]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/rsa/rsa_ameth.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
[thirdparty/openssl.git] / crypto / rsa / rsa_ameth.c
CommitLineData
0f113f3e 1/*
33388b44 2 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
448be743 3 *
2a7b6f39 4 * Licensed under the Apache License 2.0 (the "License"). You may not use
2039c421
RS		 5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
448be743
DSH		 8 */
9
c5f87134
P		 10/*
11 * RSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14#include "internal/deprecated.h"
15
448be743 16#include <stdio.h>
b39fc560 17#include "internal/cryptlib.h"
448be743
DSH		 18#include <openssl/asn1t.h>
19#include <openssl/x509.h>
1e26a8ba 20#include <openssl/bn.h>
29be6023 21#include <openssl/core_names.h>
96ebe52e 22#include <openssl/param_build.h>
25f2138b
DMSP		 23#include "crypto/asn1.h"
24#include "crypto/evp.h"
29be6023 25#include "crypto/rsa.h"
706457b7 26#include "rsa_local.h"
448be743 27
b35b8d11 28static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg);
a6495479 29static int rsa_sync_to_pss_params_30(RSA *rsa);
b35b8d11 30
42009ae8
DSH		 31/* Set any parameters associated with pkey */
32static int rsa_param_encode(const EVP_PKEY *pkey,
33 ASN1_STRING **pstr, int *pstrtype)
34{
35 const RSA *rsa = pkey->pkey.rsa;
52ad523c 36
42009ae8
DSH		 37 *pstr = NULL;
38 /* If RSA it's just NULL type */
484d1a73 39 if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != RSA_FLAG_TYPE_RSASSAPSS) {
42009ae8
DSH		 40 *pstrtype = V_ASN1_NULL;
41 return 1;
42 }
43 /* If no PSS parameters we omit parameters entirely */
44 if (rsa->pss == NULL) {
45 *pstrtype = V_ASN1_UNDEF;
46 return 1;
47 }
48 /* Encode PSS parameters */
f291138b 49 if (ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr) == NULL)
42009ae8 50 return 0;
42009ae8
DSH		 51
52 *pstrtype = V_ASN1_SEQUENCE;
53 return 1;
54}
55/* Decode any parameters and set them in RSA structure */
56static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
57{
58 const ASN1_OBJECT *algoid;
59 const void *algp;
60 int algptype;
61
62 X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
1f483a69 63 if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
42009ae8
DSH		 64 return 1;
65 if (algptype == V_ASN1_UNDEF)
66 return 1;
635fe50f
DSH		 67 if (algptype != V_ASN1_SEQUENCE) {
68 RSAerr(RSA_F_RSA_PARAM_DECODE, RSA_R_INVALID_PSS_PARAMETERS);
42009ae8 69 return 0;
635fe50f 70 }
b35b8d11 71 rsa->pss = rsa_pss_decode(alg);
42009ae8
DSH		 72 if (rsa->pss == NULL)
73 return 0;
a6495479
RL		 74 if (!rsa_sync_to_pss_params_30(rsa))
75 return 0;
42009ae8
DSH		 76 return 1;
77}
78
6f81892e 79static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
0f113f3e
MC		 80{
81 unsigned char *penc = NULL;
82 int penclen;
42009ae8
DSH		 83 ASN1_STRING *str;
84 int strtype;
52ad523c 85
42009ae8
DSH		 86 if (!rsa_param_encode(pkey, &str, &strtype))
87 return 0;
0f113f3e
MC		 88 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
89 if (penclen <= 0)
90 return 0;
42009ae8
DSH		 91 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
92 strtype, str, penc, penclen))
0f113f3e
MC		 93 return 1;
94
95 OPENSSL_free(penc);
96 return 0;
97}
448be743 98
7674e923 99static int rsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
0f113f3e
MC		 100{
101 const unsigned char *p;
102 int pklen;
42009ae8 103 X509_ALGOR *alg;
0f113f3e 104 RSA *rsa = NULL;
75ebbd9a 105
42009ae8 106 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey))
0f113f3e 107 return 0;
29844ea5 108 if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL)
0f113f3e 109 return 0;
42009ae8
DSH		 110 if (!rsa_param_decode(rsa, alg)) {
111 RSA_free(rsa);
112 return 0;
113 }
a6495479
RL		 114
115 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
116 switch (pkey->ameth->pkey_id) {
117 case EVP_PKEY_RSA:
118 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
119 break;
120 case EVP_PKEY_RSA_PSS:
121 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
122 break;
123 default:
124 /* Leave the type bits zero */
125 break;
126 }
127
1f483a69
BE		 128 if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
129 RSA_free(rsa);
130 return 0;
131 }
0f113f3e
MC		 132 return 1;
133}
448be743 134
6f81892e 135static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
0f113f3e 136{
36871717
NA		 137 /*
138 * Don't check the public/private key, this is mostly for smart
139 * cards.
