[thirdparty/openssl.git] / crypto / rsa / rsa_backend.c

/*
 * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * RSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <string.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#ifndef FIPS_MODULE
# include <openssl/x509.h>
# include "crypto/asn1.h"
#endif
#include "internal/sizes.h"
#include "internal/param_build_set.h"
#include "crypto/rsa.h"
#include "rsa_local.h"

/*
 * The intention with the "backend" source file is to offer backend support
 * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
 * implementations alike.
 */

DEFINE_STACK_OF(BIGNUM)

static int collect_numbers(STACK_OF(BIGNUM) *numbers,
                           const OSSL_PARAM params[], const char *names[])
{
    const OSSL_PARAM *p = NULL;
    int i;

    if (numbers == NULL)
        return 0;

    for (i = 0; names[i] != NULL; i++) {
        p = OSSL_PARAM_locate_const(params, names[i]);
        if (p != NULL) {
            BIGNUM *tmp = NULL;

            if (!OSSL_PARAM_get_BN(p, &tmp))
                return 0;
            if (sk_BIGNUM_push(numbers, tmp) == 0) {
                BN_clear_free(tmp);
                return 0;
            }
        }
    }

    return 1;
}

int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private)
{
    const OSSL_PARAM *param_n, *param_e,  *param_d = NULL;
    BIGNUM *n = NULL, *e = NULL, *d = NULL;
    STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
    int is_private = 0;

    if (rsa == NULL)
        return 0;

    param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
    param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
    if (include_private)
        param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);

    if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
        || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
        || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
        goto err;

    is_private = (d != NULL);

    if (!RSA_set0_key(rsa, n, e, d))
        goto err;
    n = e = d = NULL;

    if (is_private) {
        if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
                             ossl_rsa_mp_factor_names)
            || !collect_numbers(exps = sk_BIGNUM_new_null(), params,
                                ossl_rsa_mp_exp_names)
            || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
                                ossl_rsa_mp_coeff_names))
            goto err;

        /* It's ok if this private key just has n, e and d */
        if (sk_BIGNUM_num(factors) != 0
            && !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs))
            goto err;
    }


    sk_BIGNUM_free(factors);
    sk_BIGNUM_free(exps);
    sk_BIGNUM_free(coeffs);
    return 1;

 err:
    BN_free(n);
    BN_free(e);
    BN_free(d);
    sk_BIGNUM_pop_free(factors, BN_free);
    sk_BIGNUM_pop_free(exps, BN_free);
    sk_BIGNUM_pop_free(coeffs, BN_free);
    return 0;
}

DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)

int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
                    int include_private)
{
    int ret = 0;
    const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
    STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
    STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
    STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();

    if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL)
        goto err;

    RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
    ossl_rsa_get0_all_params(rsa, factors, exps, coeffs);

    if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
        || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
        goto err;

    /* Check private key data integrity */
    if (include_private && rsa_d != NULL) {
        int numprimes = sk_BIGNUM_const_num(factors);
        int numexps = sk_BIGNUM_const_num(exps);
        int numcoeffs = sk_BIGNUM_const_num(coeffs);

        /*
         * It's permissible to have zero primes, i.e. no CRT params.
         * Otherwise, there must be at least two, as many exponents,
         * and one coefficient less.
         */
        if (numprimes != 0
            && (numprimes < 2 || numexps < 2 || numcoeffs < 1))
            goto err;

        if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
                                     rsa_d)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_factor_names,
                                                  factors)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_exp_names, exps)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_coeff_names,
                                                  coeffs))
        goto err;
    }

#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
    /* The acvp test results are not meant for export so check for bld == NULL */
    if (bld == NULL)
        ossl_rsa_acvp_test_get_params(rsa, params);
#endif
    ret = 1;
 err:
    sk_BIGNUM_const_free(factors);
    sk_BIGNUM_const_free(exps);
    sk_BIGNUM_const_free(coeffs);
    return ret;
}

int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
                                  OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
    if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
        int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
        int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss);
        int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
        int saltlen = ossl_rsa_pss_params_30_saltlen(pss);
        int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
        int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
        int default_maskgenhashalg_nid =
                ossl_rsa_pss_params_30_maskgenhashalg(NULL);
        const char *mdname =
            (hashalg_nid == default_hashalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid));
        const char *mgfname =
            (maskgenalg_nid == default_maskgenalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid));
        const char *mgf1mdname =
            (maskgenhashalg_nid == default_maskgenhashalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid));
        const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST;
        const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC;
        const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
        const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;

