xref: /freebsd/crypto/openssl/crypto/rsa/rsa_ameth.c (revision b2d48be1bc7df45ddd13b143a160d0acb5a383c5)
1 /* crypto/rsa/rsa_ameth.c */
2 /*
3  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4  * 2006.
5  */
6 /* ====================================================================
7  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  *
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  *
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in
18  *    the documentation and/or other materials provided with the
19  *    distribution.
20  *
21  * 3. All advertising materials mentioning features or use of this
22  *    software must display the following acknowledgment:
23  *    "This product includes software developed by the OpenSSL Project
24  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25  *
26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27  *    endorse or promote products derived from this software without
28  *    prior written permission. For written permission, please contact
29  *    licensing@OpenSSL.org.
30  *
31  * 5. Products derived from this software may not be called "OpenSSL"
32  *    nor may "OpenSSL" appear in their names without prior written
33  *    permission of the OpenSSL Project.
34  *
35  * 6. Redistributions of any form whatsoever must retain the following
36  *    acknowledgment:
37  *    "This product includes software developed by the OpenSSL Project
38  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51  * OF THE POSSIBILITY OF SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This product includes cryptographic software written by Eric Young
55  * (eay@cryptsoft.com).  This product includes software written by Tim
56  * Hudson (tjh@cryptsoft.com).
57  *
58  */
59 
60 #include <stdio.h>
61 #include "cryptlib.h"
62 #include <openssl/asn1t.h>
63 #include <openssl/x509.h>
64 #include <openssl/rsa.h>
65 #include <openssl/bn.h>
66 #ifndef OPENSSL_NO_CMS
67 # include <openssl/cms.h>
68 #endif
69 #include "asn1_locl.h"
70 
71 static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
72 {
73     unsigned char *penc = NULL;
74     int penclen;
75     penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
76     if (penclen <= 0)
77         return 0;
78     if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
79                                V_ASN1_NULL, NULL, penc, penclen))
80         return 1;
81 
82     OPENSSL_free(penc);
83     return 0;
84 }
85 
86 static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
87 {
88     const unsigned char *p;
89     int pklen;
90     RSA *rsa = NULL;
91     if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
92         return 0;
93     if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
94         RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
95         return 0;
96     }
97     EVP_PKEY_assign_RSA(pkey, rsa);
98     return 1;
99 }
100 
101 static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
102 {
103     if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
104         || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
105         return 0;
106     return 1;
107 }
108 
109 static int old_rsa_priv_decode(EVP_PKEY *pkey,
110                                const unsigned char **pder, int derlen)
111 {
112     RSA *rsa;
113     if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) {
114         RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
115         return 0;
116     }
117     EVP_PKEY_assign_RSA(pkey, rsa);
118     return 1;
119 }
120 
121 static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
122 {
123     return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
124 }
125 
126 static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
127 {
128     unsigned char *rk = NULL;
129     int rklen;
130     rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
131 
132     if (rklen <= 0) {
133         RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
134         return 0;
135     }
136 
137     if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
138                          V_ASN1_NULL, NULL, rk, rklen)) {
139         RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
140         return 0;
141     }
142 
143     return 1;
144 }
145 
146 static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
147 {
148     const unsigned char *p;
149     int pklen;
150     if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
151         return 0;
152     return old_rsa_priv_decode(pkey, &p, pklen);
153 }
154 
155 static int int_rsa_size(const EVP_PKEY *pkey)
156 {
157     return RSA_size(pkey->pkey.rsa);
158 }
159 
160 static int rsa_bits(const EVP_PKEY *pkey)
161 {
162     return BN_num_bits(pkey->pkey.rsa->n);
163 }
164 
165 static void int_rsa_free(EVP_PKEY *pkey)
166 {
167     RSA_free(pkey->pkey.rsa);
168 }
169 
170 static void update_buflen(const BIGNUM *b, size_t *pbuflen)
171 {
172     size_t i;
173     if (!b)
174         return;
175     if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
176         *pbuflen = i;
177 }
178 
179 static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
180 {
181     char *str;