140 */
141 if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
142 || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) {
143 return 1;
144 }
145
0f113f3e
MC		 146 if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
147 || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
148 return 0;
149 return 1;
150}
6f81892e 151
e4263314 152static int old_rsa_priv_decode(EVP_PKEY *pkey,
0f113f3e
MC		 153 const unsigned char **pder, int derlen)
154{
155 RSA *rsa;
75ebbd9a 156
29844ea5 157 if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL)
0f113f3e 158 return 0;
faa02fe2 159 EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
0f113f3e
MC		 160 return 1;
161}
448be743 162
e4263314 163static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
0f113f3e
MC		 164{
165 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
166}
e4263314 167
6f81892e 168static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
0f113f3e
MC		 169{
170 unsigned char *rk = NULL;
171 int rklen;
42009ae8
DSH		 172 ASN1_STRING *str;
173 int strtype;
52ad523c 174
42009ae8
DSH		 175 if (!rsa_param_encode(pkey, &str, &strtype))
176 return 0;
0f113f3e
MC		 177 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
178
179 if (rklen <= 0) {
180 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
285c7d9c 181 ASN1_STRING_free(str);
0f113f3e
MC		 182 return 0;
183 }
184
faa02fe2 185 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
42009ae8 186 strtype, str, rk, rklen)) {
0f113f3e 187 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
285c7d9c 188 ASN1_STRING_free(str);
0f113f3e
MC		 189 return 0;
190 }
191
192 return 1;
193}
448be743 194
245c6bc3 195static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
0f113f3e
MC		 196{
197 const unsigned char *p;
42009ae8 198 RSA *rsa;
0f113f3e 199 int pklen;
42009ae8
DSH		 200 const X509_ALGOR *alg;
201
202 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8))
203 return 0;
204 rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
205 if (rsa == NULL) {
206 RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
207 return 0;
208 }
209 if (!rsa_param_decode(rsa, alg)) {
210 RSA_free(rsa);
0f113f3e 211 return 0;
42009ae8 212 }
484d1a73
RL		 213
214 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
215 switch (pkey->ameth->pkey_id) {
216 case EVP_PKEY_RSA:
217 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
218 break;
219 case EVP_PKEY_RSA_PSS:
220 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
221 break;
222 default:
223 /* Leave the type bits zero */
224 break;
225 }
226
42009ae8
DSH		 227 EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
228 return 1;
0f113f3e 229}
e4263314 230
6f81892e 231static int int_rsa_size(const EVP_PKEY *pkey)
0f113f3e
MC		 232{
233 return RSA_size(pkey->pkey.rsa);
234}
6f81892e
DSH		 235
236static int rsa_bits(const EVP_PKEY *pkey)
0f113f3e
MC		 237{
238 return BN_num_bits(pkey->pkey.rsa->n);
239}
6f81892e 240
2514fa79 241static int rsa_security_bits(const EVP_PKEY *pkey)
0f113f3e
MC		 242{
243 return RSA_security_bits(pkey->pkey.rsa);
244}
2514fa79 245
6f81892e 246static void int_rsa_free(EVP_PKEY *pkey)
0f113f3e
MC		 247{
248 RSA_free(pkey->pkey.rsa);
249}
35208f36 250
9503ed8b
DSH		 251static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss,
252 int indent)
253{
254 int rv = 0;
255 X509_ALGOR *maskHash = NULL;
52ad523c 256
9503ed8b
DSH		 257 if (!BIO_indent(bp, indent, 128))
258 goto err;
259 if (pss_key) {
260 if (pss == NULL) {
261 if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0)
262 return 0;
263 return 1;
264 } else {
265 if (BIO_puts(bp, "PSS parameter restrictions:") <= 0)
266 return 0;
267 }
268 } else if (pss == NULL) {
269 if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0)
270 return 0;
271 return 1;
272 }
273 if (BIO_puts(bp, "\n") <= 0)
274 goto err;
275 if (pss_key)
276 indent += 2;
277 if (!BIO_indent(bp, indent, 128))
278 goto err;
279 if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
280 goto err;
281
282 if (pss->hashAlgorithm) {
283 if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
284 goto err;
90862ab4 285 } else if (BIO_puts(bp, "sha1 (default)") <= 0) {
9503ed8b 286 goto err;
90862ab4 287 }
9503ed8b
DSH		 288
289 if (BIO_puts(bp, "\n") <= 0)
290 goto err;
291
292 if (!BIO_indent(bp, indent, 128))
293 goto err;
294
295 if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
296 goto err;
297 if (pss->maskGenAlgorithm) {
298 if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
299 goto err;
300 if (BIO_puts(bp, " with ") <= 0)
301 goto err;
0b3a4ef2 302 maskHash = x509_algor_mgf1_decode(pss->maskGenAlgorithm);
9503ed8b
DSH		 303 if (maskHash != NULL) {
