GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: lib/libcrypto/rsa/rsa_ameth.c Lines: 102 279 36.6 %
Date: 2017-11-13 Branches: 47 233 20.2 %

Line Branch Exec Source
1
/* $OpenBSD: rsa_ameth.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3
 * project 2006.
4
 */
5
/* ====================================================================
6
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 *
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 *
15
 * 2. Redistributions in binary form must reproduce the above copyright
16
 *    notice, this list of conditions and the following disclaimer in
17
 *    the documentation and/or other materials provided with the
18
 *    distribution.
19
 *
20
 * 3. All advertising materials mentioning features or use of this
21
 *    software must display the following acknowledgment:
22
 *    "This product includes software developed by the OpenSSL Project
23
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
 *
25
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
 *    endorse or promote products derived from this software without
27
 *    prior written permission. For written permission, please contact
28
 *    licensing@OpenSSL.org.
29
 *
30
 * 5. Products derived from this software may not be called "OpenSSL"
31
 *    nor may "OpenSSL" appear in their names without prior written
32
 *    permission of the OpenSSL Project.
33
 *
34
 * 6. Redistributions of any form whatsoever must retain the following
35
 *    acknowledgment:
36
 *    "This product includes software developed by the OpenSSL Project
37
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
 *
39
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
 * OF THE POSSIBILITY OF SUCH DAMAGE.
51
 * ====================================================================
52
 *
53
 * This product includes cryptographic software written by Eric Young
54
 * (eay@cryptsoft.com).  This product includes software written by Tim
55
 * Hudson (tjh@cryptsoft.com).
56
 *
57
 */
58
59
#include <stdio.h>
60
61
#include <openssl/opensslconf.h>
62
63
#include <openssl/asn1t.h>
64
#include <openssl/bn.h>
65
#include <openssl/err.h>
66
#include <openssl/rsa.h>
67
#include <openssl/x509.h>
68
69
70
#include "asn1_locl.h"
71
72
static int
73
rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
74
{
75
80
	unsigned char *penc = NULL;
76
	int penclen;
77
78
40
	penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
79
40
	if (penclen <= 0)
80
		return 0;
81
80
	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
82
40
	    V_ASN1_NULL, NULL, penc, penclen))
83
40
		return 1;
84
85
	free(penc);
86
	return 0;
87
40
}
88
89
static int
90
rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
91
{
92
3718
	const unsigned char *p;
93
1859
	int pklen;
94
	RSA *rsa = NULL;
95
96
1859
	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
97
		return 0;
98
1859
	if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
99
		RSAerror(ERR_R_RSA_LIB);
100
		return 0;
101
	}
102
1859
	EVP_PKEY_assign_RSA (pkey, rsa);
103
1859
	return 1;
104
1859
}
105
106
static int
107
rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
108
{
109

1023
	if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ||
110
341
	    BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
111
		return 0;
112
341
	return 1;
113
341
}
114
115
static int
116
old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
117
{
118
	RSA *rsa;
119
120
838
	if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
121
		RSAerror(ERR_R_RSA_LIB);
122
		return 0;
123
	}
124
419
	EVP_PKEY_assign_RSA(pkey, rsa);
125
419
	return 1;
126
419
}
127
128
static int
129
old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
130
{
131
8
	return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
132
}
133
134
static int
135
rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
136
{
137
188
	unsigned char *rk = NULL;
138
	int rklen;
139
140
94
	rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
141
142
94
	if (rklen <= 0) {
143
		RSAerror(ERR_R_MALLOC_FAILURE);
144
		return 0;
145
	}
146
147
188
	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
148
94
	    V_ASN1_NULL, NULL, rk, rklen)) {
149
		RSAerror(ERR_R_MALLOC_FAILURE);
150
		return 0;
151
	}
152
153
94
	return 1;
154
94
}
155
156
static int
157
rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
158
{
159
432
	const unsigned char *p;
160
216
	int pklen;
161
162
216
	if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
163
		return 0;
164
216
	return old_rsa_priv_decode(pkey, &p, pklen);