182     const char *s;
183     unsigned char *m = NULL;
184     int ret = 0, mod_len = 0;
185     size_t buf_len = 0;
186 
187     update_buflen(x->n, &buf_len);
188     update_buflen(x->e, &buf_len);
189 
190     if (priv) {
191         update_buflen(x->d, &buf_len);
192         update_buflen(x->p, &buf_len);
193         update_buflen(x->q, &buf_len);
194         update_buflen(x->dmp1, &buf_len);
195         update_buflen(x->dmq1, &buf_len);
196         update_buflen(x->iqmp, &buf_len);
197     }
198 
199     m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
200     if (m == NULL) {
201         RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
202         goto err;
203     }
204 
205     if (x->n != NULL)
206         mod_len = BN_num_bits(x->n);
207 
208     if (!BIO_indent(bp, off, 128))
209         goto err;
210 
211     if (priv && x->d) {
212         if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len)
213             <= 0)
214             goto err;
215         str = "modulus:";
216         s = "publicExponent:";
217     } else {
218         if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len)
219             <= 0)
220             goto err;
221         str = "Modulus:";
222         s = "Exponent:";
223     }
224     if (!ASN1_bn_print(bp, str, x->n, m, off))
225         goto err;
226     if (!ASN1_bn_print(bp, s, x->e, m, off))
227         goto err;
228     if (priv) {
229         if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off))
230             goto err;
231         if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
232             goto err;
233         if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
234             goto err;
235         if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
236             goto err;
237         if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
238             goto err;
239         if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
240             goto err;
241     }
242     ret = 1;
243  err:
244     if (m != NULL)
245         OPENSSL_free(m);
246     return (ret);
247 }
248 
249 static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
250                          ASN1_PCTX *ctx)
251 {
252     return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
253 }
254 
255 static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
256                           ASN1_PCTX *ctx)
257 {
258     return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
259 }
260 
261 static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
262                                       X509_ALGOR **pmaskHash)
263 {
264     const unsigned char *p;
265     int plen;
266     RSA_PSS_PARAMS *pss;
267 
268     *pmaskHash = NULL;
269 
270     if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
271         return NULL;
272     p = alg->parameter->value.sequence->data;
273     plen = alg->parameter->value.sequence->length;
274     pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
275 
276     if (!pss)
277         return NULL;
278 
279     if (pss->maskGenAlgorithm) {
280         ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
281         if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
282             && param->type == V_ASN1_SEQUENCE) {
283             p = param->value.sequence->data;
284             plen = param->value.sequence->length;
285             *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
286         }
287     }
288 
289     return pss;
290 }
291 
292 static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
293                                X509_ALGOR *maskHash, int indent)
294 {
295     int rv = 0;
296     if (!pss) {
297         if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
298             return 0;
299         return 1;
300     }
301     if (BIO_puts(bp, "\n") <= 0)
302         goto err;
303     if (!BIO_indent(bp, indent, 128))
304         goto err;
305     if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
306         goto err;
307 
308     if (pss->hashAlgorithm) {
309         if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
310             goto err;
311     } else if (BIO_puts(bp, "sha1 (default)") <= 0)
312         goto err;
313 
314     if (BIO_puts(bp, "\n") <= 0)
315         goto err;
316 
317     if (!BIO_indent(bp, indent, 128))
318         goto err;
319 
320     if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
321         goto err;
322     if (pss->maskGenAlgorithm) {
323         if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
324             goto err;
325         if (BIO_puts(bp, " with ") <= 0)
326             goto err;
327         if (maskHash) {
328             if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
329                 goto err;
330         } else if (BIO_puts(bp, "INVALID") <= 0)
331             goto err;
332     } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
333         goto err;
334     BIO_puts(bp, "\n");
335 
336     if (!BIO_indent(bp, indent, 128))
337         goto err;
338     if (BIO_puts(bp, "Salt Length: 0x") <= 0)
339         goto err;
340     if (pss->saltLength) {