304 if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
305 goto err;
90862ab4 306 } else if (BIO_puts(bp, "INVALID") <= 0) {
9503ed8b 307 goto err;
90862ab4
PY		 308 }
309 } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {
9503ed8b 310 goto err;
90862ab4 311 }
9503ed8b
DSH		 312 BIO_puts(bp, "\n");
313
314 if (!BIO_indent(bp, indent, 128))
315 goto err;
316 if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0)
317 goto err;
318 if (pss->saltLength) {
319 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
320 goto err;
90862ab4 321 } else if (BIO_puts(bp, "14 (default)") <= 0) {
9503ed8b 322 goto err;
90862ab4 323 }
9503ed8b
DSH		 324 BIO_puts(bp, "\n");
325
326 if (!BIO_indent(bp, indent, 128))
327 goto err;
328 if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
329 goto err;
330 if (pss->trailerField) {
331 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
332 goto err;
90862ab4 333 } else if (BIO_puts(bp, "BC (default)") <= 0) {
9503ed8b 334 goto err;
90862ab4 335 }
9503ed8b
DSH		 336 BIO_puts(bp, "\n");
337
338 rv = 1;
339
340 err:
341 X509_ALGOR_free(maskHash);
342 return rv;
343
344}
345
346static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv)
0f113f3e 347{
9503ed8b 348 const RSA *x = pkey->pkey.rsa;
0f113f3e
MC		 349 char *str;
350 const char *s;
665d899f 351 int ret = 0, mod_len = 0, ex_primes;
0f113f3e
MC		 352
353 if (x->n != NULL)
354 mod_len = BN_num_bits(x->n);
665d899f 355 ex_primes = sk_RSA_PRIME_INFO_num(x->prime_infos);
0f113f3e
MC		 356
357 if (!BIO_indent(bp, off, 128))
358 goto err;
359
87ee7b22 360 if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ? "RSA-PSS" : "RSA") <= 0)
9503ed8b
DSH		 361 goto err;
362
0f113f3e 363 if (priv && x->d) {
665d899f
PY		 364 if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n",
365 mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0)
0f113f3e
MC		 366 goto err;
367 str = "modulus:";
368 s = "publicExponent:";
369 } else {
a773b52a 370 if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
0f113f3e
MC		 371 goto err;
372 str = "Modulus:";
373 s = "Exponent:";
374 }
a773b52a 375 if (!ASN1_bn_print(bp, str, x->n, NULL, off))
0f113f3e 376 goto err;
a773b52a 377 if (!ASN1_bn_print(bp, s, x->e, NULL, off))
0f113f3e
MC		 378 goto err;
379 if (priv) {
665d899f
PY		 380 int i;
381
a773b52a 382 if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
0f113f3e 383 goto err;
a773b52a 384 if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
0f113f3e 385 goto err;
a773b52a 386 if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
0f113f3e 387 goto err;
a773b52a 388 if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
0f113f3e 389 goto err;
a773b52a 390 if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
0f113f3e 391 goto err;
a773b52a 392 if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
0f113f3e 393 goto err;
665d899f
PY		 394 for (i = 0; i < sk_RSA_PRIME_INFO_num(x->prime_infos); i++) {
395 /* print multi-prime info */
396 BIGNUM *bn = NULL;
397 RSA_PRIME_INFO *pinfo;
398 int j;
399
400 pinfo = sk_RSA_PRIME_INFO_value(x->prime_infos, i);
401 for (j = 0; j < 3; j++) {
402 if (!BIO_indent(bp, off, 128))
403 goto err;
404 switch (j) {
405 case 0:
406 if (BIO_printf(bp, "prime%d:", i + 3) <= 0)
407 goto err;
408 bn = pinfo->r;
409 break;
410 case 1:
411 if (BIO_printf(bp, "exponent%d:", i + 3) <= 0)
412 goto err;
413 bn = pinfo->d;
414 break;
415 case 2:
416 if (BIO_printf(bp, "coefficient%d:", i + 3) <= 0)
417 goto err;
418 bn = pinfo->t;
419 break;
420 default:
421 break;
422 }
423 if (!ASN1_bn_print(bp, "", bn, NULL, off))
424 goto err;
425 }
426 }
0f113f3e 427 }
87ee7b22 428 if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off))
9503ed8b 429 goto err;
0f113f3e
MC		 430 ret = 1;
431 err:
9503ed8b 432 return ret;
0f113f3e 433}
35208f36
DSH		 434
435static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
0f113f3e
MC		 436 ASN1_PCTX *ctx)
437{
9503ed8b 438 return pkey_rsa_print(bp, pkey, indent, 0);
0f113f3e 439}
35208f36
DSH		 440
441static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
0f113f3e
MC		 442 ASN1_PCTX *ctx)
443{
9503ed8b 444 return pkey_rsa_print(bp, pkey, indent, 1);
0f113f3e 445}
0574cadf 446
6745a1ff 447static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg)
0f113f3e 448{
0f113f3e
MC		 449 RSA_PSS_PARAMS *pss;
450
e93c8748
DSH		 451 pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
452 alg->parameter);
0f113f3e 453
6745a1ff 454 if (pss == NULL)
0f113f3e
MC		 455 return NULL;
456
6745a1ff 457 if (pss->maskGenAlgorithm != NULL) {
0b3a4ef2 458 pss->maskHash = x509_algor_mgf1_decode(pss->maskGenAlgorithm);
6745a1ff
DSH		 459 if (pss->maskHash == NULL) {
