1 /* crypto/rsa/rsa_ameth.c */ 2 /* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 2006. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60 #include <stdio.h> 61 #include "cryptlib.h" 62 #include <openssl/asn1t.h> 63 #include <openssl/x509.h> 64 #include <openssl/rsa.h> 65 #include <openssl/bn.h> 66 #ifndef OPENSSL_NO_CMS 67 # include <openssl/cms.h> 68 #endif 69 #include "asn1_locl.h" 70 71 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 72 { 73 unsigned char *penc = NULL; 74 int penclen; 75 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); 76 if (penclen <= 0) 77 return 0; 78 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), 79 V_ASN1_NULL, NULL, penc, penclen)) 80 return 1; 81 82 OPENSSL_free(penc); 83 return 0; 84 } 85 86 static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 87 { 88 const unsigned char *p; 89 int pklen; 90 RSA *rsa = NULL; 91 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) 92 return 0; 93 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { 94 RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); 95 return 0; 96 } 97 EVP_PKEY_assign_RSA(pkey, rsa); 98 return 1; 99 } 100 101 static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 102 { 103 if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 104 || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) 105 return 0; 106 return 1; 107 } 108 109 static int old_rsa_priv_decode(EVP_PKEY *pkey, 110 const unsigned char **pder, int derlen) 111 { 112 RSA *rsa; 113 if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) { 114 RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); 115 return 0; 116 } 117 EVP_PKEY_assign_RSA(pkey, rsa); 118 return 1; 119 } 120 121 static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) 122 { 123 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); 124 } 125 126 static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 127 { 128 unsigned char *rk = NULL; 129 int rklen; 130 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); 131 132 if (rklen <= 0) { 133 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); 134 return 0; 135 } 136 137 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, 138 V_ASN1_NULL, NULL, rk, rklen)) { 139 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); 140 return 0; 141 } 142 143 return 1; 144 } 145 146 static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 147 { 148 const unsigned char *p; 149 int pklen; 150 if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) 151 return 0; 152 return old_rsa_priv_decode(pkey, &p, pklen); 153 } 154 155 static int int_rsa_size(const EVP_PKEY *pkey) 156 { 157 return RSA_size(pkey->pkey.rsa); 158 } 159 160 static int rsa_bits(const EVP_PKEY *pkey) 161 { 162 return BN_num_bits(pkey->pkey.rsa->n); 163 } 164 165 static void int_rsa_free(EVP_PKEY *pkey) 166 { 167 RSA_free(pkey->pkey.rsa); 168 } 169 170 static void update_buflen(const BIGNUM *b, size_t *pbuflen) 171 { 172 size_t i; 173 if (!b) 174 return; 175 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 176 *pbuflen = i; 177 } 178 179 static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) 180 { 181 char *str; 182 const char *s; 183 unsigned char *m = NULL; 184 int ret = 0, mod_len = 0; 185 size_t buf_len = 0; 186 187 update_buflen(x->n, &buf_len); 188 update_buflen(x->e, &buf_len); 189 190 if (priv) { 191 update_buflen(x->d, &buf_len); 192 update_buflen(x->p, &buf_len); 193 update_buflen(x->q, &buf_len); 194 update_buflen(x->dmp1, &buf_len); 195 update_buflen(x->dmq1, &buf_len); 196 update_buflen(x->iqmp, &buf_len); 197 } 198 199 m = (unsigned char *)OPENSSL_malloc(buf_len + 10); 200 if (m == NULL) { 201 RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); 202 goto err; 203 } 204 205 if (x->n != NULL) 206 mod_len = BN_num_bits(x->n); 207 208 if (!BIO_indent(bp, off, 128)) 