[thirdparty/openssl.git] / crypto / rsa / rsa_backend.c

/*
 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * RSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <string.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#ifndef FIPS_MODULE
# include <openssl/x509.h>
# include "crypto/asn1.h"
#endif
#include "internal/sizes.h"
#include "internal/param_build_set.h"
#include "crypto/rsa.h"
#include "rsa_local.h"

/*
 * The intention with the "backend" source file is to offer backend support
 * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
 * implementations alike.
 */

DEFINE_STACK_OF(BIGNUM)

static int collect_numbers(STACK_OF(BIGNUM) *numbers,
                           const OSSL_PARAM params[], const char *names[])
{
    const OSSL_PARAM *p = NULL;
    int i;

    if (numbers == NULL)
        return 0;

    for (i = 0; names[i] != NULL; i++) {
        p = OSSL_PARAM_locate_const(params, names[i]);
        if (p != NULL) {
            BIGNUM *tmp = NULL;

            if (!OSSL_PARAM_get_BN(p, &tmp))
                return 0;
            if (sk_BIGNUM_push(numbers, tmp) == 0) {
                BN_clear_free(tmp);
                return 0;
            }
        }
    }

    return 1;
}

int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private)
{
    const OSSL_PARAM *param_n, *param_e,  *param_d = NULL;
    BIGNUM *n = NULL, *e = NULL, *d = NULL;
    STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
    int is_private = 0;

    if (rsa == NULL)
        return 0;

    param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
    param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
    if (include_private)
        param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);

    if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
        || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
        || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
        goto err;

    is_private = (d != NULL);

    if (!RSA_set0_key(rsa, n, e, d))
        goto err;
    n = e = d = NULL;

    if (is_private) {
        if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
                             ossl_rsa_mp_factor_names)
            || !collect_numbers(exps = sk_BIGNUM_new_null(), params,
                                ossl_rsa_mp_exp_names)
            || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
                                ossl_rsa_mp_coeff_names))
            goto err;

        /* It's ok if this private key just has n, e and d */
        if (sk_BIGNUM_num(factors) != 0
            && !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs))
            goto err;
    }


    sk_BIGNUM_free(factors);
    sk_BIGNUM_free(exps);
    sk_BIGNUM_free(coeffs);
    return 1;

 err:
    BN_free(n);
    BN_free(e);
    BN_free(d);
    sk_BIGNUM_pop_free(factors, BN_free);
    sk_BIGNUM_pop_free(exps, BN_free);
    sk_BIGNUM_pop_free(coeffs, BN_free);
    return 0;
}

DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)

int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
                    int include_private)
{
    int ret = 0;
    const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
    STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
    STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
    STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();

    if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL)
        goto err;

    RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
    ossl_rsa_get0_all_params(rsa, factors, exps, coeffs);

    if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
        || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
        goto err;

    /* Check private key data integrity */
    if (include_private && rsa_d != NULL) {

        if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
                                     rsa_d)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_factor_names,
                                                  factors)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_exp_names, exps)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_coeff_names,
                                                  coeffs))
        goto err;
    }

#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
    /* The acvp test results are not meant for export so check for bld == NULL */
    if (bld == NULL)
        ossl_rsa_acvp_test_get_params(rsa, params);
#endif
    ret = 1;
 err:
    sk_BIGNUM_const_free(factors);
    sk_BIGNUM_const_free(exps);
    sk_BIGNUM_const_free(coeffs);
    return ret;
}

int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
                                  OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
    if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
        int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
        int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss);
        int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
        int saltlen = ossl_rsa_pss_params_30_saltlen(pss);
        int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
        int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
        int default_maskgenhashalg_nid =
                ossl_rsa_pss_params_30_maskgenhashalg(NULL);
        const char *mdname =
            (hashalg_nid == default_hashalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid));
        const char *mgfname =
            (maskgenalg_nid == default_maskgenalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid));
        const char *mgf1mdname =
            (maskgenhashalg_nid == default_maskgenhashalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid));
        const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST;
        const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC;
        const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
        const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;