460 RSA_PSS_PARAMS_free(pss);
461 return NULL;
462 }
463 }
0f113f3e
MC		 464
465 return pss;
466}
467
ff04bbe3 468static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
0f113f3e
MC		 469 const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
470{
ffc6fad5 471 if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) {
0f113f3e 472 int rv;
52ad523c 473 RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
c82bafc5 474
9503ed8b 475 rv = rsa_pss_param_print(bp, 0, pss, indent);
25aaa98a 476 RSA_PSS_PARAMS_free(pss);
0f113f3e
MC		 477 if (!rv)
478 return 0;
a4c467c9 479 } else if (BIO_puts(bp, "\n") <= 0) {
0f113f3e 480 return 0;
52ad523c 481 }
0f113f3e
MC		 482 if (sig)
483 return X509_signature_dump(bp, sig, indent);
484 return 1;
485}
492a9e24
DSH		 486
487static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
0f113f3e
MC		 488{
489 X509_ALGOR *alg = NULL;
9bcc9f97
MC		 490 const EVP_MD *md;
491 const EVP_MD *mgf1md;
492 int min_saltlen;
52ad523c 493
0f113f3e
MC		 494 switch (op) {
495
496 case ASN1_PKEY_CTRL_PKCS7_SIGN:
497 if (arg1 == 0)
498 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
499 break;
500
501 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
53d2260c
DSH		 502 if (pkey_is_pss(pkey))
503 return -2;
0f113f3e
MC		 504 if (arg1 == 0)
505 PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
506 break;
a78568b7 507
0f113f3e 508 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
9bcc9f97
MC		 509 if (pkey->pkey.rsa->pss != NULL) {
510 if (!rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md,
511 &min_saltlen)) {
512 RSAerr(0, ERR_R_INTERNAL_ERROR);
513 return 0;
514 }
515 *(int *)arg2 = EVP_MD_type(md);
516 /* Return of 2 indicates this MD is mandatory */
517 return 2;
518 }
0f113f3e
MC		 519 *(int *)arg2 = NID_sha256;
520 return 1;
03919683 521
0f113f3e
MC		 522 default:
523 return -2;
492a9e24 524
0f113f3e 525 }
492a9e24 526
0f113f3e
MC		 527 if (alg)
528 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
4f1aa191 529
0f113f3e 530 return 1;
4f1aa191 531
0f113f3e 532}
492a9e24 533
0f113f3e 534/*
47e42b3c 535 * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter,
0574cadf 536 * suitable for setting an AlgorithmIdentifier.
31904ecd
DSH		 537 */
538
47e42b3c 539static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
0f113f3e
MC		 540{
541 const EVP_MD *sigmd, *mgf1md;
0f113f3e 542 EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
47e42b3c 543 int saltlen;
52ad523c 544
0f113f3e 545 if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
47e42b3c 546 return NULL;
0f113f3e 547 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
47e42b3c 548 return NULL;
0f113f3e 549 if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
47e42b3c 550 return NULL;
90862ab4 551 if (saltlen == -1) {
0f113f3e 552 saltlen = EVP_MD_size(sigmd);
491360e7 553 } else if (saltlen == -2 || saltlen == -3) {
9ab7fe48 554 saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
137096a7 555 if ((EVP_PKEY_bits(pk) & 0x7) == 1)
0f113f3e 556 saltlen--;
491360e7
BE		 557 if (saltlen < 0)
558 return NULL;
0f113f3e 559 }
47e42b3c
DSH		 560
561 return rsa_pss_params_create(sigmd, mgf1md, saltlen);
562}
563
564RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
565 const EVP_MD *mgf1md, int saltlen)
566{
567 RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
52ad523c 568
90945fa3 569 if (pss == NULL)
0f113f3e
MC		 570 goto err;
571 if (saltlen != 20) {
572 pss->saltLength = ASN1_INTEGER_new();
90945fa3 573 if (pss->saltLength == NULL)
0f113f3e
MC		 574 goto err;
575 if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
576 goto err;
577 }
0b3a4ef2 578 if (!x509_algor_new_from_md(&pss->hashAlgorithm, sigmd))
0f113f3e 579 goto err;
47e42b3c 580 if (mgf1md == NULL)
b6b885c6 581 mgf1md = sigmd;
0b3a4ef2 582 if (!x509_algor_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
0f113f3e 583 goto err;
0b3a4ef2 584 if (!x509_algor_new_from_md(&pss->maskHash, mgf1md))
74753357 585 goto err;
47e42b3c 586 return pss;
0f113f3e 587 err:
25aaa98a 588 RSA_PSS_PARAMS_free(pss);
0f113f3e
MC		 589 return NULL;
590}
591
9ab7fe48 592ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx)
47e42b3c
DSH		 593{
594 RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx);
f291138b 595 ASN1_STRING *os;
52ad523c 596
47e42b3c
DSH		 597 if (pss == NULL)
598 return NULL;
599
f291138b 600 os = ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), NULL);
47e42b3c
DSH		 601 RSA_PSS_PARAMS_free(pss);
602 return os;
603}
604
0f113f3e
MC		 605/*
606 * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
0d4fb843 607 * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
0f113f3e 608 * passed to pkctx instead.