        /*
         * To ensure that the key isn't seen as unrestricted by the recipient,
         * we make sure that at least one PSS-related parameter is passed, even
         * if it has a default value; saltlen.
         */
        if ((mdname != NULL
             && !ossl_param_build_set_utf8_string(bld, params, key_md, mdname))
            || (mgfname != NULL
                && !ossl_param_build_set_utf8_string(bld, params,
                                                     key_mgf, mgfname))
            || (mgf1mdname != NULL
                && !ossl_param_build_set_utf8_string(bld, params,
                                                     key_mgf1_md, mgf1mdname))
            || (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen)))
            return 0;
    }
    return 1;
}

int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
                                    int *defaults_set,
                                    const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx)
{
    const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md,  *param_saltlen;
    const OSSL_PARAM *param_propq;
    const char *propq = NULL;
    EVP_MD *md = NULL, *mgf1md = NULL;
    int saltlen;
    int ret = 0;

    if (pss_params == NULL)
        return 0;
    param_propq =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
    param_md =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
    param_mgf =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC);
    param_mgf1md =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST);
    param_saltlen =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);

    if (param_propq != NULL) {
        if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
            propq = param_propq->data;
    }
    /*
     * If we get any of the parameters, we know we have at least some
     * restrictions, so we start by setting default values, and let each
     * parameter override their specific restriction data.
     */
    if (!*defaults_set
        && (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL
            || param_saltlen != NULL)) {
        if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
            return 0;
        *defaults_set = 1;
    }

    if (param_mgf != NULL) {
        int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
        const char *mgfname = NULL;

        if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING)
            mgfname = param_mgf->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
            return 0;

        if (OPENSSL_strcasecmp(param_mgf->data,
                               ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
            return 0;
    }

    /*
     * We're only interested in the NIDs that correspond to the MDs, so the
     * exact propquery is unimportant in the EVP_MD_fetch() calls below.
     */

    if (param_md != NULL) {
        const char *mdname = NULL;

        if (param_md->data_type == OSSL_PARAM_UTF8_STRING)
            mdname = param_md->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
            goto err;

        if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
            || !ossl_rsa_pss_params_30_set_hashalg(pss_params,
                                                   ossl_rsa_oaeppss_md2nid(md)))
            goto err;
    }

    if (param_mgf1md != NULL) {
        const char *mgf1mdname = NULL;

        if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING)
            mgf1mdname = param_mgf1md->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
            goto err;

        if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
            || !ossl_rsa_pss_params_30_set_maskgenhashalg(
                    pss_params, ossl_rsa_oaeppss_md2nid(mgf1md)))
            goto err;
    }

    if (param_saltlen != NULL) {
        if (!OSSL_PARAM_get_int(param_saltlen, &saltlen)
            || !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen))
            goto err;
    }

    ret = 1;

 err:
    EVP_MD_free(md);
    EVP_MD_free(mgf1md);
    return ret;
}

int ossl_rsa_is_foreign(const RSA *rsa)
{
#ifndef FIPS_MODULE
    if (rsa->engine != NULL || RSA_get_method(rsa) != RSA_PKCS1_OpenSSL())
        return 1;
#endif
    return 0;
}

static ossl_inline int rsa_bn_dup_check(BIGNUM **out, const BIGNUM *f)
{
    if (f != NULL && (*out = BN_dup(f)) == NULL)
        return 0;
    return 1;
}

RSA *ossl_rsa_dup(const RSA *rsa, int selection)
{
    RSA *dupkey = NULL;
#ifndef FIPS_MODULE
    int pnum, i;
#endif

    /* Do not try to duplicate foreign RSA keys */
    if (ossl_rsa_is_foreign(rsa))
        return NULL;

    if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL)
        return NULL;

