1 /* $OpenBSD: rsa_ameth.c,v 1.14 2015/02/11 04:05:14 beck Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/opensslconf.h> 62 63 #include <openssl/asn1t.h> 64 #include <openssl/bn.h> 65 #include <openssl/err.h> 66 #include <openssl/rsa.h> 67 #include <openssl/x509.h> 68 69 #ifndef OPENSSL_NO_CMS 70 #include <openssl/cms.h> 71 #endif 72 73 #include "asn1_locl.h" 74 75 static int 76 rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 77 { 78 unsigned char *penc = NULL; 79 int penclen; 80 81 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); 82 if (penclen <= 0) 83 return 0; 84 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), 85 V_ASN1_NULL, NULL, penc, penclen)) 86 return 1; 87 88 free(penc); 89 return 0; 90 } 91 92 static int 93 rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 94 { 95 const unsigned char *p; 96 int pklen; 97 RSA *rsa = NULL; 98 99 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) 100 return 0; 101 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { 102 RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); 103 return 0; 104 } 105 EVP_PKEY_assign_RSA (pkey, rsa); 106 return 1; 107 } 108 109 static int 110 rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 111 { 112 if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 || 113 BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) 114 return 0; 115 return 1; 116 } 117 118 static int 119 old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) 120 { 121 RSA *rsa; 122 123 if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) { 124 RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); 125 return 0; 126 } 127 EVP_PKEY_assign_RSA(pkey, rsa); 128 return 1; 129 } 130 131 static int 132 old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) 133 { 134 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); 135 } 136 137 static int 138 rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 139 { 140 unsigned char *rk = NULL; 141 int rklen; 142 143 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); 144 145 if (rklen <= 0) { 146 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); 147 return 0; 148 } 149 150 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, 151 V_ASN1_NULL, NULL, rk, rklen)) { 152 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); 153 return 0; 154 } 155 156 return 1; 157 } 158 159 static int 160 rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 161 { 162 const unsigned char *p; 163 int pklen; 164 165 if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) 166 return 0; 167 return old_rsa_priv_decode(pkey, &p, pklen); 168 } 169 170 static int 171 int_rsa_size(const EVP_PKEY *pkey) 172 { 173 return RSA_size(pkey->pkey.rsa); 174 } 175 176 static int 177 rsa_bits(const EVP_PKEY *pkey) 178 { 179 return BN_num_bits(pkey->pkey.rsa->n); 180 } 181 182 static void 183 int_rsa_free(EVP_PKEY *pkey) 184 { 185 RSA_free(pkey->pkey.rsa); 186 } 187 188 static void 189 update_buflen(const BIGNUM *b, size_t *pbuflen) 190 { 191 size_t i; 192 193 if (!b) 194 return; 195 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 196 *pbuflen = i; 197 } 198 199 static int 200 do_rsa_print(BIO *bp, const RSA *x, int off, int priv) 201 { 202 char *str; 203 const char *s; 204 unsigned char *m = NULL; 205 int ret = 0, mod_len = 0; 206 size_t buf_len = 0; 207 208 update_buflen(x->n, &buf_len); 209 update_buflen(x->e, &buf_len); 210 211 if (priv) { 212 update_buflen(x->d, &buf_len); 213 update_buflen(x->p, &buf_len); 214 update_buflen(x->q, &buf_len); 215 update_buflen(x->dmp1, &buf_len); 216 update_buflen(x->dmq1, &buf_len); 217 update_buflen(x->iqmp, &buf_len); 218 } 219 220 m = malloc(buf_len + 10); 221 if (m == NULL) { 222 RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); 223 goto err; 224 } 225 226 if (x->n != NULL) 227 mod_len = BN_num_bits(x->n); 228 229 if (!BIO_indent(bp, off, 128)) 230 goto err; 231 232 if (priv && x->d) { 233 if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) 234 goto err; 235 str = "modulus:"; 236 s = "publicExponent:"; 237 } else { 238 if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) 239 goto err; 240 str = "Modulus:"; 241 s= "Exponent:"; 242 } 243 if (!ASN1_bn_print(bp, str, x->n, m, off)) 244 goto err; 245 if (!ASN1_bn_print(bp, s, x->e, m, off)) 246 goto err; 247 if (priv) { 248 if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off)) 249 goto err; 250 if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) 251 goto err; 252 if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) 253 goto err; 254 if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) 255 goto err; 256 if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) 257 goto err; 258 if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) 259 goto err; 260 } 261 ret = 1; 262 err: 263 free(m); 264 return (ret); 265 } 266 267 static int 268 rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) 269 { 270 return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); 271 } 272 273 static int 274 rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) 275 { 276 return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); 277 } 278 279 static RSA_PSS_PARAMS * 280 rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) 281 { 282 const unsigned char *p; 283 int plen; 284 RSA_PSS_PARAMS *pss; 285 286 *pmaskHash = NULL; 287 288 if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) 289 return NULL; 290 291 p = alg->parameter->value.sequence->data; 292 plen = alg->parameter->value.sequence->length; 293 pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); 294 295 if (!pss) 296 return NULL; 297 298 if (pss->maskGenAlgorithm) { 299 ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; 300 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 && 301 param && param->type == V_ASN1_SEQUENCE) { 302 p = param->value.sequence->data; 303 plen = param->value.sequence->length; 304 *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); 305 } 306 } 307 308 return pss; 309 } 310 311 static int 312 rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash, 313 int indent) 314 { 315 int rv = 0; 316 317 if (!pss) { 318 if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) 319 return 0; 320 return 1; 321 } 322 if (BIO_puts(bp, "\n") <= 0) 323 goto err; 324 if (!BIO_indent(bp, indent, 128)) 325 goto err; 326 if (BIO_puts(bp, "Hash Algorithm: ") <= 0) 327 goto err; 328 329 if (pss->hashAlgorithm) { 330 if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) 331 goto err; 332 } else if (BIO_puts(bp, "sha1 (default)") <= 0) 333 goto err; 334 335 if (BIO_puts(bp, "\n") <= 0) 336 goto err; 337 338 if (!BIO_indent(bp, indent, 128)) 339 goto err; 340 341 if (BIO_puts(bp, "Mask Algorithm: ") <= 0) 342 goto err; 343 if (pss->maskGenAlgorithm) { 344 if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) 345 goto err; 346 if (BIO_puts(bp, " with ") <= 0) 347 goto err; 348 if (maskHash) { 349 if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) 350 goto err; 351 } else if (BIO_puts(bp, "INVALID") <= 0) 352 goto err; 353 } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) 354 goto err; 355 BIO_puts(bp, "\n"); 356 357 if (!BIO_indent(bp, indent, 128)) 358 goto err; 359 if (BIO_puts(bp, "Salt Length: 0x") <= 0) 360 goto err; 361 if (pss->saltLength) { 362 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) 363 goto err; 364 } else if (BIO_puts(bp, "14 (default)") <= 0) 365 goto err; 366 BIO_puts(bp, "\n"); 367 368 if (!BIO_indent(bp, indent, 128)) 369 goto err; 370 if (BIO_puts(bp, "Trailer Field: 0x") <= 0) 371 goto err; 372 if (pss->trailerField) { 373 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) 374 goto err; 375 } else if (BIO_puts(bp, "BC (default)") <= 0) 376 goto err; 377 BIO_puts(bp, "\n"); 378 379 rv = 1; 380 381 err: 382 return rv; 383 } 384 