209 goto err; 210 211 if (priv && x->d) { 212 if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) 213 <= 0) 214 goto err; 215 str = "modulus:"; 216 s = "publicExponent:"; 217 } else { 218 if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) 219 <= 0) 220 goto err; 221 str = "Modulus:"; 222 s = "Exponent:"; 223 } 224 if (!ASN1_bn_print(bp, str, x->n, m, off)) 225 goto err; 226 if (!ASN1_bn_print(bp, s, x->e, m, off)) 227 goto err; 228 if (priv) { 229 if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off)) 230 goto err; 231 if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) 232 goto err; 233 if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) 234 goto err; 235 if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) 236 goto err; 237 if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) 238 goto err; 239 if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) 240 goto err; 241 } 242 ret = 1; 243 err: 244 if (m != NULL) 245 OPENSSL_free(m); 246 return (ret); 247 } 248 249 static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, 250 ASN1_PCTX *ctx) 251 { 252 return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); 253 } 254 255 static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, 256 ASN1_PCTX *ctx) 257 { 258 return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); 259 } 260 261 static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, 262 X509_ALGOR **pmaskHash) 263 { 264 const unsigned char *p; 265 int plen; 266 RSA_PSS_PARAMS *pss; 267 268 *pmaskHash = NULL; 269 270 if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) 271 return NULL; 272 p = alg->parameter->value.sequence->data; 273 plen = alg->parameter->value.sequence->length; 274 pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); 275 276 if (!pss) 277 return NULL; 278 279 if (pss->maskGenAlgorithm) { 280 ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; 281 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 282 && param->type == V_ASN1_SEQUENCE) { 283 p = param->value.sequence->data; 284 plen = param->value.sequence->length; 285 *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); 286 } 287 } 288 289 return pss; 290 } 291 292 static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, 293 X509_ALGOR *maskHash, int indent) 294 { 295 int rv = 0; 296 if (!pss) { 297 if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) 298 return 0; 299 return 1; 300 } 301 if (BIO_puts(bp, "\n") <= 0) 302 goto err; 303 if (!BIO_indent(bp, indent, 128)) 304 goto err; 305 if (BIO_puts(bp, "Hash Algorithm: ") <= 0) 306 goto err; 307 308 if (pss->hashAlgorithm) { 309 if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) 310 goto err; 311 } else if (BIO_puts(bp, "sha1 (default)") <= 0) 312 goto err; 313 314 if (BIO_puts(bp, "\n") <= 0) 315 goto err; 316 317 if (!BIO_indent(bp, indent, 128)) 318 goto err; 319 320 if (BIO_puts(bp, "Mask Algorithm: ") <= 0) 321 goto err; 322 if (pss->maskGenAlgorithm) { 323 if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) 324 goto err; 325 if (BIO_puts(bp, " with ") <= 0) 326 goto err; 327 if (maskHash) { 328 if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) 329 goto err; 330 } else if (BIO_puts(bp, "INVALID") <= 0) 331 goto err; 332 } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) 333 goto err; 334 BIO_puts(bp, "\n"); 335 336 if (!BIO_indent(bp, indent, 128)) 337 goto err; 338 if (BIO_puts(bp, "Salt Length: 0x") <= 0) 339 goto err; 340 if (pss->saltLength) { 341 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) 342 goto err; 343 } else if (BIO_puts(bp, "14 (default)") <= 0) 344 goto err; 345 BIO_puts(bp, "\n"); 346 347 if (!BIO_indent(bp, indent, 128)) 348 goto err; 349 if (BIO_puts(bp, "Trailer Field: 0x") <= 0) 350 goto err; 351 if (pss->trailerField) { 352 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) 