        /*
         * To ensure that the key isn't seen as unrestricted by the recipient,
         * we make sure that at least one PSS-related parameter is passed, even
         * if it has a default value; saltlen.
         */
        if ((mdname != NULL
             && !ossl_param_build_set_utf8_string(bld, params, key_md, mdname))
            || (mgfname != NULL
                && !ossl_param_build_set_utf8_string(bld, params,
                                                     key_mgf, mgfname))
            || (mgf1mdname != NULL
                && !ossl_param_build_set_utf8_string(bld, params,
                                                     key_mgf1_md, mgf1mdname))
            || (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen)))
            return 0;
    }
    return 1;
}

int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
                                    int *defaults_set,
                                    const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx)
{
    const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md,  *param_saltlen;
    const OSSL_PARAM *param_propq;
    const char *propq = NULL;
    EVP_MD *md = NULL, *mgf1md = NULL;
    int saltlen;
    int ret = 0;

    if (pss_params == NULL)
        return 0;
    param_propq =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
    param_md =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
    param_mgf =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC);
    param_mgf1md =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST);
    param_saltlen =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);

    if (param_propq != NULL) {
        if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
            propq = param_propq->data;
    }
    /*
     * If we get any of the parameters, we know we have at least some
     * restrictions, so we start by setting default values, and let each
     * parameter override their specific restriction data.
     */
    if (!*defaults_set
        && (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL
            || param_saltlen != NULL)) {
        if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
            return 0;
        *defaults_set = 1;
    }

    if (param_mgf != NULL) {
        int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
        const char *mgfname = NULL;

        if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING)
            mgfname = param_mgf->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
            return 0;

        if (OPENSSL_strcasecmp(param_mgf->data,
                               ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
            return 0;
    }

    /*
     * We're only interested in the NIDs that correspond to the MDs, so the
     * exact propquery is unimportant in the EVP_MD_fetch() calls below.
     */

    if (param_md != NULL) {
        const char *mdname = NULL;

        if (param_md->data_type == OSSL_PARAM_UTF8_STRING)
            mdname = param_md->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
            goto err;

        if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
            || !ossl_rsa_pss_params_30_set_hashalg(pss_params,
                                                   ossl_rsa_oaeppss_md2nid(md)))
            goto err;
    }

    if (param_mgf1md != NULL) {
        const char *mgf1mdname = NULL;

        if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING)
            mgf1mdname = param_mgf1md->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
            goto err;

        if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
            || !ossl_rsa_pss_params_30_set_maskgenhashalg(
                    pss_params, ossl_rsa_oaeppss_md2nid(mgf1md)))
            goto err;
    }

    if (param_saltlen != NULL) {
        if (!OSSL_PARAM_get_int(param_saltlen, &saltlen)
            || !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen))
            goto err;
    }

    ret = 1;

 err:
    EVP_MD_free(md);
    EVP_MD_free(mgf1md);
    return ret;
}

int ossl_rsa_is_foreign(const RSA *rsa)
{
#ifndef FIPS_MODULE
    if (rsa->engine != NULL || RSA_get_method(rsa) != RSA_PKCS1_OpenSSL())
        return 1;
#endif
    return 0;
}

static ossl_inline int rsa_bn_dup_check(BIGNUM **out, const BIGNUM *f)
{
    if (f != NULL && (*out = BN_dup(f)) == NULL)
        return 0;
    return 1;
}

RSA *ossl_rsa_dup(const RSA *rsa, int selection)
{
    RSA *dupkey = NULL;
#ifndef FIPS_MODULE
    int pnum, i;
#endif

    /* Do not try to duplicate foreign RSA keys */
    if (ossl_rsa_is_foreign(rsa))
        return NULL;

    if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL)
        return NULL;

    /* public key */
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
        if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
            goto err;
    }

    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {

        /* private key */
        if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
            goto err;

        /* factors and crt params */
        if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
            goto err;
    }

    dupkey->version = rsa->version;
    dupkey->flags = rsa->flags;
    /* we always copy the PSS parameters regardless of selection */
    dupkey->pss_params = rsa->pss_params;

#ifndef FIPS_MODULE
    /* multiprime */
    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
        && (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) {
        dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
        if (dupkey->prime_infos == NULL)
            goto err;
        for (i = 0; i < pnum; i++) {
            const RSA_PRIME_INFO *pinfo = NULL;
            RSA_PRIME_INFO *duppinfo = NULL;

            if ((duppinfo = OPENSSL_zalloc(sizeof(*duppinfo))) == NULL)
                goto err;
            /* push first so cleanup in error case works */
            (void)sk_RSA_PRIME_INFO_push(dupkey->prime_infos, duppinfo);