165
216
}
166
167
static int
168
int_rsa_size(const EVP_PKEY *pkey)
169
{
170
5956
	return RSA_size(pkey->pkey.rsa);
171
}
172
173
static int
174
rsa_bits(const EVP_PKEY *pkey)
175
{
176
20
	return BN_num_bits(pkey->pkey.rsa->n);
177
}
178
179
static void
180
int_rsa_free(EVP_PKEY *pkey)
181
{
182
4576
	RSA_free(pkey->pkey.rsa);
183
2288
}
184
185
static void
186
update_buflen(const BIGNUM *b, size_t *pbuflen)
187
{
188
	size_t i;
189
190
196
	if (!b)
191
		return;
192
98
	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
193
37
		*pbuflen = i;
194
196
}
195
196
static int
197
do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
198
{
199
	char *str;
200
	const char *s;
201
	unsigned char *m = NULL;
202
	int ret = 0, mod_len = 0;
203
74
	size_t buf_len = 0;
204
205
37
	update_buflen(x->n, &buf_len);
206
37
	update_buflen(x->e, &buf_len);
207
208
37
	if (priv) {
209
4
		update_buflen(x->d, &buf_len);
210
4
		update_buflen(x->p, &buf_len);
211
4
		update_buflen(x->q, &buf_len);
212
4
		update_buflen(x->dmp1, &buf_len);
213
4
		update_buflen(x->dmq1, &buf_len);
214
4
		update_buflen(x->iqmp, &buf_len);
215
4
	}
216
217
37
	m = malloc(buf_len + 10);
218
37
	if (m == NULL) {
219
		RSAerror(ERR_R_MALLOC_FAILURE);
220
		goto err;
221
	}
222
223
37
	if (x->n != NULL)
224
37
		mod_len = BN_num_bits(x->n);
225
226
37
	if (!BIO_indent(bp, off, 128))
227
		goto err;
228
229

41
	if (priv && x->d) {
230
4
		if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
231
			goto err;
232
		str = "modulus:";
233
		s = "publicExponent:";
234
4
	} else {
235
33
		if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
236
			goto err;
237
		str = "Modulus:";
238
		s= "Exponent:";
239
	}
240
37
	if (!ASN1_bn_print(bp, str, x->n, m, off))
241
		goto err;
242
37
	if (!ASN1_bn_print(bp, s, x->e, m, off))
243
		goto err;
244
37
	if (priv) {
245
4
		if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off))
246
			goto err;
247
4
		if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
248
			goto err;
249
4
		if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
250
			goto err;
251
4
		if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
252
			goto err;
253
4
		if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
254
			goto err;
255
4
		if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
256
			goto err;
257
	}
258
37
	ret = 1;
259
err:
260
37
	free(m);
261
37
	return (ret);
262
37
}
263
264
static int
265
rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
266
{
267
66
	return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
268
}
269
270
static int
271
rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
272
{
273
8
	return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
274
}
275
276
static RSA_PSS_PARAMS *
277
rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash)
278
{
279
	const unsigned char *p;
280
	int plen;
281
	RSA_PSS_PARAMS *pss;
282
283
	*pmaskHash = NULL;
284
285
	if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
286
		return NULL;
287
288
	p = alg->parameter->value.sequence->data;
289
	plen = alg->parameter->value.sequence->length;
290
	pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
291
292
	if (!pss)
293
		return NULL;
294
295
	if (pss->maskGenAlgorithm) {
296
		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
297
		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
298
		    param && param->type == V_ASN1_SEQUENCE) {
299
			p = param->value.sequence->data;
300
			plen = param->value.sequence->length;
301
			*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
302
		}
303
	}
304
305
	return pss;
306
}
307
308
static int
309
rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
310
    int indent)
311
{
312
	int rv = 0;
313
314
	if (!pss) {
315
		if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
316
			return 0;
317
		return 1;
318
	}
319
	if (BIO_puts(bp, "\n") <= 0)
320
		goto err;
321
	if (!BIO_indent(bp, indent, 128))
322
		goto err;
323
	if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
324
		goto err;
325
326
	if (pss->hashAlgorithm) {
327
		if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
328
			goto err;
329
	} else if (BIO_puts(bp, "sha1 (default)") <= 0)
330
		goto err;
331
332
	if (BIO_puts(bp, "\n") <= 0)
333
		goto err;
334
335
	if (!BIO_indent(bp, indent, 128))
336
		goto err;
337
338
	if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
339
		goto err;
340
	if (pss->maskGenAlgorithm) {
341
		if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
342