353 goto err; 354 } else if (BIO_puts(bp, "BC (default)") <= 0) 355 goto err; 356 BIO_puts(bp, "\n"); 357 358 rv = 1; 359 360 err: 361 return rv; 362 363 } 364 365 static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, 366 const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) 367 { 368 if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) { 369 int rv; 370 RSA_PSS_PARAMS *pss; 371 X509_ALGOR *maskHash; 372 pss = rsa_pss_decode(sigalg, &maskHash); 373 rv = rsa_pss_param_print(bp, pss, maskHash, indent); 374 if (pss) 375 RSA_PSS_PARAMS_free(pss); 376 if (maskHash) 377 X509_ALGOR_free(maskHash); 378 if (!rv) 379 return 0; 380 } else if (!sig && BIO_puts(bp, "\n") <= 0) 381 return 0; 382 if (sig) 383 return X509_signature_dump(bp, sig, indent); 384 return 1; 385 } 386 387 static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 388 { 389 X509_ALGOR *alg = NULL; 390 switch (op) { 391 392 case ASN1_PKEY_CTRL_PKCS7_SIGN: 393 if (arg1 == 0) 394 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); 395 break; 396 397 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: 398 if (arg1 == 0) 399 PKCS7_RECIP_INFO_get0_alg(arg2, &alg); 400 break; 401 #ifndef OPENSSL_NO_CMS 402 case ASN1_PKEY_CTRL_CMS_SIGN: 403 if (arg1 == 0) 404 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg); 405 break; 406 407 case ASN1_PKEY_CTRL_CMS_ENVELOPE: 408 if (arg1 == 0) 409 CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg); 410 break; 411 #endif 412 413 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 414 *(int *)arg2 = NID_sha1; 415 return 1; 416 417 default: 418 return -2; 419 420 } 421 422 if (alg) 423 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); 424 425 return 1; 426 427 } 428 429 /* 430 * Customised RSA item verification routine. This is called when a signature 431 * is encountered requiring special handling. We currently only handle PSS. 432 */ 433 434 static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 435 X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, 436 EVP_PKEY *pkey) 437 { 438 int rv = -1; 439 int saltlen; 440 const EVP_MD *mgf1md = NULL, *md = NULL; 441 RSA_PSS_PARAMS *pss; 442 X509_ALGOR *maskHash; 443 EVP_PKEY_CTX *pkctx; 444 /* Sanity check: make sure it is PSS */ 445 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { 446 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); 447 return -1; 448 } 449 /* Decode PSS parameters */ 450 pss = rsa_pss_decode(sigalg, &maskHash); 451 452 if (pss == NULL) { 453 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS); 454 goto err; 455 } 456 /* Check mask and lookup mask hash algorithm */ 457 if (pss->maskGenAlgorithm) { 458 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) { 459 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_ALGORITHM); 460 goto err; 461 } 462 if (!maskHash) { 463 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_PARAMETER); 464 goto err; 465 } 466 mgf1md = EVP_get_digestbyobj(maskHash->algorithm); 467 if (mgf1md == NULL) { 468 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_MASK_DIGEST); 469 goto err; 470 } 471 } else 472 mgf1md = EVP_sha1(); 473 474 if (pss->hashAlgorithm) { 475 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm); 476 if (md == NULL) { 477 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST); 478 goto err; 479 } 480 } else 481 md = EVP_sha1(); 482 483 if (pss->saltLength) { 484 saltlen = ASN1_INTEGER_get(pss->saltLength); 485 486 /* 487 * Could perform more salt length sanity checks but the main RSA 488 * routines will trap other invalid values anyway. 489 */ 490 if (saltlen < 0) { 491 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_SALT_LENGTH); 492 goto err; 493 } 494 } else 495 saltlen = 20; 496 497 /* 498 * low-level routines support only trailer field 0xbc (value 1) and 499 * PKCS#1 says we should reject any other value anyway. 