    /* public key */
    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
        if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
            goto err;
    }

    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {

        /* private key */
        if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
            goto err;

        /* factors and crt params */
        if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
            goto err;
        if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
            goto err;
    }

    dupkey->version = rsa->version;
    dupkey->flags = rsa->flags;
    /* we always copy the PSS parameters regardless of selection */
    dupkey->pss_params = rsa->pss_params;

#ifndef FIPS_MODULE
    /* multiprime */
    if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
        && (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) {
        dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
        if (dupkey->prime_infos == NULL)
            goto err;
        for (i = 0; i < pnum; i++) {
            const RSA_PRIME_INFO *pinfo = NULL;
            RSA_PRIME_INFO *duppinfo = NULL;

            if ((duppinfo = OPENSSL_zalloc(sizeof(*duppinfo))) == NULL)
                goto err;
            /* push first so cleanup in error case works */
            (void)sk_RSA_PRIME_INFO_push(dupkey->prime_infos, duppinfo);

            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
            if (!rsa_bn_dup_check(&duppinfo->r, pinfo->r))
                goto err;
            if (!rsa_bn_dup_check(&duppinfo->d, pinfo->d))
                goto err;
            if (!rsa_bn_dup_check(&duppinfo->t, pinfo->t))
                goto err;
        }
        if (!ossl_rsa_multip_calc_product(dupkey))
            goto err;
    }

    if (rsa->pss != NULL) {
        dupkey->pss = RSA_PSS_PARAMS_dup(rsa->pss);
        if (rsa->pss->maskGenAlgorithm != NULL
            && dupkey->pss->maskGenAlgorithm == NULL) {
            dupkey->pss->maskHash = ossl_x509_algor_mgf1_decode(rsa->pss->maskGenAlgorithm);
            if (dupkey->pss->maskHash == NULL)
                goto err;
        }
    }
    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA,
                            &dupkey->ex_data, &rsa->ex_data))
        goto err;
#endif

    return dupkey;

 err:
    RSA_free(dupkey);
    return NULL;
}

#ifndef FIPS_MODULE
RSA_PSS_PARAMS *ossl_rsa_pss_decode(const X509_ALGOR *alg)
{
    RSA_PSS_PARAMS *pss;

    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
                                    alg->parameter);

    if (pss == NULL)
        return NULL;

    if (pss->maskGenAlgorithm != NULL) {
        pss->maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm);
        if (pss->maskHash == NULL) {
            RSA_PSS_PARAMS_free(pss);
            return NULL;
        }
    }

    return pss;
}

static int ossl_rsa_sync_to_pss_params_30(RSA *rsa)
{
    const RSA_PSS_PARAMS *legacy_pss = NULL;
    RSA_PSS_PARAMS_30 *pss = NULL;

    if (rsa != NULL
        && (legacy_pss = RSA_get0_pss_params(rsa)) != NULL
        && (pss = ossl_rsa_get0_pss_params_30(rsa)) != NULL) {
        const EVP_MD *md = NULL, *mgf1md = NULL;
        int md_nid, mgf1md_nid, saltlen, trailerField;
        RSA_PSS_PARAMS_30 pss_params;

        /*
         * We don't care about the validity of the fields here, we just
         * want to synchronise values.  Verifying here makes it impossible
         * to even read a key with invalid values, making it hard to test
         * a bad situation.
         *
         * Other routines use ossl_rsa_pss_get_param(), so the values will
         * be checked, eventually.
         */
        if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md,
                                               &saltlen, &trailerField))
            return 0;
        md_nid = EVP_MD_get_type(md);
        mgf1md_nid = EVP_MD_get_type(mgf1md);
        if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
            || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
            || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
                                                          mgf1md_nid)
            || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
            || !ossl_rsa_pss_params_30_set_trailerfield(&pss_params,
                                                        trailerField))
            return 0;
        *pss = pss_params;
    }
    return 1;
}

int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
                                      const EVP_MD **pmd, const EVP_MD **pmgf1md,
                                      int *psaltlen, int *ptrailerField)
{
    RSA_PSS_PARAMS_30 pss_params;