0574cadf 609 */
31904ecd 610
9ab7fe48
MC		 611int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
612 const X509_ALGOR *sigalg, EVP_PKEY *pkey)
0f113f3e
MC		 613{
614 int rv = -1;
615 int saltlen;
616 const EVP_MD *mgf1md = NULL, *md = NULL;
617 RSA_PSS_PARAMS *pss;
52ad523c 618
0f113f3e 619 /* Sanity check: make sure it is PSS */
ffc6fad5 620 if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
9ab7fe48 621 RSAerr(0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
0f113f3e
MC		 622 return -1;
623 }
624 /* Decode PSS parameters */
6745a1ff 625 pss = rsa_pss_decode(sigalg);
0f113f3e 626
cfd81c6d 627 if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
9ab7fe48 628 RSAerr(0, RSA_R_INVALID_PSS_PARAMETERS);
0f113f3e
MC		 629 goto err;
630 }
0f113f3e
MC		 631
632 /* We have all parameters now set up context */
0f113f3e
MC		 633 if (pkey) {
634 if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
635 goto err;
636 } else {
637 const EVP_MD *checkmd;
638 if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
639 goto err;
640 if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
9ab7fe48 641 RSAerr(0, RSA_R_DIGEST_DOES_NOT_MATCH);
0f113f3e
MC		 642 goto err;
643 }
644 }
645
646 if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
647 goto err;
648
649 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
650 goto err;
651
652 if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
653 goto err;
654 /* Carry on */
655 rv = 1;
656
657 err:
658 RSA_PSS_PARAMS_free(pss);
0f113f3e
MC		 659 return rv;
660}
492a9e24 661
a6495479
RL		 662static int rsa_pss_verify_param(const EVP_MD **pmd, const EVP_MD **pmgf1md,
663 int *psaltlen, int *ptrailerField)
664{
665 if (psaltlen != NULL && *psaltlen < 0) {
666 ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH);
667 return 0;
668 }
669 /*
670 * low-level routines support only trailer field 0xbc (value 1) and
671 * PKCS#1 says we should reject any other value anyway.
672 */
673 if (ptrailerField != NULL && *ptrailerField != 1) {
674 ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_TRAILER);
675 return 0;
676 }
677 return 1;
678}
679
680static int rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
681 const EVP_MD **pmd,
682 const EVP_MD **pmgf1md,
683 int *psaltlen, int *ptrailerField)
cfd81c6d 684{
a6495479
RL		 685 RSA_PSS_PARAMS_30 pss_params;
686
687 /* Get the defaults from the ONE place */
23b2fc0b 688 (void)ossl_rsa_pss_params_30_set_defaults(&pss_params);
a6495479 689
cfd81c6d
DSH		 690 if (pss == NULL)
691 return 0;
0b3a4ef2 692 *pmd = x509_algor_get_md(pss->hashAlgorithm);
cfd81c6d
DSH		 693 if (*pmd == NULL)
694 return 0;
0b3a4ef2 695 *pmgf1md = x509_algor_get_md(pss->maskHash);
cfd81c6d
DSH		 696 if (*pmgf1md == NULL)
697 return 0;
a6495479 698 if (pss->saltLength)
cfd81c6d 699 *psaltlen = ASN1_INTEGER_get(pss->saltLength);
a6495479 700 else
23b2fc0b 701 *psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params);
a6495479
RL		 702 if (pss->trailerField)
703 *ptrailerField = ASN1_INTEGER_get(pss->trailerField);
704 else
23b2fc0b 705 *ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);;
a6495479
RL		 706
707 return 1;
708}
cfd81c6d 709
a6495479
RL		 710int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
711 const EVP_MD **pmgf1md, int *psaltlen)
712{
cfd81c6d 713 /*
a6495479
RL		 714 * Callers do not care about the trailer field, and yet, we must
715 * pass it from get_param to verify_param, since the latter checks
716 * its value.
717 *
718 * When callers start caring, it's a simple thing to add another
719 * argument to this function.
cfd81c6d 720 */
a6495479 721 int trailerField = 0;
cfd81c6d 722
a6495479
RL		 723 return rsa_pss_get_param_unverified(pss, pmd, pmgf1md, psaltlen,
724 &trailerField)
725 && rsa_pss_verify_param(pmd, pmgf1md, psaltlen, &trailerField);
726}
727
728static int rsa_sync_to_pss_params_30(RSA *rsa)
729{
730 if (rsa != NULL && rsa->pss != NULL) {
731 const EVP_MD *md = NULL, *mgf1md = NULL;
732 int md_nid, mgf1md_nid, saltlen, trailerField;
733 RSA_PSS_PARAMS_30 pss_params;
734
735 /*
736 * We don't care about the validity of the fields here, we just
737 * want to synchronise values. Verifying here makes it impossible
738 * to even read a key with invalid values, making it hard to test
739 * a bad situation.