341         if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
342             goto err;
343     } else if (BIO_puts(bp, "14 (default)") <= 0)
344         goto err;
345     BIO_puts(bp, "\n");
346 
347     if (!BIO_indent(bp, indent, 128))
348         goto err;
349     if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
350         goto err;
351     if (pss->trailerField) {
352         if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
353             goto err;
354     } else if (BIO_puts(bp, "BC (default)") <= 0)
355         goto err;
356     BIO_puts(bp, "\n");
357 
358     rv = 1;
359 
360  err:
361     return rv;
362 
363 }
364 
365 static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
366                          const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
367 {
368     if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
369         int rv;
370         RSA_PSS_PARAMS *pss;
371         X509_ALGOR *maskHash;
372         pss = rsa_pss_decode(sigalg, &maskHash);
373         rv = rsa_pss_param_print(bp, pss, maskHash, indent);
374         if (pss)
375             RSA_PSS_PARAMS_free(pss);
376         if (maskHash)
377             X509_ALGOR_free(maskHash);
378         if (!rv)
379             return 0;
380     } else if (!sig && BIO_puts(bp, "\n") <= 0)
381         return 0;
382     if (sig)
383         return X509_signature_dump(bp, sig, indent);
384     return 1;
385 }
386 
387 static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
388 {
389     X509_ALGOR *alg = NULL;
390     switch (op) {
391 
392     case ASN1_PKEY_CTRL_PKCS7_SIGN:
393         if (arg1 == 0)
394             PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
395         break;
396 
397     case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
398         if (arg1 == 0)
399             PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
400         break;
401 #ifndef OPENSSL_NO_CMS
402     case ASN1_PKEY_CTRL_CMS_SIGN:
403         if (arg1 == 0)
404             CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
405         break;
406 
407     case ASN1_PKEY_CTRL_CMS_ENVELOPE:
408         if (arg1 == 0)
409             CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
410         break;
411 #endif
412 
413     case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
414         *(int *)arg2 = NID_sha1;
415         return 1;
416 
417     default:
418         return -2;
419 
420     }
421 
422     if (alg)
423         X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
424 
425     return 1;
426 
427 }
428 
429 /*
430  * Customised RSA item verification routine. This is called when a signature
431  * is encountered requiring special handling. We currently only handle PSS.
432  */
433 
434 static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
435                            X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
436                            EVP_PKEY *pkey)
437 {
438     int rv = -1;
439     int saltlen;
440     const EVP_MD *mgf1md = NULL, *md = NULL;
441     RSA_PSS_PARAMS *pss;
442     X509_ALGOR *maskHash;
443     EVP_PKEY_CTX *pkctx;
444     /* Sanity check: make sure it is PSS */
445     if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
446         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
447         return -1;
448     }
449     /* Decode PSS parameters */
450     pss = rsa_pss_decode(sigalg, &maskHash);
451 
452     if (pss == NULL) {
453         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
454         goto err;
455     }
456     /* Check mask and lookup mask hash algorithm */
457     if (pss->maskGenAlgorithm) {
458         if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
459             RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
460             goto err;
461         }
462         if (!maskHash) {
463             RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_PARAMETER);
464             goto err;
465         }
466         mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
467         if (mgf1md == NULL) {
468             RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_MASK_DIGEST);
469             goto err;
470         }
471     } else
472         mgf1md = EVP_sha1();
473 
474     if (pss->hashAlgorithm) {
475         md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
476         if (md == NULL) {
477             RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
478             goto err;
479         }
480     } else
481         md = EVP_sha1();
482 
483     if (pss->saltLength) {
484         saltlen = ASN1_INTEGER_get(pss->saltLength);
485 
486         /*
487          * Could perform more salt length sanity checks but the main RSA
488          * routines will trap other invalid values anyway.
489          */
490         if (saltlen < 0) {
491             RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_SALT_LENGTH);
492             goto err;
493         }
494     } else
495         saltlen = 20;
496 
497     /*
498      * low-level routines support only trailer field 0xbc (value 1) and
499      * PKCS#1 says we should reject any other value anyway.