            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
            if (!rsa_bn_dup_check(&duppinfo->r, pinfo->r))
                goto err;
            if (!rsa_bn_dup_check(&duppinfo->d, pinfo->d))
                goto err;
            if (!rsa_bn_dup_check(&duppinfo->t, pinfo->t))
                goto err;
        }
        if (!ossl_rsa_multip_calc_product(dupkey))
            goto err;
    }

    if (rsa->pss != NULL) {
        dupkey->pss = RSA_PSS_PARAMS_dup(rsa->pss);
        if (rsa->pss->maskGenAlgorithm != NULL
            && dupkey->pss->maskGenAlgorithm == NULL) {
            dupkey->pss->maskHash = ossl_x509_algor_mgf1_decode(rsa->pss->maskGenAlgorithm);
            if (dupkey->pss->maskHash == NULL)
                goto err;
        }
    }
    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA,
                            &dupkey->ex_data, &rsa->ex_data))
        goto err;
#endif

    return dupkey;

 err:
    RSA_free(dupkey);
    return NULL;
}

#ifndef FIPS_MODULE
RSA_PSS_PARAMS *ossl_rsa_pss_decode(const X509_ALGOR *alg)
{
    RSA_PSS_PARAMS *pss;

    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
                                    alg->parameter);

    if (pss == NULL)
        return NULL;

    if (pss->maskGenAlgorithm != NULL) {
        pss->maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm);
        if (pss->maskHash == NULL) {
            RSA_PSS_PARAMS_free(pss);
            return NULL;
        }
    }

    return pss;
}

static int ossl_rsa_sync_to_pss_params_30(RSA *rsa)
{
    const RSA_PSS_PARAMS *legacy_pss = NULL;
    RSA_PSS_PARAMS_30 *pss = NULL;

    if (rsa != NULL
        && (legacy_pss = RSA_get0_pss_params(rsa)) != NULL
        && (pss = ossl_rsa_get0_pss_params_30(rsa)) != NULL) {
        const EVP_MD *md = NULL, *mgf1md = NULL;
        int md_nid, mgf1md_nid, saltlen, trailerField;
        RSA_PSS_PARAMS_30 pss_params;

        /*
         * We don't care about the validity of the fields here, we just
         * want to synchronise values.  Verifying here makes it impossible
         * to even read a key with invalid values, making it hard to test
         * a bad situation.
         *
         * Other routines use ossl_rsa_pss_get_param(), so the values will
         * be checked, eventually.
         */
        if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md,
                                               &saltlen, &trailerField))
            return 0;
        md_nid = EVP_MD_get_type(md);
        mgf1md_nid = EVP_MD_get_type(mgf1md);
        if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
            || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
            || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
                                                          mgf1md_nid)
            || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
            || !ossl_rsa_pss_params_30_set_trailerfield(&pss_params,
                                                        trailerField))
            return 0;
        *pss = pss_params;
    }
    return 1;
}

int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
                                      const EVP_MD **pmd, const EVP_MD **pmgf1md,
                                      int *psaltlen, int *ptrailerField)
{
    RSA_PSS_PARAMS_30 pss_params;

    /* Get the defaults from the ONE place */
    (void)ossl_rsa_pss_params_30_set_defaults(&pss_params);

    if (pss == NULL)
        return 0;
    *pmd = ossl_x509_algor_get_md(pss->hashAlgorithm);
    if (*pmd == NULL)
        return 0;
    *pmgf1md = ossl_x509_algor_get_md(pss->maskHash);
    if (*pmgf1md == NULL)
        return 0;
    if (pss->saltLength)
        *psaltlen = ASN1_INTEGER_get(pss->saltLength);
    else
        *psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params);
    if (pss->trailerField)
        *ptrailerField = ASN1_INTEGER_get(pss->trailerField);
    else
        *ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);

    return 1;
}

int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
{
    RSA_PSS_PARAMS *pss;
    const ASN1_OBJECT *algoid;
    const void *algp;
    int algptype;

    X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
    if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
        return 1;
    if (algptype == V_ASN1_UNDEF)
        return 1;
    if (algptype != V_ASN1_SEQUENCE) {
        ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS);
        return 0;
    }
    if ((pss = ossl_rsa_pss_decode(alg)) == NULL
        || !ossl_rsa_set0_pss_params(rsa, pss)) {
        RSA_PSS_PARAMS_free(pss);
        return 0;
    }
    if (!ossl_rsa_sync_to_pss_params_30(rsa))
        return 0;
    return 1;
}

RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
                             OSSL_LIB_CTX *libctx, const char *propq)
{
    const unsigned char *p;
    RSA *rsa;
    int pklen;
    const X509_ALGOR *alg;

    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8inf))
        return 0;
    rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
    if (rsa == NULL) {
        ERR_raise(ERR_LIB_RSA, ERR_R_RSA_LIB);
        return NULL;
    }
    if (!ossl_rsa_param_decode(rsa, alg)) {
        RSA_free(rsa);
        return NULL;
    }

    RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
    switch (OBJ_obj2nid(alg->algorithm)) {
    case EVP_PKEY_RSA:
        RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
        break;
    case EVP_PKEY_RSA_PSS:
        RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
        break;
    default:
        /* Leave the type bits zero */
        break;
    }

    return rsa;
}
#endif
Commit	Line	Data
0abae163	1	/*
fecb3aae	2	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
0abae163 RL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
d7e498ac RL	10	/*
	11	* RSA low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
15671090	16	#include <string.h>
0abae163 RL	17	#include <openssl/core_names.h>
0abae163 RL	18	#include <openssl/params.h>
cf333799	19	#include <openssl/err.h>
15671090	20	#include <openssl/evp.h>
3f773c91 TM	21	#ifndef FIPS_MODULE
	22	# include <openssl/x509.h>
	23	# include "crypto/asn1.h"
	24	#endif
15671090 RL	25	#include "internal/sizes.h"
15671090 RL	26	#include "internal/param_build_set.h"
0abae163	27	#include "crypto/rsa.h"
4a9fe33c	28	#include "rsa_local.h"
0abae163 RL	29
	30	/*
	31	* The intention with the "backend" source file is to offer backend support
	32	* for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
	33	* implementations alike.
	34	*/
	35
	36	DEFINE_STACK_OF(BIGNUM)
	37
	38	static int collect_numbers(STACK_OF(BIGNUM) *numbers,
96ebe52e	39	const OSSL_PARAM params[], const char *names[])
0abae163 RL	40	{
0abae163 RL	41	const OSSL_PARAM *p = NULL;
96ebe52e	42	int i;
0abae163 RL	43
	44	if (numbers == NULL)
	45	return 0;
	46
1287dabd	47	for (i = 0; names[i] != NULL; i++) {
96ebe52e SL	48	p = OSSL_PARAM_locate_const(params, names[i]);
	49	if (p != NULL) {
	50	BIGNUM *tmp = NULL;
0abae163	51
28adea95	52	if (!OSSL_PARAM_get_BN(p, &tmp))
96ebe52e	53	return 0;
28adea95	54	if (sk_BIGNUM_push(numbers, tmp) == 0) {
	55	BN_clear_free(tmp);
	56	return 0;
	57	}
96ebe52e	58	}
0abae163 RL	59	}
	60
	61	return 1;
	62	}
	63
944f822a	64	int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private)
0abae163	65	{
944f822a	66	const OSSL_PARAM param_n, param_e, *param_d = NULL;
0abae163 RL	67	BIGNUM n = NULL, e = NULL, *d = NULL;
	68	STACK_OF(BIGNUM) factors = NULL, exps = NULL, *coeffs = NULL;
	69	int is_private = 0;
	70
	71	if (rsa == NULL)
	72	return 0;
	73
	74	param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
	75	param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
944f822a	76	if (include_private)
944f822a	77	param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
0abae163 RL	78
	79	if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
	80	\|\| (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
	81	\|\| (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
	82	goto err;
	83
	84	is_private = (d != NULL);
	85
	86	if (!RSA_set0_key(rsa, n, e, d))
	87	goto err;
	88	n = e = d = NULL;
	89
	90	if (is_private) {
	91	if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
23b2fc0b	92	ossl_rsa_mp_factor_names)
0abae163	93	\|\| !collect_numbers(exps = sk_BIGNUM_new_null(), params,
23b2fc0b	94	ossl_rsa_mp_exp_names)
0abae163	95	\|\| !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
23b2fc0b	96	ossl_rsa_mp_coeff_names))
0abae163 RL	97	goto err;
	98
	99	/* It's ok if this private key just has n, e and d */
	100	if (sk_BIGNUM_num(factors) != 0
23b2fc0b	101	&& !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs))