    /* Get the defaults from the ONE place */
    (void)ossl_rsa_pss_params_30_set_defaults(&pss_params);

    if (pss == NULL)
        return 0;
    *pmd = ossl_x509_algor_get_md(pss->hashAlgorithm);
    if (*pmd == NULL)
        return 0;
    *pmgf1md = ossl_x509_algor_get_md(pss->maskHash);
    if (*pmgf1md == NULL)
        return 0;
    if (pss->saltLength)
        *psaltlen = ASN1_INTEGER_get(pss->saltLength);
    else
        *psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params);
    if (pss->trailerField)
        *ptrailerField = ASN1_INTEGER_get(pss->trailerField);
    else
        *ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);

    return 1;
}

int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
{
    RSA_PSS_PARAMS *pss;
    const ASN1_OBJECT *algoid;
    const void *algp;
    int algptype;

    X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
    if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
        return 1;
    if (algptype == V_ASN1_UNDEF)
        return 1;
    if (algptype != V_ASN1_SEQUENCE) {
        ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS);
        return 0;
    }
    if ((pss = ossl_rsa_pss_decode(alg)) == NULL
        || !ossl_rsa_set0_pss_params(rsa, pss)) {
        RSA_PSS_PARAMS_free(pss);
        return 0;
    }
    if (!ossl_rsa_sync_to_pss_params_30(rsa))
        return 0;
    return 1;
}

RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
                             OSSL_LIB_CTX *libctx, const char *propq)
{
    const unsigned char *p;
    RSA *rsa;
    int pklen;
    const X509_ALGOR *alg;

    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8inf))
        return 0;
    rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
    if (rsa == NULL) {
        ERR_raise(ERR_LIB_RSA, ERR_R_RSA_LIB);
        return NULL;
    }
    if (!ossl_rsa_param_decode(rsa, alg)) {
        RSA_free(rsa);
        return NULL;
    }

    RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
    switch (OBJ_obj2nid(alg->algorithm)) {
    case EVP_PKEY_RSA:
        RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
        break;
    case EVP_PKEY_RSA_PSS:
        RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
        break;
    default:
        /* Leave the type bits zero */
        break;
    }