740 *
741 * Other routines use rsa_pss_get_param(), so the values will be
742 * checked, eventually.
743 */
744 if (!rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md,
745 &saltlen, &trailerField))
746 return 0;
747 md_nid = EVP_MD_type(md);
748 mgf1md_nid = EVP_MD_type(mgf1md);
23b2fc0b
P		 749 if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
750 || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
751 || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
752 mgf1md_nid)
753 || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
754 || !ossl_rsa_pss_params_30_set_trailerfield(&pss_params,
755 trailerField))
a6495479
RL		 756 return 0;
757 rsa->pss_params = pss_params;
758 }
cfd81c6d
DSH		 759 return 1;
760}
761
0f113f3e
MC		 762/*
763 * Customised RSA item verification routine. This is called when a signature
764 * is encountered requiring special handling. We currently only handle PSS.
0574cadf
DSH		 765 */
766
ded346fa
DDO		 767static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it,
768 const void *asn, const X509_ALGOR *sigalg,
769 const ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
0f113f3e
MC		 770{
771 /* Sanity check: make sure it is PSS */
ffc6fad5 772 if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
0f113f3e
MC		 773 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
774 return -1;
775 }
9ab7fe48 776 if (ossl_rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
0f113f3e
MC		 777 /* Carry on */
778 return 2;
09f06923 779 }
0f113f3e
MC		 780 return -1;
781}
0574cadf 782
ded346fa 783static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
0f113f3e
MC		 784 X509_ALGOR *alg1, X509_ALGOR *alg2,
785 ASN1_BIT_STRING *sig)
786{
787 int pad_mode;
6e59a892 788 EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
52ad523c 789
0f113f3e
MC		 790 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
791 return 0;
792 if (pad_mode == RSA_PKCS1_PADDING)
793 return 2;
794 if (pad_mode == RSA_PKCS1_PSS_PADDING) {
795 ASN1_STRING *os1 = NULL;
9ab7fe48 796 os1 = ossl_rsa_ctx_to_pss_string(pkctx);
0f113f3e
MC		 797 if (!os1)
798 return 0;
799 /* Duplicate parameters if we have to */
800 if (alg2) {
801 ASN1_STRING *os2 = ASN1_STRING_dup(os1);
802 if (!os2) {
803 ASN1_STRING_free(os1);
804 return 0;
805 }
ffc6fad5 806 X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
0f113f3e
MC		 807 V_ASN1_SEQUENCE, os2);
808 }
ffc6fad5 809 X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
0f113f3e
MC		 810 V_ASN1_SEQUENCE, os1);
811 return 3;
812 }
813 return 2;
814}
17c63d1c 815
629e369c
DSH		 816static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
817 const ASN1_STRING *sig)
818{
819 int rv = 0;
820 int mdnid, saltlen;
821 uint32_t flags;
822 const EVP_MD *mgf1md = NULL, *md = NULL;
823 RSA_PSS_PARAMS *pss;
b744f915 824 int secbits;
629e369c
DSH		 825
826 /* Sanity check: make sure it is PSS */
827 if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
828 return 0;
829 /* Decode PSS parameters */
830 pss = rsa_pss_decode(sigalg);
831 if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
832 goto err;
833 mdnid = EVP_MD_type(md);
834 /*
835 * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
836 * match and salt length must equal digest size
837 */
838 if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
839 && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
840 flags = X509_SIG_INFO_TLS;
841 else
842 flags = 0;
843 /* Note: security bits half number of digest bits */
b744f915
KR		 844 secbits = EVP_MD_size(md) * 4;
845 /*
846 * SHA1 and MD5 are known to be broken. Reduce security bits so that
847 * they're no longer accepted at security level 1. The real values don't
848 * really matter as long as they're lower than 80, which is our security
849 * level 1.
850 * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for SHA1 at
851 * 2^63.4
852 * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf
853 * puts a chosen-prefix attack for MD5 at 2^39.
854 */
855 if (mdnid == NID_sha1)
856 secbits = 64;
857 else if (mdnid == NID_md5_sha1)
858 secbits = 68;
859 else if (mdnid == NID_md5)
860 secbits = 39;
861 X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, secbits,
629e369c
DSH		 862 flags);
863 rv = 1;
864 err:
865 RSA_PSS_PARAMS_free(pss);
866 return rv;
867}
868
2aee35d3
PY		 869static int rsa_pkey_check(const EVP_PKEY *pkey)
870{
871 return RSA_check_key_ex(pkey->pkey.rsa, NULL);
872}
873
29be6023
RL		 874static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
875{
876 return pkey->pkey.rsa->dirty_cnt;
877}
878
967cc3f9
RL		 879/*
880 * For the moment, we trust the call path, where keys going through
881 * rsa_pkey_export_to() match a KEYMGMT for the "RSA" keytype, while
882 * keys going through rsa_pss_pkey_export_to() match a KEYMGMT for the
883 * "RSA-PSS" keytype.
