GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/crypto/../../libssl/src/crypto/rsa/rsa_ameth.c Lines: 27 314 8.6 %
Date: 2016-12-06 Branches: 11 230 4.8 %

Line Branch Exec Source
1
/* $OpenBSD: rsa_ameth.c,v 1.15 2015/12/03 23:03:10 beck Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 2006.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <stdio.h>
60
61
#include <openssl/opensslconf.h>
62
63
#include <openssl/asn1t.h>
64
#include <openssl/bn.h>
65
#include <openssl/err.h>
66
#include <openssl/rsa.h>
67
#include <openssl/x509.h>
68
69
#ifndef OPENSSL_NO_CMS
70
#include <openssl/cms.h>
71
#endif
72
73
#include "asn1_locl.h"
74
75
static int
76
rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
77
{
78
	unsigned char *penc = NULL;
79
	int penclen;
80
81
	penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
82
	if (penclen <= 0)
83
		return 0;
84
	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
85
	    V_ASN1_NULL, NULL, penc, penclen))
86
		return 1;
87
88
	free(penc);
89
	return 0;
90
}
91
92
static int
93
rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
94
6
{
95
	const unsigned char *p;
96
	int pklen;
97
6
	RSA *rsa = NULL;
98
99
6
	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
100
		return 0;
101
6
	if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
102
		RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
103
		return 0;
104
	}
105
6
	EVP_PKEY_assign_RSA (pkey, rsa);
106
6
	return 1;
107
}
108
109
static int
110
rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
111
3
{
112

3
	if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ||
113
	    BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
114
		return 0;
115
3
	return 1;
116
}
117
118
static int
119
old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
120
1
{
121
	RSA *rsa;
122
123
1
	if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
124
		RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
125
		return 0;
126
	}
127
1
	EVP_PKEY_assign_RSA(pkey, rsa);
128
1
	return 1;
129
}
130
131
static int
132
old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
133
{
134
	return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
135
}
136
137
static int
138
rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
139
{
140
	unsigned char *rk = NULL;
141
	int rklen;
142
143
	rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
144
145
	if (rklen <= 0) {
146
		RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
147
		return 0;
148
	}
149
150
	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
151
	    V_ASN1_NULL, NULL, rk, rklen)) {
152
		RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
153
		return 0;
154
	}
155
156
	return 1;
157
}
158
159
static int
160
rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
161
{
162
	const unsigned char *p;
163
	int pklen;
164
165
	if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
166
		return 0;
167
	return old_rsa_priv_decode(pkey, &p, pklen);
168
}
169
170
static int
171
int_rsa_size(const EVP_PKEY *pkey)
172
10
{
173
10
	return RSA_size(pkey->pkey.rsa);
174
}
175
176
static int
177
rsa_bits(const EVP_PKEY *pkey)
178
{
179
	return BN_num_bits(pkey->pkey.rsa->n);
180
}
181
182
static void
183
int_rsa_free(EVP_PKEY *pkey)
184
{
185
	RSA_free(pkey->pkey.rsa);
186
}
187
188
static void
189
update_buflen(const BIGNUM *b, size_t *pbuflen)
190
{
191
	size_t i;
192
193
	if (!b)
194
		return;
195
	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
196
		*pbuflen = i;
197
}
198
199
static int
200
do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
201
{
202
	char *str;
203
	const char *s;
204
	unsigned char *m = NULL;
205
	int ret = 0, mod_len = 0;
206
	size_t buf_len = 0;
207
208
	update_buflen(x->n, &buf_len);
209
	update_buflen(x->e, &buf_len);
210
211
	if (priv) {
212
		update_buflen(x->d, &buf_len);
213
		update_buflen(x->p, &buf_len);
214
		update_buflen(x->q, &buf_len);
215
		update_buflen(x->dmp1, &buf_len);
216
		update_buflen(x->dmq1, &buf_len);
217
		update_buflen(x->iqmp, &buf_len);
218
	}
219
220
	m = malloc(buf_len + 10);
221
	if (m == NULL) {
222
		RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
223
		goto err;
224
	}
225
226
	if (x->n != NULL)
227
		mod_len = BN_num_bits(x->n);
228
229
	if (!BIO_indent(bp, off, 128))
230
		goto err;
231
232
	if (priv && x->d) {
233
		if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
234
			goto err;
235
		str = "modulus:";
236
		s = "publicExponent:";
237
	} else {
238
		if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
239
			goto err;
240
		str = "Modulus:";
241
		s= "Exponent:";
242
	}
243
	if (!ASN1_bn_print(bp, str, x->n, m, off))
244
		goto err;
245
	if (!ASN1_bn_print(bp, s, x->e, m, off))
246
		goto err;
247
	if (priv) {
248
		if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off))
249
			goto err;
250
		if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
251
			goto err;
252
		if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
253
			goto err;
254
		if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
255
			goto err;
256
		if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
257
			goto err;
258
		if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
259
			goto err;
260
	}
261
	ret = 1;
262
err:
263
	free(m);
264
	return (ret);
265
}
266
267
static int
268
rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
269
{
270
	return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
271
}
272
273
static int
274
rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
275
{
276
	return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
277
}
278
279
static RSA_PSS_PARAMS *
280
rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash)
281
{
282
	const unsigned char *p;
283
	int plen;
284
	RSA_PSS_PARAMS *pss;
285
286
	*pmaskHash = NULL;
287
288
	if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
289
		return NULL;
290
291
	p = alg->parameter->value.sequence->data;
292
	plen = alg->parameter->value.sequence->length;
293
	pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
294
295
	if (!pss)
296
		return NULL;
297
298
	if (pss->maskGenAlgorithm) {
299
		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
300
		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
301
		    param && param->type == V_ASN1_SEQUENCE) {
302
			p = param->value.sequence->data;
303
			plen = param->value.sequence->length;
304
			*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
305
		}
306
	}
307
308
	return pss;
309
}
310
311
static int
312
rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
313
    int indent)
314
{
315
	int rv = 0;
316
317
	if (!pss) {
318
		if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
319
			return 0;
320
		return 1;
321
	}
322
	if (BIO_puts(bp, "\n") <= 0)
323
		goto err;
324
	if (!BIO_indent(bp, indent, 128))
325
		goto err;
326
	if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
327
		goto err;
328
329
	if (pss->hashAlgorithm) {
330
		if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
331
			goto err;
332
	} else if (BIO_puts(bp, "sha1 (default)") <= 0)
333
		goto err;
334
335
	if (BIO_puts(bp, "\n") <= 0)
336
		goto err;
337
338
	if (!BIO_indent(bp, indent, 128))
339
		goto err;
340
341
	if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
342
		goto err;
343
	if (pss->maskGenAlgorithm) {
344
		if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
345
			goto err;
346
		if (BIO_puts(bp, " with ") <= 0)
347
			goto err;
348
		if (maskHash) {
349
			if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
350
				goto err;
351
		} else if (BIO_puts(bp, "INVALID") <= 0)
352
			goto err;
353
	} else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
354
		goto err;
355
	BIO_puts(bp, "\n");
356
357
	if (!BIO_indent(bp, indent, 128))
358
		goto err;
359
	if (BIO_puts(bp, "Salt Length: 0x") <= 0)
360
		goto err;
361
	if (pss->saltLength) {
362
		if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
363
			goto err;
364
	} else if (BIO_puts(bp, "14 (default)") <= 0)
365
		goto err;
366
	BIO_puts(bp, "\n");
367
368
	if (!BIO_indent(bp, indent, 128))
369
		goto err;
370
	if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
371
		goto err;
372
	if (pss->trailerField) {
373