    return rsa;
}
#endif
Commit	Line	Data
0abae163	1	/*
fecb3aae	2	* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
0abae163 RL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
d7e498ac RL	10	/*
	11	* RSA low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
15671090	16	#include <string.h>
0abae163 RL	17	#include <openssl/core_names.h>
0abae163 RL	18	#include <openssl/params.h>
cf333799	19	#include <openssl/err.h>
15671090	20	#include <openssl/evp.h>
3f773c91 TM	21	#ifndef FIPS_MODULE
	22	# include <openssl/x509.h>
	23	# include "crypto/asn1.h"
	24	#endif
15671090 RL	25	#include "internal/sizes.h"
15671090 RL	26	#include "internal/param_build_set.h"
0abae163	27	#include "crypto/rsa.h"
4a9fe33c	28	#include "rsa_local.h"
0abae163 RL	29
	30	/*
	31	* The intention with the "backend" source file is to offer backend support
	32	* for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
	33	* implementations alike.
	34	*/
	35
	36	DEFINE_STACK_OF(BIGNUM)
	37
	38	static int collect_numbers(STACK_OF(BIGNUM) *numbers,
96ebe52e	39	const OSSL_PARAM params[], const char *names[])
0abae163 RL	40	{
0abae163 RL	41	const OSSL_PARAM *p = NULL;
96ebe52e	42	int i;
0abae163 RL	43
	44	if (numbers == NULL)
	45	return 0;
	46
1287dabd	47	for (i = 0; names[i] != NULL; i++) {
96ebe52e SL	48	p = OSSL_PARAM_locate_const(params, names[i]);
	49	if (p != NULL) {
	50	BIGNUM *tmp = NULL;
0abae163	51
28adea95	52	if (!OSSL_PARAM_get_BN(p, &tmp))
96ebe52e	53	return 0;
28adea95	54	if (sk_BIGNUM_push(numbers, tmp) == 0) {
	55	BN_clear_free(tmp);
	56	return 0;
	57	}
96ebe52e	58	}
0abae163 RL	59	}
	60
	61	return 1;
	62	}
	63
944f822a	64	int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private)
0abae163	65	{
944f822a	66	const OSSL_PARAM param_n, param_e, *param_d = NULL;
0abae163 RL	67	BIGNUM n = NULL, e = NULL, *d = NULL;
	68	STACK_OF(BIGNUM) factors = NULL, exps = NULL, *coeffs = NULL;
	69	int is_private = 0;
	70
	71	if (rsa == NULL)
	72	return 0;
	73
	74	param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
	75	param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
944f822a	76	if (include_private)
944f822a	77	param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
0abae163 RL	78
	79	if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
	80	\|\| (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
	81	\|\| (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
	82	goto err;
	83
	84	is_private = (d != NULL);
	85
	86	if (!RSA_set0_key(rsa, n, e, d))
	87	goto err;
	88	n = e = d = NULL;
	89
	90	if (is_private) {
	91	if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
23b2fc0b	92	ossl_rsa_mp_factor_names)
0abae163	93	\|\| !collect_numbers(exps = sk_BIGNUM_new_null(), params,
23b2fc0b	94	ossl_rsa_mp_exp_names)
0abae163	95	\|\| !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
23b2fc0b	96	ossl_rsa_mp_coeff_names))
0abae163 RL	97	goto err;
	98
	99	/* It's ok if this private key just has n, e and d */
	100	if (sk_BIGNUM_num(factors) != 0
23b2fc0b	101	&& !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs))
0abae163 RL	102	goto err;
	103	}
	104
4f2271d5	105
0abae163 RL	106	sk_BIGNUM_free(factors);
	107	sk_BIGNUM_free(exps);
	108	sk_BIGNUM_free(coeffs);
	109	return 1;
	110
	111	err:
	112	BN_free(n);
	113	BN_free(e);
	114	BN_free(d);
	115	sk_BIGNUM_pop_free(factors, BN_free);
	116	sk_BIGNUM_pop_free(exps, BN_free);
	117	sk_BIGNUM_pop_free(coeffs, BN_free);
	118	return 0;
	119	}
	120
645a541a RL	121	DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
645a541a RL	122
944f822a	123	int ossl_rsa_todata(RSA rsa, OSSL_PARAM_BLD bld, OSSL_PARAM params[],
944f822a	124	int include_private)
645a541a RL	125	{
	126	int ret = 0;
	127	const BIGNUM rsa_d = NULL, rsa_n = NULL, *rsa_e = NULL;
	128	STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
	129	STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
	130	STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();
	131
	132	if (rsa == NULL \|\| factors == NULL \|\| exps == NULL \|\| coeffs == NULL)
	133	goto err;
	134
	135	RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
23b2fc0b	136	ossl_rsa_get0_all_params(rsa, factors, exps, coeffs);
645a541a	137
26a8f2ac RL	138	if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
	139	\|\| !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
	140	goto err;
	141
645a541a	142	/* Check private key data integrity */
944f822a	143	if (include_private && rsa_d != NULL) {
645a541a RL	144	int numprimes = sk_BIGNUM_const_num(factors);
	145	int numexps = sk_BIGNUM_const_num(exps);
	146	int numcoeffs = sk_BIGNUM_const_num(coeffs);
	147
	148	/*
4f2271d5	149	* It's permissible to have zero primes, i.e. no CRT params.
645a541a RL	150	* Otherwise, there must be at least two, as many exponents,
	151	* and one coefficient less.
	152	*/
	153	if (numprimes != 0
	154	&& (numprimes < 2 \|\| numexps < 2 \|\| numcoeffs < 1))
