 577 pss->hashAlgorithm = X509_ALGOR_new(); 578 if (!pss->hashAlgorithm) 579 goto err; 580 X509_ALGOR_set_md(pss->hashAlgorithm, sigmd); 581 } 582 if (EVP_MD_type(mgf1md) != NID_sha1) { 583 ASN1_STRING *stmp = NULL; 584 /* need to embed algorithm ID inside another */ 585 mgf1alg = X509_ALGOR_new(); 586 X509_ALGOR_set_md(mgf1alg, mgf1md); 587 if (!ASN1_item_pack(mgf1alg, &X509_ALGOR_it, 588 &stmp)) 589 goto err; 590 pss->maskGenAlgorithm = X509_ALGOR_new(); 591 if (!pss->maskGenAlgorithm) 592 goto err; 593 X509_ALGOR_set0(pss->maskGenAlgorithm, 594 OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); 595 } 596 /* Finally create string with pss parameter encoding. */ 597 if (!ASN1_item_pack(pss, &RSA_PSS_PARAMS_it, &os1)) 598 goto err; 599 if (alg2) { 600 os2 = ASN1_STRING_dup(os1); 601 if (!os2) 602 goto err; 603 X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), 604 V_ASN1_SEQUENCE, os2); 605 } 606 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), 607 V_ASN1_SEQUENCE, os1); 608 os1 = os2 = NULL; 609 rv = 3; 610 err: 611 if (mgf1alg) 612 X509_ALGOR_free(mgf1alg); 613 if (pss) 614 RSA_PSS_PARAMS_free(pss); 615 ASN1_STRING_free(os1); 616 return rv; 617 } 618 return 2; 619 } 620 621 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { 622 { 623 .pkey_id = EVP_PKEY_RSA, 624 .pkey_base_id = EVP_PKEY_RSA, 625 .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, 626 627 .pem_str = "RSA", 628 .info = "OpenSSL RSA method", 629 630 .pub_decode = rsa_pub_decode, 631 .pub_encode = rsa_pub_encode, 632 .pub_cmp = rsa_pub_cmp, 633 .pub_print = rsa_pub_print, 634 635 .priv_decode = rsa_priv_decode, 636 .priv_encode = rsa_priv_encode, 637 .priv_print = rsa_priv_print, 638 639 .pkey_size = int_rsa_size, 640 .pkey_bits = rsa_bits, 641 642 .sig_print = rsa_sig_print, 643 644 .pkey_free = int_rsa_free, 645 .pkey_ctrl = rsa_pkey_ctrl, 646 .old_priv_decode = old_rsa_priv_decode, 647 .old_priv_encode = old_rsa_priv_encode, 648 .item_verify = rsa_item_verify, 649 .item_sign = rsa_item_sign 650 }, 651 652 { 653 .pkey_id = EVP_PKEY_RSA2, 654 .pkey_base_id = EVP_PKEY_RSA, 655 .pkey_flags = ASN1_PKEY_ALIAS 656 } 657 }; 658