0abae163 RL	102	goto err;
	103	}
	104
4f2271d5	105
0abae163 RL	106	sk_BIGNUM_free(factors);
	107	sk_BIGNUM_free(exps);
	108	sk_BIGNUM_free(coeffs);
	109	return 1;
	110
	111	err:
	112	BN_free(n);
	113	BN_free(e);
	114	BN_free(d);
	115	sk_BIGNUM_pop_free(factors, BN_free);
	116	sk_BIGNUM_pop_free(exps, BN_free);
	117	sk_BIGNUM_pop_free(coeffs, BN_free);
	118	return 0;
	119	}
	120
645a541a RL	121	DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
645a541a RL	122
944f822a	123	int ossl_rsa_todata(RSA rsa, OSSL_PARAM_BLD bld, OSSL_PARAM params[],
944f822a	124	int include_private)
645a541a RL	125	{
	126	int ret = 0;
	127	const BIGNUM rsa_d = NULL, rsa_n = NULL, *rsa_e = NULL;
	128	STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
	129	STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
	130	STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();
	131
	132	if (rsa == NULL \|\| factors == NULL \|\| exps == NULL \|\| coeffs == NULL)
	133	goto err;
	134
	135	RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
23b2fc0b	136	ossl_rsa_get0_all_params(rsa, factors, exps, coeffs);
645a541a	137
26a8f2ac RL	138	if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
	139	\|\| !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
	140	goto err;
	141
645a541a	142	/* Check private key data integrity */
944f822a	143	if (include_private && rsa_d != NULL) {
645a541a	144
26a8f2ac RL	145	if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
	146	rsa_d)
	147	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b P	148	ossl_rsa_mp_factor_names,
23b2fc0b P	149	factors)
26a8f2ac	150	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b	151	ossl_rsa_mp_exp_names, exps)
26a8f2ac	152	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b P	153	ossl_rsa_mp_coeff_names,
23b2fc0b P	154	coeffs))
645a541a	155	goto err;
26a8f2ac RL	156	}
26a8f2ac RL	157
4f2271d5 SL	158	#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
	159	/* The acvp test results are not meant for export so check for bld == NULL */
	160	if (bld == NULL)
4158b0dc	161	ossl_rsa_acvp_test_get_params(rsa, params);
4f2271d5	162	#endif
645a541a RL	163	ret = 1;
	164	err:
	165	sk_BIGNUM_const_free(factors);
	166	sk_BIGNUM_const_free(exps);
	167	sk_BIGNUM_const_free(coeffs);
	168	return ret;
	169	}
15671090	170
23b2fc0b P	171	int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
23b2fc0b P	172	OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
15671090	173	{
23b2fc0b P	174	if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
	175	int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
	176	int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss);
	177	int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
	178	int saltlen = ossl_rsa_pss_params_30_saltlen(pss);
	179	int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
	180	int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
	181	int default_maskgenhashalg_nid =
	182	ossl_rsa_pss_params_30_maskgenhashalg(NULL);
15671090 RL	183	const char *mdname =
15671090 RL	184	(hashalg_nid == default_hashalg_nid
23b2fc0b	185	? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid));
15671090 RL	186	const char *mgfname =
15671090 RL	187	(maskgenalg_nid == default_maskgenalg_nid
23b2fc0b	188	? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid));
15671090 RL	189	const char *mgf1mdname =
15671090 RL	190	(maskgenhashalg_nid == default_maskgenhashalg_nid
23b2fc0b	191	? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid));
15671090 RL	192	const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST;
	193	const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC;
	194	const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
	195	const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
	196
	197	/*
	198	* To ensure that the key isn't seen as unrestricted by the recipient,
	199	* we make sure that at least one PSS-related parameter is passed, even
	200	* if it has a default value; saltlen.
	201	*/