		if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
374
			goto err;
375
	} else if (BIO_puts(bp, "BC (default)") <= 0)
376
		goto err;
377
	BIO_puts(bp, "\n");
378
379
	rv = 1;
380
381
err:
382
	return rv;
383
}
384
385
static int
386
rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
387
    int indent, ASN1_PCTX *pctx)
388
{
389
	if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
390
		int rv;
391
		RSA_PSS_PARAMS *pss;
392
		X509_ALGOR *maskHash;
393
		pss = rsa_pss_decode(sigalg, &maskHash);
394
		rv = rsa_pss_param_print(bp, pss, maskHash, indent);
395
		if (pss)
396
			RSA_PSS_PARAMS_free(pss);
397
		if (maskHash)
398
			X509_ALGOR_free(maskHash);
399
		if (!rv)
400
			return 0;
401
	} else if (!sig && BIO_puts(bp, "\n") <= 0)
402
		return 0;
403
	if (sig)
404
		return X509_signature_dump(bp, sig, indent);
405
	return 1;
406
}
407
408
static int
409
rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
410
5
{
411
5
	X509_ALGOR *alg = NULL;
412
413

5
	switch (op) {
414
	case ASN1_PKEY_CTRL_PKCS7_SIGN:
415
2
		if (arg1 == 0)
416
2
			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
417
		break;
418
419
	case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
420
1
		if (arg1 == 0)
421
1
			PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
422
		break;
423
#ifndef OPENSSL_NO_CMS
424
	case ASN1_PKEY_CTRL_CMS_SIGN:
425
		if (arg1 == 0)
426
			CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
427
		break;
428
429
	case ASN1_PKEY_CTRL_CMS_ENVELOPE:
430
		if (arg1 == 0)
431
			CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
432
		break;
433
#endif
434
435
	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
436
2
		*(int *)arg2 = NID_sha1;
437
2
		return 1;
438
439
	default:
440
		return -2;
441
	}
442
443
3
	if (alg)
444
3
		X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
445
		    V_ASN1_NULL, 0);
446
447
3
	return 1;
448
}
449
450
/* Customised RSA item verification routine. This is called
451
 * when a signature is encountered requiring special handling. We
452
 * currently only handle PSS.
453
 */
454
static int
455
rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
456
    X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
457
{
458
	int rv = -1;
459
	int saltlen;
460
	const EVP_MD *mgf1md = NULL, *md = NULL;
461
	RSA_PSS_PARAMS *pss;
462
	X509_ALGOR *maskHash;
463
	EVP_PKEY_CTX *pkctx;
464
465
	/* Sanity check: make sure it is PSS */
466
	if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
467
		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
468
		return -1;
469
	}
470
471
	/* Decode PSS parameters */
472
	pss = rsa_pss_decode(sigalg, &maskHash);
473
474
	if (pss == NULL) {
475
		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
476
		goto err;
477
	}
478
	/* Check mask and lookup mask hash algorithm */
479
	if (pss->maskGenAlgorithm) {
480
		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
481
			RSAerr(RSA_F_RSA_ITEM_VERIFY,
482
			    RSA_R_UNSUPPORTED_MASK_ALGORITHM);
483
			goto err;
484
		}
485
		if (!maskHash) {
486
			RSAerr(RSA_F_RSA_ITEM_VERIFY,
487
			    RSA_R_UNSUPPORTED_MASK_PARAMETER);
488
			goto err;
489
		}
490
		mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
491
		if (mgf1md == NULL) {
492
			RSAerr(RSA_F_RSA_ITEM_VERIFY,
493
			    RSA_R_UNKNOWN_MASK_DIGEST);
494
			goto err;
495
		}
496
	} else
497
		mgf1md = EVP_sha1();
498
499
	if (pss->hashAlgorithm) {
500
		md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
501
		if (md == NULL) {
502
			RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
503
			goto err;
504
		}
505
	} else
506
		md = EVP_sha1();
507
508
	if (pss->saltLength) {
509
		saltlen = ASN1_INTEGER_get(pss->saltLength);
510
511
		/* Could perform more salt length sanity checks but the main
512
		 * RSA routines will trap other invalid values anyway.
513
		 */
514
		if (saltlen < 0) {
515
			RSAerr(RSA_F_RSA_ITEM_VERIFY,
516
			    RSA_R_INVALID_SALT_LENGTH);
517
			goto err;
518
		}
519
	} else
520
		saltlen = 20;
521
522
	/* low-level routines support only trailer field 0xbc (value 1)
523
	 * and PKCS#1 says we should reject any other value anyway.