500      */
501     if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
502         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
503         goto err;
504     }
505 
506     /* We have all parameters now set up context */
507 
508     if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
509         goto err;
510 
511     if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
512         goto err;
513 
514     if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
515         goto err;
516 
517     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
518         goto err;
519     /* Carry on */
520     rv = 2;
521 
522  err:
523     RSA_PSS_PARAMS_free(pss);
524     if (maskHash)
525         X509_ALGOR_free(maskHash);
526     return rv;
527 }
528 
529 static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
530                          X509_ALGOR *alg1, X509_ALGOR *alg2,
531                          ASN1_BIT_STRING *sig)
532 {
533     int pad_mode;
534     EVP_PKEY_CTX *pkctx = ctx->pctx;
535     if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
536         return 0;
537     if (pad_mode == RSA_PKCS1_PADDING)
538         return 2;
539     if (pad_mode == RSA_PKCS1_PSS_PADDING) {
540         const EVP_MD *sigmd, *mgf1md;
541         RSA_PSS_PARAMS *pss = NULL;
542         X509_ALGOR *mgf1alg = NULL;
543         ASN1_STRING *os1 = NULL, *os2 = NULL;
544         EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
545         int saltlen, rv = 0;
546         sigmd = EVP_MD_CTX_md(ctx);
547         if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
548             goto err;
549         if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
550             goto err;
551         if (saltlen == -1)
552             saltlen = EVP_MD_size(sigmd);
553         else if (saltlen == -2) {
554             saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
555             if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
556                 saltlen--;
557         }
558         pss = RSA_PSS_PARAMS_new();
559         if (!pss)
560             goto err;
561         if (saltlen != 20) {
562             pss->saltLength = ASN1_INTEGER_new();
563             if (!pss->saltLength)
564                 goto err;
565             if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
566                 goto err;
567         }
568         if (EVP_MD_type(sigmd) != NID_sha1) {
569             pss->hashAlgorithm = X509_ALGOR_new();
570             if (!pss->hashAlgorithm)
571                 goto err;
572             X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
573         }
574         if (EVP_MD_type(mgf1md) != NID_sha1) {
575             ASN1_STRING *stmp = NULL;
576             /* need to embed algorithm ID inside another */
577             mgf1alg = X509_ALGOR_new();
578             X509_ALGOR_set_md(mgf1alg, mgf1md);
579             if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR), &stmp))
580                  goto err;
581             pss->maskGenAlgorithm = X509_ALGOR_new();
582             if (!pss->maskGenAlgorithm)
583                 goto err;
584             X509_ALGOR_set0(pss->maskGenAlgorithm,
585                             OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
586         }
587         /* Finally create string with pss parameter encoding. */
588         if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
589              goto err;
590         if (alg2) {
591             os2 = ASN1_STRING_dup(os1);
592             if (!os2)
593                 goto err;
594             X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
595                             V_ASN1_SEQUENCE, os2);
596         }
597         X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
598                         V_ASN1_SEQUENCE, os1);
599         os1 = os2 = NULL;
600         rv = 3;
601  err:
602         if (mgf1alg)
603             X509_ALGOR_free(mgf1alg);
604         if (pss)
605             RSA_PSS_PARAMS_free(pss);
606         if (os1)
607             ASN1_STRING_free(os1);
608         return rv;
609 
610     }
611     return 2;
612 }
613 
614 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
615     {
616      EVP_PKEY_RSA,
617      EVP_PKEY_RSA,
618      ASN1_PKEY_SIGPARAM_NULL,
619 
620      "RSA",
621      "OpenSSL RSA method",
622 
623      rsa_pub_decode,
624      rsa_pub_encode,
625      rsa_pub_cmp,
626      rsa_pub_print,
627 
628      rsa_priv_decode,
629      rsa_priv_encode,
630      rsa_priv_print,
631 
632      int_rsa_size,
633      rsa_bits,
634 
635      0, 0, 0, 0, 0, 0,
636 
637      rsa_sig_print,
638      int_rsa_free,
639      rsa_pkey_ctrl,
640      old_rsa_priv_decode,
641      old_rsa_priv_encode,
642      rsa_item_verify,
643      rsa_item_sign},
644 
645     {
646      EVP_PKEY_RSA2,
647      EVP_PKEY_RSA,
648      ASN1_PKEY_ALIAS}
649 };
650