	202	if ((mdname != NULL
	203	&& !ossl_param_build_set_utf8_string(bld, params, key_md, mdname))
	204	\|\| (mgfname != NULL
	205	&& !ossl_param_build_set_utf8_string(bld, params,
	206	key_mgf, mgfname))
	207	\|\| (mgf1mdname != NULL
	208	&& !ossl_param_build_set_utf8_string(bld, params,
	209	key_mgf1_md, mgf1mdname))
	210	\|\| (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen)))
	211	return 0;
	212	}
	213	return 1;
	214	}
	215
23b2fc0b	216	int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
bbde8566	217	int *defaults_set,
23b2fc0b	218	const OSSL_PARAM params[],
b4250010	219	OSSL_LIB_CTX *libctx)
15671090 RL	220	{
15671090 RL	221	const OSSL_PARAM param_md, param_mgf, param_mgf1md, param_saltlen;
719523c7 SL	222	const OSSL_PARAM *param_propq;
719523c7 SL	223	const char *propq = NULL;
15671090 RL	224	EVP_MD md = NULL, mgf1md = NULL;
	225	int saltlen;
	226	int ret = 0;
	227
	228	if (pss_params == NULL)
	229	return 0;
719523c7 SL	230	param_propq =
719523c7 SL	231	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
15671090 RL	232	param_md =
	233	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
	234	param_mgf =
	235	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC);
	236	param_mgf1md =
	237	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST);
	238	param_saltlen =
	239	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);
	240
719523c7 SL	241	if (param_propq != NULL) {
	242	if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
	243	propq = param_propq->data;
	244	}
15671090 RL	245	/*
	246	* If we get any of the parameters, we know we have at least some
	247	* restrictions, so we start by setting default values, and let each
	248	* parameter override their specific restriction data.
	249	*/
bbde8566 TM	250	if (!*defaults_set
	251	&& (param_md != NULL \|\| param_mgf != NULL \|\| param_mgf1md != NULL
	252	\|\| param_saltlen != NULL)) {
23b2fc0b	253	if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
15671090	254	return 0;
bbde8566 TM	255	*defaults_set = 1;
bbde8566 TM	256	}
15671090 RL	257
15671090 RL	258	if (param_mgf != NULL) {
23b2fc0b	259	int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
15671090 RL	260	const char *mgfname = NULL;
	261
	262	if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING)
	263	mgfname = param_mgf->data;
	264	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
	265	return 0;
	266
fba140c7 DB	267	if (OPENSSL_strcasecmp(param_mgf->data,
fba140c7 DB	268	ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
15671090 RL	269	return 0;
	270	}
	271
	272	/*
	273	* We're only interested in the NIDs that correspond to the MDs, so the
	274	* exact propquery is unimportant in the EVP_MD_fetch() calls below.
	275	*/
	276
	277	if (param_md != NULL) {
	278	const char *mdname = NULL;
	279
	280	if (param_md->data_type == OSSL_PARAM_UTF8_STRING)
	281	mdname = param_md->data;
	282	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
	283	goto err;
	284
719523c7	285	if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
23b2fc0b P	286	\|\| !ossl_rsa_pss_params_30_set_hashalg(pss_params,
23b2fc0b P	287	ossl_rsa_oaeppss_md2nid(md)))
15671090 RL	288	goto err;
	289	}
	290
	291	if (param_mgf1md != NULL) {
	292	const char *mgf1mdname = NULL;
	293
	294	if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING)
	295	mgf1mdname = param_mgf1md->data;
	296	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
	297	goto err;
	298
719523c7	299	if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
23b2fc0b P	300	\|\| !ossl_rsa_pss_params_30_set_maskgenhashalg(
23b2fc0b P	301	pss_params, ossl_rsa_oaeppss_md2nid(mgf1md)))
15671090 RL	302	goto err;
	303	}
	304
	305	if (param_saltlen != NULL) {
	306	if (!OSSL_PARAM_get_int(param_saltlen, &saltlen)
23b2fc0b	307	\|\| !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen))
15671090 RL	308	goto err;
	309	}
	310
	311	ret = 1;
	312
	313	err:
	314	EVP_MD_free(md);
	315	EVP_MD_free(mgf1md);
	316	return ret;
	317	}
cf333799	318