500 */ 501 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { 502 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER); 503 goto err; 504 } 505 506 /* We have all parameters now set up context */ 507 508 if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) 509 goto err; 510 511 if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) 512 goto err; 513 514 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) 515 goto err; 516 517 if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) 518 goto err; 519 /* Carry on */ 520 rv = 2; 521 522 err: 523 RSA_PSS_PARAMS_free(pss); 524 if (maskHash) 525 X509_ALGOR_free(maskHash); 526 return rv; 527 } 528 529 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, 530 X509_ALGOR *alg1, X509_ALGOR *alg2, 531 ASN1_BIT_STRING *sig) 532 { 533 int pad_mode; 534 EVP_PKEY_CTX *pkctx = ctx->pctx; 535 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) 536 return 0; 537 if (pad_mode == RSA_PKCS1_PADDING) 538 return 2; 539 if (pad_mode == RSA_PKCS1_PSS_PADDING) { 540 const EVP_MD *sigmd, *mgf1md; 541 RSA_PSS_PARAMS *pss = NULL; 542 X509_ALGOR *mgf1alg = NULL; 543 ASN1_STRING *os1 = NULL, *os2 = NULL; 544 EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); 545 int saltlen, rv = 0; 546 sigmd = EVP_MD_CTX_md(ctx); 547 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) 548 goto err; 549 if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) 550 goto err; 551 if (saltlen == -1) 552 saltlen = EVP_MD_size(sigmd); 553 else if (saltlen == -2) { 554 saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; 555 if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) 556 saltlen--; 557 } 558 pss = RSA_PSS_PARAMS_new(); 559 if (!pss) 560 goto err; 561 if (saltlen != 20) { 562 pss->saltLength = ASN1_INTEGER_new(); 563 if (!pss->saltLength) 564 goto err; 565 if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) 566 goto err; 567 } 568 if (EVP_MD_type(sigmd) != NID_sha1) { 569 pss->hashAlgorithm = X509_ALGOR_new(); 570 if (!pss->hashAlgorithm) 571 goto err; 572 X509_ALGOR_set_md(pss->hashAlgorithm, sigmd); 573 } 574 if (EVP_MD_type(mgf1md) != NID_sha1) { 575 ASN1_STRING *stmp = NULL; 576 /* need to embed algorithm ID inside another */ 577 mgf1alg = X509_ALGOR_new(); 578 X509_ALGOR_set_md(mgf1alg, mgf1md); 579 if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) 580 goto err; 581 pss->maskGenAlgorithm = X509_ALGOR_new(); 582 if (!pss->maskGenAlgorithm) 583 goto err; 584 X509_ALGOR_set0(pss->maskGenAlgorithm, 585 OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); 586 } 587 /* Finally create string with pss parameter encoding. */ 588 if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1)) 589 goto err; 590 if (alg2) { 591 os2 = ASN1_STRING_dup(os1); 592 if (!os2) 593 goto err; 594 X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), 595 V_ASN1_SEQUENCE, os2); 596 } 597 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), 598 V_ASN1_SEQUENCE, os1); 599 os1 = os2 = NULL; 600 rv = 3; 601 err: 602 if (mgf1alg) 603 X509_ALGOR_free(mgf1alg); 604 if (pss) 605 RSA_PSS_PARAMS_free(pss); 606 if (os1) 607 ASN1_STRING_free(os1); 608 return rv; 609 610 } 611 return 2; 612 } 613 614 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { 615 { 616 EVP_PKEY_RSA, 617 EVP_PKEY_RSA, 618 ASN1_PKEY_SIGPARAM_NULL, 619 620 "RSA", 621 "OpenSSL RSA method", 622 623 rsa_pub_decode, 624 rsa_pub_encode, 625 rsa_pub_cmp, 626 rsa_pub_print, 627 628 rsa_priv_decode, 629 rsa_priv_encode, 630 rsa_priv_print, 631 632 int_rsa_size, 633 rsa_bits, 634 635 0, 0, 0, 0, 0, 0, 636 637 rsa_sig_print, 638 int_rsa_free, 639 rsa_pkey_ctrl, 640 old_rsa_priv_decode, 641 old_rsa_priv_encode, 642 rsa_item_verify, 643 rsa_item_sign}, 644 645 { 646 EVP_PKEY_RSA2, 647 EVP_PKEY_RSA, 648 ASN1_PKEY_ALIAS} 649 }; 650