884 * TODO(3.0) Investigate whether we should simply continue to trust the
885 * call path, or if we should strengthen this function by checking that
886 * |rsa_type| matches the RSA key subtype. The latter requires ensuring
887 * that the type flag for the RSA key is properly set by other functions
888 * in this file.
889 */
890static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
891 void *to_keydata, EVP_KEYMGMT *to_keymgmt,
b4250010 892 OSSL_LIB_CTX *libctx, const char *propq)
29be6023 893{
b305452f 894 RSA *rsa = from->pkey.rsa;
6d4e6009 895 OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
29be6023 896 OSSL_PARAM *params = NULL;
0996cff9 897 int selection = 0;
b305452f 898 int rv = 0;
29be6023 899
6d4e6009
P		 900 if (tmpl == NULL)
901 return 0;
df13defd
RL		 902 /*
903 * If the RSA method is foreign, then we can't be sure of anything, and
904 * can therefore not export or pretend to export.
905 */
906 if (RSA_get_method(rsa) != RSA_PKCS1_OpenSSL())
6d4e6009 907 goto err;
df13defd 908
b305452f 909 /* Public parameters must always be present */
645a541a 910 if (RSA_get0_n(rsa) == NULL || RSA_get0_e(rsa) == NULL)
29be6023
RL		 911 goto err;
912
23b2fc0b 913 if (!ossl_rsa_todata(rsa, tmpl, NULL))
29be6023 914 goto err;
b305452f 915
645a541a
RL		 916 selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
917 if (RSA_get0_d(rsa) != NULL)
0996cff9 918 selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
29be6023 919
967cc3f9
RL		 920 if (rsa->pss != NULL) {
921 const EVP_MD *md = NULL, *mgf1md = NULL;
6ce6ad39 922 int md_nid, mgf1md_nid, saltlen, trailerfield;
967cc3f9
RL		 923 RSA_PSS_PARAMS_30 pss_params;
924
6ce6ad39
RL		 925 if (!rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md,
926 &saltlen, &trailerfield))
967cc3f9
RL		 927 goto err;
928 md_nid = EVP_MD_type(md);
929 mgf1md_nid = EVP_MD_type(mgf1md);
23b2fc0b
P		 930 if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
931 || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
932 || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
933 mgf1md_nid)
934 || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
935 || !ossl_rsa_pss_params_30_todata(&pss_params, tmpl, NULL))
967cc3f9
RL		 936 goto err;
937 selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
29be6023
RL		 938 }
939
6d4e6009 940 if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
29be6023
RL		 941 goto err;
942
943 /* We export, the provider imports */
0996cff9 944 rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
29be6023
RL		 945
946 err:
6d4e6009
P		 947 OSSL_PARAM_BLD_free_params(params);
948 OSSL_PARAM_BLD_free(tmpl);
b305452f 949 return rv;
29be6023
RL		 950}
951
967cc3f9
RL		 952static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
953 int rsa_type)
0abae163 954{
629c72db
MC		 955 EVP_PKEY_CTX *pctx = vpctx;
956 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
23b2fc0b 957 RSA *rsa = ossl_rsa_new_with_ctx(pctx->libctx);
967cc3f9
RL		 958 RSA_PSS_PARAMS_30 rsa_pss_params = { 0, };
959 int ok = 0;
0abae163
RL		 960
961 if (rsa == NULL) {
962 ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
963 return 0;
964 }
965
967cc3f9
RL		 966 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
967 RSA_set_flags(rsa, rsa_type);
968
23b2fc0b 969 if (!ossl_rsa_pss_params_30_fromdata(&rsa_pss_params, params, pctx->libctx))
967cc3f9
RL		 970 goto err;
971
972 switch (rsa_type) {
973 case RSA_FLAG_TYPE_RSA:
974 /*
975 * Were PSS parameters filled in?
976 * In that case, something's wrong
977 */
23b2fc0b 978 if (!ossl_rsa_pss_params_30_is_unrestricted(&rsa_pss_params))
967cc3f9
RL		 979 goto err;
980 break;
981 case RSA_FLAG_TYPE_RSASSAPSS:
982 /*
983 * Were PSS parameters filled in? In that case, create the old
984 * RSA_PSS_PARAMS structure. Otherwise, this is an unrestricted key.