b247113c TM	319	int ossl_rsa_is_foreign(const RSA *rsa)
	320	{
	321	#ifndef FIPS_MODULE
	322	if (rsa->engine != NULL \|\| RSA_get_method(rsa) != RSA_PKCS1_OpenSSL())
	323	return 1;
	324	#endif
	325	return 0;
	326	}
	327
4a9fe33c TM	328	static ossl_inline int rsa_bn_dup_check(BIGNUM *out, const BIGNUM f)
	329	{
	330	if (f != NULL && (*out = BN_dup(f)) == NULL)
	331	return 0;
	332	return 1;
	333	}
	334
b4f447c0	335	RSA ossl_rsa_dup(const RSA rsa, int selection)
4a9fe33c TM	336	{
	337	RSA *dupkey = NULL;
	338	#ifndef FIPS_MODULE
	339	int pnum, i;
b247113c	340	#endif
4a9fe33c TM	341
4a9fe33c TM	342	/* Do not try to duplicate foreign RSA keys */
b247113c	343	if (ossl_rsa_is_foreign(rsa))
4a9fe33c	344	return NULL;
4a9fe33c TM	345
	346	if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL)
	347	return NULL;
	348
b4f447c0 TM	349	/* public key */
	350	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
	351	if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
	352	goto err;
	353	if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
	354	goto err;
	355	}
4a9fe33c	356
b4f447c0 TM	357	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
	358
	359	/* private key */
	360	if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
	361	goto err;
	362
	363	/* factors and crt params */
	364	if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
	365	goto err;
	366	if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
	367	goto err;
	368	if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
	369	goto err;
	370	if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
	371	goto err;
	372	if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
	373	goto err;
	374	}
4a9fe33c TM	375
	376	dupkey->version = rsa->version;
	377	dupkey->flags = rsa->flags;
b4f447c0	378	/* we always copy the PSS parameters regardless of selection */
4a9fe33c TM	379	dupkey->pss_params = rsa->pss_params;
	380
	381	#ifndef FIPS_MODULE
	382	/* multiprime */
b4f447c0 TM	383	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
b4f447c0 TM	384	&& (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) {
4a9fe33c	385	dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
9dddcd90	386	if (dupkey->prime_infos == NULL)
9dddcd90	387	goto err;
4a9fe33c TM	388	for (i = 0; i < pnum; i++) {
	389	const RSA_PRIME_INFO *pinfo = NULL;
	390	RSA_PRIME_INFO *duppinfo = NULL;
	391
e077455e	392	if ((duppinfo = OPENSSL_zalloc(sizeof(*duppinfo))) == NULL)
4a9fe33c	393	goto err;
4a9fe33c TM	394	/* push first so cleanup in error case works */
	395	(void)sk_RSA_PRIME_INFO_push(dupkey->prime_infos, duppinfo);
	396
	397	pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
	398	if (!rsa_bn_dup_check(&duppinfo->r, pinfo->r))
	399	goto err;
	400	if (!rsa_bn_dup_check(&duppinfo->d, pinfo->d))
	401	goto err;
	402	if (!rsa_bn_dup_check(&duppinfo->t, pinfo->t))
	403	goto err;
	404	}
	405	if (!ossl_rsa_multip_calc_product(dupkey))
	406	goto err;
	407	}
	408
	409	if (rsa->pss != NULL) {
	410	dupkey->pss = RSA_PSS_PARAMS_dup(rsa->pss);
	411	if (rsa->pss->maskGenAlgorithm != NULL
	412	&& dupkey->pss->maskGenAlgorithm == NULL) {
	413	dupkey->pss->maskHash = ossl_x509_algor_mgf1_decode(rsa->pss->maskGenAlgorithm);
	414	if (dupkey->pss->maskHash == NULL)
	415	goto err;
	416	}
	417	}
	418	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA,
	419	&dupkey->ex_data, &rsa->ex_data))
	420	goto err;
	421	#endif
	422
	423	return dupkey;
	424
	425	err:
	426	RSA_free(dupkey);
	427	return NULL;
	428	}
	429
cf333799 RL	430	#ifndef FIPS_MODULE
	431	RSA_PSS_PARAMS ossl_rsa_pss_decode(const X509_ALGOR alg)
	432	{
	433	RSA_PSS_PARAMS *pss;
	434
	435	pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
	436	alg->parameter);
	437
	438	if (pss == NULL)
	439	return NULL;
	440
	441	if (pss->maskGenAlgorithm != NULL) {
	442	pss->maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm);
	443	if (pss->maskHash == NULL) {
	444	RSA_PSS_PARAMS_free(pss);
	445	return NULL;
	446	}
	447	}
	448
	449	return pss;
	450	}
	451