524
	 */
525
	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
526
		RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
527
		goto err;
528
	}
529
530
	/* We have all parameters now set up context */
531
532
	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
533
		goto err;
534
535
	if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
536
		goto err;
537
538
	if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
539
		goto err;
540
541
	if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
542
		goto err;
543
	/* Carry on */
544
	rv = 2;
545
546
err:
547
	RSA_PSS_PARAMS_free(pss);
548
	if (maskHash)
549
		X509_ALGOR_free(maskHash);
550
	return rv;
551
}
552
553
static int
554
rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
555
    X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
556
{
557
	int pad_mode;
558
	EVP_PKEY_CTX *pkctx = ctx->pctx;
559
560
	if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
561
		return 0;
562
	if (pad_mode == RSA_PKCS1_PADDING)
563
		return 2;
564
	if (pad_mode == RSA_PKCS1_PSS_PADDING) {
565
		const EVP_MD *sigmd, *mgf1md;
566
		RSA_PSS_PARAMS *pss = NULL;
567
		X509_ALGOR *mgf1alg = NULL;
568
		ASN1_STRING *os1 = NULL, *os2 = NULL;
569
		EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
570
		int saltlen, rv = 0;
571
572
		sigmd = EVP_MD_CTX_md(ctx);
573
		if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
574
			goto err;
575
		if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
576
			goto err;
577
		if (saltlen == -1)
578
			saltlen = EVP_MD_size(sigmd);
579
		else if (saltlen == -2) {
580
			saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
581
			if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
582
				saltlen--;
583
		}
584
		pss = RSA_PSS_PARAMS_new();
585
		if (!pss)
586
			goto err;
587
		if (saltlen != 20) {
588
			pss->saltLength = ASN1_INTEGER_new();
589
			if (!pss->saltLength)
590
				goto err;
591
			if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
592
				goto err;
593
		}
594
		if (EVP_MD_type(sigmd) != NID_sha1) {
595
			pss->hashAlgorithm = X509_ALGOR_new();
596
			if (!pss->hashAlgorithm)
597
				goto err;
598
			X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
599
		}
600
		if (EVP_MD_type(mgf1md) != NID_sha1) {
601
			ASN1_STRING *stmp = NULL;
602
			/* need to embed algorithm ID inside another */
603
			mgf1alg = X509_ALGOR_new();
604
			X509_ALGOR_set_md(mgf1alg, mgf1md);
605
			if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
606
			    &stmp))
607
				goto err;
608
			pss->maskGenAlgorithm = X509_ALGOR_new();
609
			if (!pss->maskGenAlgorithm)
610
				goto err;
611
			X509_ALGOR_set0(pss->maskGenAlgorithm,
612
			    OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
613
		}
614
		/* Finally create string with pss parameter encoding. */
615
		if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
616
			goto err;
617
		if (alg2) {
618
			os2 = ASN1_STRING_dup(os1);
619
			if (!os2)
620
				goto err;
621
			X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
622
			    V_ASN1_SEQUENCE, os2);
623
		}
624
		X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
625
		    V_ASN1_SEQUENCE, os1);
626
		os1 = os2 = NULL;
627
		rv = 3;
628
err:
629
		if (mgf1alg)
630
			X509_ALGOR_free(mgf1alg);
631
		if (pss)
632
			RSA_PSS_PARAMS_free(pss);
633
		ASN1_STRING_free(os1);
634
		return rv;
635
	}
636
	return 2;
637
}
638
639
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
640
	{
641
		.pkey_id = EVP_PKEY_RSA,
642
		.pkey_base_id = EVP_PKEY_RSA,
643
		.pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
644
645
		.pem_str = "RSA",
646
		.info = "OpenSSL RSA method",
647
648
		.pub_decode = rsa_pub_decode,
649
		.pub_encode = rsa_pub_encode,
650
		.pub_cmp = rsa_pub_cmp,
651
		.pub_print = rsa_pub_print,
652
653
		.priv_decode = rsa_priv_decode,
654
		.priv_encode = rsa_priv_encode,
655
		.priv_print = rsa_priv_print,
656
657
		.pkey_size = int_rsa_size,
658
		.pkey_bits = rsa_bits,
659
660
		.sig_print = rsa_sig_print,
661
662
		.pkey_free = int_rsa_free,
663
		.pkey_ctrl = rsa_pkey_ctrl,
664
		.old_priv_decode = old_rsa_priv_decode,
665
		.old_priv_encode = old_rsa_priv_encode,
666
		.item_verify = rsa_item_verify,
667
		.item_sign = rsa_item_sign
668
	},
669
670
	{
671
		.pkey_id = EVP_PKEY_RSA2,
672
		.pkey_base_id = EVP_PKEY_RSA,
673
		.pkey_flags = ASN1_PKEY_ALIAS
674
	}
675
};