385 static int 386 rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, 387 int indent, ASN1_PCTX *pctx) 388 { 389 if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) { 390 int rv; 391 RSA_PSS_PARAMS *pss; 392 X509_ALGOR *maskHash; 393 pss = rsa_pss_decode(sigalg, &maskHash); 394 rv = rsa_pss_param_print(bp, pss, maskHash, indent); 395 if (pss) 396 RSA_PSS_PARAMS_free(pss); 397 if (maskHash) 398 X509_ALGOR_free(maskHash); 399 if (!rv) 400 return 0; 401 } else if (!sig && BIO_puts(bp, "\n") <= 0) 402 return 0; 403 if (sig) 404 return X509_signature_dump(bp, sig, indent); 405 return 1; 406 } 407 408 static int 409 rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 410 { 411 X509_ALGOR *alg = NULL; 412 413 switch (op) { 414 case ASN1_PKEY_CTRL_PKCS7_SIGN: 415 if (arg1 == 0) 416 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); 417 break; 418 419 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: 420 if (arg1 == 0) 421 PKCS7_RECIP_INFO_get0_alg(arg2, &alg); 422 break; 423 #ifndef OPENSSL_NO_CMS 424 case ASN1_PKEY_CTRL_CMS_SIGN: 425 if (arg1 == 0) 426 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg); 427 break; 428 429 case ASN1_PKEY_CTRL_CMS_ENVELOPE: 430 if (arg1 == 0) 431 CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg); 432 break; 433 #endif 434 435 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 436 *(int *)arg2 = NID_sha1; 437 return 1; 438 439 default: 440 return -2; 441 } 442 443 if (alg) 444 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), 445 V_ASN1_NULL, 0); 446 447 return 1; 448 } 449 450 /* Customised RSA item verification routine. This is called 451 * when a signature is encountered requiring special handling. We 452 * currently only handle PSS. 453 */ 454 static int 455 rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 456 X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey) 457 { 458 int rv = -1; 459 int saltlen; 460 const EVP_MD *mgf1md = NULL, *md = NULL; 461 RSA_PSS_PARAMS *pss; 462 X509_ALGOR *maskHash; 463 EVP_PKEY_CTX *pkctx; 464 465 /* Sanity check: make sure it is PSS */ 466 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { 467 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); 468 return -1; 469 } 470 471 /* Decode PSS parameters */ 472 pss = rsa_pss_decode(sigalg, &maskHash); 473 474 if (pss == NULL) { 475 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS); 476 goto err; 477 } 478 /* Check mask and lookup mask hash algorithm */ 479 if (pss->maskGenAlgorithm) { 480 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) { 481 RSAerr(RSA_F_RSA_ITEM_VERIFY, 482 RSA_R_UNSUPPORTED_MASK_ALGORITHM); 483 goto err; 484 } 485 if (!maskHash) { 486 RSAerr(RSA_F_RSA_ITEM_VERIFY, 487 RSA_R_UNSUPPORTED_MASK_PARAMETER); 488 goto err; 489 } 490 mgf1md = EVP_get_digestbyobj(maskHash->algorithm); 491 if (mgf1md == NULL) { 492 RSAerr(RSA_F_RSA_ITEM_VERIFY, 493 RSA_R_UNKNOWN_MASK_DIGEST); 494 goto err; 495 } 496 } else 497 mgf1md = EVP_sha1(); 498 499 if (pss->hashAlgorithm) { 500 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm); 501 if (md == NULL) { 502 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST); 503 goto err; 504 } 505 } else 506 md = EVP_sha1(); 507 508 if (pss->saltLength) { 509 saltlen = ASN1_INTEGER_get(pss->saltLength); 510 511 /* Could perform more salt length sanity checks but the main 512 * RSA routines will trap other invalid values anyway. 513 */ 514 if (saltlen < 0) { 515 RSAerr(RSA_F_RSA_ITEM_VERIFY, 516 RSA_R_INVALID_SALT_LENGTH); 517 goto err; 518 } 519 } else 520 saltlen = 20; 521 522 /* low-level routines support only trailer field 0xbc (value 1) 523 * and PKCS#1 says we should reject any other value anyway. 