	452	static int ossl_rsa_sync_to_pss_params_30(RSA *rsa)
	453	{
	454	const RSA_PSS_PARAMS *legacy_pss = NULL;
	455	RSA_PSS_PARAMS_30 *pss = NULL;
	456
	457	if (rsa != NULL
	458	&& (legacy_pss = RSA_get0_pss_params(rsa)) != NULL
	459	&& (pss = ossl_rsa_get0_pss_params_30(rsa)) != NULL) {
	460	const EVP_MD md = NULL, mgf1md = NULL;
	461	int md_nid, mgf1md_nid, saltlen, trailerField;
	462	RSA_PSS_PARAMS_30 pss_params;
	463
	464	/*
	465	* We don't care about the validity of the fields here, we just
	466	* want to synchronise values. Verifying here makes it impossible
	467	* to even read a key with invalid values, making it hard to test
	468	* a bad situation.
	469	*
	470	* Other routines use ossl_rsa_pss_get_param(), so the values will
	471	* be checked, eventually.
	472	*/
	473	if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md,
	474	&saltlen, &trailerField))
	475	return 0;
ed576acd TM	476	md_nid = EVP_MD_get_type(md);
ed576acd TM	477	mgf1md_nid = EVP_MD_get_type(mgf1md);
cf333799 RL	478	if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
	479	\|\| !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
	480	\|\| !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
	481	mgf1md_nid)
	482	\|\| !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
	483	\|\| !ossl_rsa_pss_params_30_set_trailerfield(&pss_params,
	484	trailerField))
	485	return 0;
	486	*pss = pss_params;
	487	}
	488	return 1;
	489	}
	490
	491	int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
	492	const EVP_MD pmd, const EVP_MD pmgf1md,
	493	int psaltlen, int ptrailerField)
	494	{
	495	RSA_PSS_PARAMS_30 pss_params;
	496
	497	/* Get the defaults from the ONE place */
	498	(void)ossl_rsa_pss_params_30_set_defaults(&pss_params);
	499
	500	if (pss == NULL)
	501	return 0;
	502	*pmd = ossl_x509_algor_get_md(pss->hashAlgorithm);
	503	if (*pmd == NULL)
	504	return 0;
	505	*pmgf1md = ossl_x509_algor_get_md(pss->maskHash);
	506	if (*pmgf1md == NULL)
	507	return 0;
	508	if (pss->saltLength)
	509	*psaltlen = ASN1_INTEGER_get(pss->saltLength);
	510	else
	511	*psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params);
	512	if (pss->trailerField)
	513	*ptrailerField = ASN1_INTEGER_get(pss->trailerField);
	514	else
d715dbd8	515	*ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);
cf333799 RL	516
	517	return 1;
	518	}
	519
	520	int ossl_rsa_param_decode(RSA rsa, const X509_ALGOR alg)
	521	{
	522	RSA_PSS_PARAMS *pss;
	523	const ASN1_OBJECT *algoid;
	524	const void *algp;
	525	int algptype;
	526
	527	X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
	528	if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
	529	return 1;
	530	if (algptype == V_ASN1_UNDEF)
	531	return 1;
	532	if (algptype != V_ASN1_SEQUENCE) {
	533	ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS);
	534	return 0;
	535	}
	536	if ((pss = ossl_rsa_pss_decode(alg)) == NULL
	537	\|\| !ossl_rsa_set0_pss_params(rsa, pss)) {
	538	RSA_PSS_PARAMS_free(pss);
	539	return 0;
	540	}
	541	if (!ossl_rsa_sync_to_pss_params_30(rsa))
	542	return 0;
	543	return 1;
	544	}
	545
	546	RSA ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO p8inf,
	547	OSSL_LIB_CTX libctx, const char propq)
	548	{
	549	const unsigned char *p;
	550	RSA *rsa;
	551	int pklen;
	552	const X509_ALGOR *alg;
	553
	554	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8inf))
	555	return 0;
	556	rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
	557	if (rsa == NULL) {
	558	ERR_raise(ERR_LIB_RSA, ERR_R_RSA_LIB);
	559	return NULL;
	560	}
	561	if (!ossl_rsa_param_decode(rsa, alg)) {
	562	RSA_free(rsa);
	563	return NULL;
	564	}
	565
	566	RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
	567	switch (OBJ_obj2nid(alg->algorithm)) {
	568	case EVP_PKEY_RSA:
	569	RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
	570	break;
	571	case EVP_PKEY_RSA_PSS:
	572	RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
	573	break;
	574	default:
	575	/* Leave the type bits zero */
	576	break;
	577	}
	578
	579	return rsa;
580	}
581	#endif