985 */
23b2fc0b 986 if (!ossl_rsa_pss_params_30_is_unrestricted(&rsa_pss_params)) {
967cc3f9 987 /* Create the older RSA_PSS_PARAMS from RSA_PSS_PARAMS_30 data */
23b2fc0b
P		 988 int mdnid = ossl_rsa_pss_params_30_hashalg(&rsa_pss_params);
989 int mgf1mdnid = ossl_rsa_pss_params_30_maskgenhashalg(&rsa_pss_params);
990 int saltlen = ossl_rsa_pss_params_30_saltlen(&rsa_pss_params);
967cc3f9
RL		 991 const EVP_MD *md = EVP_get_digestbynid(mdnid);
992 const EVP_MD *mgf1md = EVP_get_digestbynid(mgf1mdnid);
993
994 if ((rsa->pss = rsa_pss_params_create(md, mgf1md, saltlen)) == NULL)
995 goto err;
996 }
997 break;
998 default:
999 /* RSA key sub-types we don't know how to handle yet */
1000 goto err;
0abae163 1001 }
967cc3f9 1002
23b2fc0b 1003 if (!ossl_rsa_fromdata(rsa, params))
967cc3f9
RL		 1004 goto err;
1005
1006 switch (rsa_type) {
1007 case RSA_FLAG_TYPE_RSA:
1008 ok = EVP_PKEY_assign_RSA(pkey, rsa);
1009 break;
1010 case RSA_FLAG_TYPE_RSASSAPSS:
1011 ok = EVP_PKEY_assign(pkey, EVP_PKEY_RSA_PSS, rsa);
1012 break;
1013 }
1014
1015 err:
1016 if (!ok)
1017 RSA_free(rsa);
1018 return ok;
1019}
1020
1021static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
b4250010 1022 EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
967cc3f9
RL		 1023 const char *propq)
1024{
1025 return rsa_int_export_to(from, RSA_FLAG_TYPE_RSA, to_keydata,
1026 to_keymgmt, libctx, propq);
1027}
1028
1029static int rsa_pss_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
b4250010 1030 EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
967cc3f9
RL		 1031 const char *propq)
1032{
1033 return rsa_int_export_to(from, RSA_FLAG_TYPE_RSASSAPSS, to_keydata,
1034 to_keymgmt, libctx, propq);
1035}
1036
1037static int rsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
1038{
1039 return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSA);
1040}
1041
1042static int rsa_pss_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
1043{
1044 return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSASSAPSS);
0abae163
RL		 1045}
1046
578b5514 1047const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
0f113f3e
MC		 1048 {
1049 EVP_PKEY_RSA,
1050 EVP_PKEY_RSA,
1051 ASN1_PKEY_SIGPARAM_NULL,
1052
1053 "RSA",
1054 "OpenSSL RSA method",
1055
1056 rsa_pub_decode,
1057 rsa_pub_encode,
1058 rsa_pub_cmp,
1059 rsa_pub_print,
1060
1061 rsa_priv_decode,
1062 rsa_priv_encode,
1063 rsa_priv_print,
1064
1065 int_rsa_size,
1066 rsa_bits,
1067 rsa_security_bits,
1068
1069 0, 0, 0, 0, 0, 0,
1070
1071 rsa_sig_print,
1072 int_rsa_free,
1073 rsa_pkey_ctrl,
1074 old_rsa_priv_decode,
1075 old_rsa_priv_encode,
1076 rsa_item_verify,
629e369c 1077 rsa_item_sign,
2aee35d3 1078 rsa_sig_info_set,
29be6023
RL		 1079 rsa_pkey_check,
1080
1081 0, 0,
1082 0, 0, 0, 0,
1083
1084 rsa_pkey_dirty_cnt,
0abae163
RL		 1085 rsa_pkey_export_to,
1086 rsa_pkey_import_from
629e369c 1087 },
0f113f3e
MC		 1088
1089 {
1090 EVP_PKEY_RSA2,
1091 EVP_PKEY_RSA,
1092 ASN1_PKEY_ALIAS}
1093};
4e8ba747
DSH		 1094
1095const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
1096 EVP_PKEY_RSA_PSS,
1097 EVP_PKEY_RSA_PSS,
1098 ASN1_PKEY_SIGPARAM_NULL,
1099
1100 "RSA-PSS",
1101 "OpenSSL RSA-PSS method",
1102
1103 rsa_pub_decode,
1104 rsa_pub_encode,
1105 rsa_pub_cmp,
1106 rsa_pub_print,
1107
1108 rsa_priv_decode,
1109 rsa_priv_encode,
1110 rsa_priv_print,
1111
1112 int_rsa_size,
1113 rsa_bits,
1114 rsa_security_bits,
1115
1116 0, 0, 0, 0, 0, 0,
1117
1118 rsa_sig_print,
1119 int_rsa_free,
1120 rsa_pkey_ctrl,
1121 0, 0,
1122 rsa_item_verify,
1123 rsa_item_sign,
2aee35d3 1124 0,
29be6023
RL		 1125 rsa_pkey_check,
1126
1127 0, 0,
1128 0, 0, 0, 0,
1129
1130 rsa_pkey_dirty_cnt,
967cc3f9
RL		 1131 rsa_pss_pkey_export_to,
1132 rsa_pss_pkey_import_from
4e8ba747 1133};
A mirror of the official openssl repository