524 */ 525 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { 526 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER); 527 goto err; 528 } 529 530 /* We have all parameters now set up context */ 531 532 if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) 533 goto err; 534 535 if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) 536 goto err; 537 538 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) 539 goto err; 540 541 if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) 542 goto err; 543 /* Carry on */ 544 rv = 2; 545 546 err: 547 RSA_PSS_PARAMS_free(pss); 548 if (maskHash) 549 X509_ALGOR_free(maskHash); 550 return rv; 551 } 552 553 static int 554 rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 555 X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig) 556 { 557 int pad_mode; 558 EVP_PKEY_CTX *pkctx = ctx->pctx; 559 560 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) 561 return 0; 562 if (pad_mode == RSA_PKCS1_PADDING) 563 return 2; 564 if (pad_mode == RSA_PKCS1_PSS_PADDING) { 565 const EVP_MD *sigmd, *mgf1md; 566 RSA_PSS_PARAMS *pss = NULL; 567 X509_ALGOR *mgf1alg = NULL; 568 ASN1_STRING *os1 = NULL, *os2 = NULL; 569 EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); 570 int saltlen, rv = 0; 571 572 sigmd = EVP_MD_CTX_md(ctx); 573 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) 574 goto err; 575 if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) 576 goto err; 577 if (saltlen == -1) 578 saltlen = EVP_MD_size(sigmd); 579 else if (saltlen == -2) { 580 saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; 581 if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) 582 saltlen--; 583 } 584 pss = RSA_PSS_PARAMS_new(); 585 if (!pss) 586 goto err; 587 if (saltlen != 20) { 588 pss->saltLength = ASN1_INTEGER_new(); 589 if (!pss->saltLength) 590 goto err; 591 if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) 592 goto err; 593 } 594 if (EVP_MD_type(sigmd) != NID_sha1) { 595 pss->hashAlgorithm = X509_ALGOR_new(); 596 if (!pss->hashAlgorithm) 597 goto err; 598 X509_ALGOR_set_md(pss->hashAlgorithm, sigmd); 599 } 600 if (EVP_MD_type(mgf1md) != NID_sha1) { 601 ASN1_STRING *stmp = NULL; 602 /* need to embed algorithm ID inside another */ 603 mgf1alg = X509_ALGOR_new(); 604 X509_ALGOR_set_md(mgf1alg, mgf1md); 605 if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR), 606 &stmp)) 607 goto err; 608 pss->maskGenAlgorithm = X509_ALGOR_new(); 609 if (!pss->maskGenAlgorithm) 610 goto err; 611 X509_ALGOR_set0(pss->maskGenAlgorithm, 612 OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); 613 } 614 /* Finally create string with pss parameter encoding. */ 615 if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1)) 616 goto err; 617 if (alg2) { 618 os2 = ASN1_STRING_dup(os1); 619 if (!os2) 620 goto err; 621 X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), 622 V_ASN1_SEQUENCE, os2); 623 } 624 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), 625 V_ASN1_SEQUENCE, os1); 626 os1 = os2 = NULL; 627 rv = 3; 628 err: 629 if (mgf1alg) 630 X509_ALGOR_free(mgf1alg); 631 if (pss) 632 RSA_PSS_PARAMS_free(pss); 633 ASN1_STRING_free(os1); 634 return rv; 635 } 636 return 2; 637 } 638 639 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { 640 { 641 .pkey_id = EVP_PKEY_RSA, 642 .pkey_base_id = EVP_PKEY_RSA, 643 .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, 644 645 .pem_str = "RSA", 646 .info = "OpenSSL RSA method", 647 648 .pub_decode = rsa_pub_decode, 649 .pub_encode = rsa_pub_encode, 650 .pub_cmp = rsa_pub_cmp, 651 .pub_print = rsa_pub_print, 652 653 .priv_decode = rsa_priv_decode, 654 .priv_encode = rsa_priv_encode, 655 .priv_print = rsa_priv_print, 656 657 .pkey_size = int_rsa_size, 658 .pkey_bits = rsa_bits, 659 660 .sig_print = rsa_sig_print, 661 662 .pkey_free = int_rsa_free, 663 .pkey_ctrl = rsa_pkey_ctrl, 664 .old_priv_decode = old_rsa_priv_decode, 665 .old_priv_encode = old_rsa_priv_encode, 666 .item_verify = rsa_item_verify, 667 .item_sign = rsa_item_sign 668 }, 669 670 { 671 .pkey_id = EVP_PKEY_RSA2, 672 .pkey_base_id = EVP_PKEY_RSA, 673 .pkey_flags = ASN1_PKEY_ALIAS 674 } 675 }; 676