			goto err;
343
		if (BIO_puts(bp, " with ") <= 0)
344
			goto err;
345
		if (maskHash) {
346
			if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
347
				goto err;
348
		} else if (BIO_puts(bp, "INVALID") <= 0)
349
			goto err;
350
	} else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
351
		goto err;
352
	BIO_puts(bp, "\n");
353
354
	if (!BIO_indent(bp, indent, 128))
355
		goto err;
356
	if (BIO_puts(bp, "Salt Length: 0x") <= 0)
357
		goto err;
358
	if (pss->saltLength) {
359
		if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
360
			goto err;
361
	} else if (BIO_puts(bp, "14 (default)") <= 0)
362
		goto err;
363
	BIO_puts(bp, "\n");
364
365
	if (!BIO_indent(bp, indent, 128))
366
		goto err;
367
	if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
368
		goto err;
369
	if (pss->trailerField) {
370
		if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
371
			goto err;
372
	} else if (BIO_puts(bp, "BC (default)") <= 0)
373
		goto err;
374
	BIO_puts(bp, "\n");
375
376
	rv = 1;
377
378
err:
379
	return rv;
380
}
381
382
static int
383
rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
384
    int indent, ASN1_PCTX *pctx)
385
{
386
140
	if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
387
		int rv;
388
		RSA_PSS_PARAMS *pss;
389
		X509_ALGOR *maskHash;
390
		pss = rsa_pss_decode(sigalg, &maskHash);
391
		rv = rsa_pss_param_print(bp, pss, maskHash, indent);
392
		if (pss)
393
			RSA_PSS_PARAMS_free(pss);
394
		if (maskHash)
395
			X509_ALGOR_free(maskHash);
396
		if (!rv)
397
			return 0;
398

103
	} else if (!sig && BIO_puts(bp, "\n") <= 0)
399
		return 0;
400
70
	if (sig)
401
37
		return X509_signature_dump(bp, sig, indent);
402
33
	return 1;
403
70
}
404
405
static int
406
rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
407
{
408
82
	X509_ALGOR *alg = NULL;
409
410

41
	switch (op) {
411
	case ASN1_PKEY_CTRL_PKCS7_SIGN:
412
10
		if (arg1 == 0)
413
10
			PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
414
		break;
415
416
	case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
417
3
		if (arg1 == 0)
418
3
			PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
419
		break;
420
421
	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
422
28
		*(int *)arg2 = NID_sha1;
423
28
		return 1;
424
425
	default:
426
		return -2;
427
	}
428
429
13
	if (alg)
430
13
		X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
431
		    V_ASN1_NULL, 0);
432
433
13
	return 1;
434
41
}
435
436
/* Customised RSA item verification routine. This is called
437
 * when a signature is encountered requiring special handling. We
438
 * currently only handle PSS.
439
 */
440
static int
441
rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
442
    X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
443
{
444
	int rv = -1;
445
	int saltlen;
446
	const EVP_MD *mgf1md = NULL, *md = NULL;
447
	RSA_PSS_PARAMS *pss;
448
	X509_ALGOR *maskHash;
449
	EVP_PKEY_CTX *pkctx;
450
451
	/* Sanity check: make sure it is PSS */
452
	if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
453
		RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
454
		return -1;
455
	}
456
457
	/* Decode PSS parameters */
458
	pss = rsa_pss_decode(sigalg, &maskHash);
459
460
	if (pss == NULL) {
461
		RSAerror(RSA_R_INVALID_PSS_PARAMETERS);
462
		goto err;
463
	}
464
	/* Check mask and lookup mask hash algorithm */
465
	if (pss->maskGenAlgorithm) {
466
		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
467
			RSAerror(RSA_R_UNSUPPORTED_MASK_ALGORITHM);
468
			goto err;
469
		}
470
		if (!maskHash) {
471
			RSAerror(RSA_R_UNSUPPORTED_MASK_PARAMETER);
472
			goto err;
473
		}
474
		mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
475
		if (mgf1md == NULL) {
476
			RSAerror(RSA_R_UNKNOWN_MASK_DIGEST);
477
			goto err;
478
		}
479
	} else
480
		mgf1md = EVP_sha1();
481
482
	if (pss->hashAlgorithm) {
483
		md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
484
		if (md == NULL) {
485
			RSAerror(RSA_R_UNKNOWN_PSS_DIGEST);
486
			goto err;
487
		}
488
	} else
489
		md = EVP_sha1();
490
491
	if (pss->saltLength) {
492
		saltlen = ASN1_INTEGER_get(pss->saltLength);
493
494
		/* Could perform more salt length sanity checks but the main
495
		 * RSA routines will trap other invalid values anyway.
496
		 */
497
		if (saltlen < 0) {
498
			RSAerror(RSA_R_INVALID_SALT_LENGTH);
499
			goto err;
500
		}
501
	} else
502
		saltlen = 20;
503
504
	/* low-level routines support only trailer field 0xbc (value 1)
505
	 * and PKCS#1 says we should reject any other value anyway.
506
	 */
507
	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
508
		RSAerror(RSA_R_INVALID_TRAILER);
509
		goto err;
510
	}
511
512
	/* We have all parameters now set up context */
513
514
	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
515
		goto err;
516
517
	if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
518
		goto err;
519
520
	if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
521
		goto err;
522
523
	if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
524
		goto err;
525
	/* Carry on */
526
	rv = 2;
527
528
err:
529
	RSA_PSS_PARAMS_free(pss);
530
	if (maskHash)
531
		X509_ALGOR_free(maskHash);
532
	return rv;
533
}
534
535
static int
536
rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
537
    X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
538
{
539
72
	int pad_mode;
540
36
	EVP_PKEY_CTX *pkctx = ctx->pctx;
541
542
36
	if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
543
		return 0;
544
36
	if (pad_mode == RSA_PKCS1_PADDING)
545
36
		return 2;
546
	if (pad_mode == RSA_PKCS1_PSS_PADDING) {
547
		const EVP_MD *sigmd, *mgf1md;
548
		RSA_PSS_PARAMS *pss = NULL;
549
		X509_ALGOR *mgf1alg = NULL;
550
		ASN1_STRING *os1 = NULL, *os2 = NULL;
551
		EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
552
		int saltlen, rv = 0;
553
554
		sigmd = EVP_MD_CTX_md(ctx);
555
		if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
556
			goto err;
557
		if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
558
			goto err;
559
		if (saltlen == -1)
560
			saltlen = EVP_MD_size(sigmd);
561
		else if (saltlen == -2) {
562
			saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
563
			if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
564
				saltlen--;
565
		}
566
		pss = RSA_PSS_PARAMS_new();
567
		if (!pss)
568
			goto err;
569
		if (saltlen != 20) {
570
			pss->saltLength = ASN1_INTEGER_new();
571
			if (!pss->saltLength)
572
				goto err;
573
			if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
574
				goto err;
575
		}
576
		if (EVP_MD_type(sigmd) != NID_sha1) {
577
			pss->hashAlgorithm = X509_ALGOR_new();
578
			if (!pss->hashAlgorithm)
579
				goto err;
580
			X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
581
		}
582
		if (EVP_MD_type(mgf1md) != NID_sha1) {
583
			ASN1_STRING *stmp = NULL;
584
			/* need to embed algorithm ID inside another */
585
			mgf1alg = X509_ALGOR_new();
586
			X509_ALGOR_set_md(mgf1alg, mgf1md);
587
			if (!ASN1_item_pack(mgf1alg, &X509_ALGOR_it,
588
			    &stmp))
589
				goto err;
590
			pss->maskGenAlgorithm = X509_ALGOR_new();
591
			if (!pss->maskGenAlgorithm)
592
				goto err;
593
			X509_ALGOR_set0(pss->maskGenAlgorithm,
594
			    OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
595
		}
596
		/* Finally create string with pss parameter encoding. */
597
		if (!ASN1_item_pack(pss, &RSA_PSS_PARAMS_it, &os1))
598
			goto err;
599
		if (alg2) {
600
			os2 = ASN1_STRING_dup(os1);
601
			if (!os2)
602
				goto err;
603
			X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
604
			    V_ASN1_SEQUENCE, os2);
605
		}
606
		X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
607
		    V_ASN1_SEQUENCE, os1);
608
		os1 = os2 = NULL;
609
		rv = 3;
610
err:
611
		if (mgf1alg)
612
			X509_ALGOR_free(mgf1alg);
613
		if (pss)
614
			RSA_PSS_PARAMS_free(pss);
615
		ASN1_STRING_free(os1);
616
		return rv;
617
	}
618
	return 2;
619
36
}
620
621
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
622
	{
623
		.pkey_id = EVP_PKEY_RSA,
624
		.pkey_base_id = EVP_PKEY_RSA,
625
		.pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
626
627
		.pem_str = "RSA",
628
		.info = "OpenSSL RSA method",
629
630
		.pub_decode = rsa_pub_decode,
631
		.pub_encode = rsa_pub_encode,
632
		.pub_cmp = rsa_pub_cmp,
633
		.pub_print = rsa_pub_print,
634
635
		.priv_decode = rsa_priv_decode,
636
		.priv_encode = rsa_priv_encode,
637
		.priv_print = rsa_priv_print,
638
639
		.pkey_size = int_rsa_size,
640
		.pkey_bits = rsa_bits,
641
642
		.sig_print = rsa_sig_print,
643
644
		.pkey_free = int_rsa_free,
645
		.pkey_ctrl = rsa_pkey_ctrl,
646
		.old_priv_decode = old_rsa_priv_decode,
647
		.old_priv_encode = old_rsa_priv_encode,
648
		.item_verify = rsa_item_verify,
649
		.item_sign = rsa_item_sign
650
	},
651
652
	{
653
		.pkey_id = EVP_PKEY_RSA2,
654
		.pkey_base_id = EVP_PKEY_RSA,
655
		.pkey_flags = ASN1_PKEY_ALIAS
656
	}
657
};