	155	goto err;
645a541a	156
26a8f2ac RL	157	if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
	158	rsa_d)
	159	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b P	160	ossl_rsa_mp_factor_names,
23b2fc0b P	161	factors)
26a8f2ac	162	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b	163	ossl_rsa_mp_exp_names, exps)
26a8f2ac	164	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b P	165	ossl_rsa_mp_coeff_names,
23b2fc0b P	166	coeffs))
645a541a	167	goto err;
26a8f2ac RL	168	}
26a8f2ac RL	169
4f2271d5 SL	170	#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
	171	/* The acvp test results are not meant for export so check for bld == NULL */
	172	if (bld == NULL)
4158b0dc	173	ossl_rsa_acvp_test_get_params(rsa, params);
4f2271d5	174	#endif
645a541a RL	175	ret = 1;
	176	err:
	177	sk_BIGNUM_const_free(factors);
	178	sk_BIGNUM_const_free(exps);
	179	sk_BIGNUM_const_free(coeffs);
	180	return ret;
	181	}
15671090	182
23b2fc0b P	183	int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
23b2fc0b P	184	OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
15671090	185	{
23b2fc0b P	186	if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
	187	int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
	188	int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss);
	189	int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
	190	int saltlen = ossl_rsa_pss_params_30_saltlen(pss);
	191	int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
	192	int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
	193	int default_maskgenhashalg_nid =
	194	ossl_rsa_pss_params_30_maskgenhashalg(NULL);
15671090 RL	195	const char *mdname =
15671090 RL	196	(hashalg_nid == default_hashalg_nid
23b2fc0b	197	? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid));
15671090 RL	198	const char *mgfname =
15671090 RL	199	(maskgenalg_nid == default_maskgenalg_nid
23b2fc0b	200	? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid));
15671090 RL	201	const char *mgf1mdname =
15671090 RL	202	(maskgenhashalg_nid == default_maskgenhashalg_nid
23b2fc0b	203	? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid));
15671090 RL	204	const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST;
	205	const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC;
	206	const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
	207	const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
	208
	209	/*
	210	* To ensure that the key isn't seen as unrestricted by the recipient,
	211	* we make sure that at least one PSS-related parameter is passed, even
	212	* if it has a default value; saltlen.
	213	*/
	214	if ((mdname != NULL
	215	&& !ossl_param_build_set_utf8_string(bld, params, key_md, mdname))
	216	\|\| (mgfname != NULL
	217	&& !ossl_param_build_set_utf8_string(bld, params,
	218	key_mgf, mgfname))
	219	\|\| (mgf1mdname != NULL
	220	&& !ossl_param_build_set_utf8_string(bld, params,
	221	key_mgf1_md, mgf1mdname))
	222	\|\| (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen)))
	223	return 0;
	224	}
	225	return 1;
	226	}
	227
23b2fc0b	228	int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
bbde8566	229	int *defaults_set,
23b2fc0b	230	const OSSL_PARAM params[],
b4250010	231	OSSL_LIB_CTX *libctx)
15671090 RL	232	{
15671090 RL	233	const OSSL_PARAM param_md, param_mgf, param_mgf1md, param_saltlen;
719523c7 SL	234	const OSSL_PARAM *param_propq;
719523c7 SL	235	const char *propq = NULL;
15671090 RL	236	EVP_MD md = NULL, mgf1md = NULL;
	237	int saltlen;
	238	int ret = 0;
	239
	240	if (pss_params == NULL)
	241	return 0;
719523c7 SL	242	param_propq =
719523c7 SL	243	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
15671090 RL	244	param_md =
	245	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
	246	param_mgf =
	247	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC);
	248	param_mgf1md =
	249	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST);
	250	param_saltlen =
	251	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);
	252
719523c7 SL	253	if (param_propq != NULL) {
	254	if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
	255	propq = param_propq->data;
	256	}
15671090 RL	257	/*
	258	* If we get any of the parameters, we know we have at least some
	259	* restrictions, so we start by setting default values, and let each
	260	* parameter override their specific restriction data.
	261	*/
bbde8566 TM	262	if (!*defaults_set
	263	&& (param_md != NULL \|\| param_mgf != NULL \|\| param_mgf1md != NULL
	264	\|\| param_saltlen != NULL)) {
23b2fc0b	265	if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
15671090	266	return 0;
bbde8566 TM	267	*defaults_set = 1;
bbde8566 TM	268	}
15671090 RL	269
15671090 RL	270	if (param_mgf != NULL) {
23b2fc0b	271	int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
15671090 RL	272	const char *mgfname = NULL;
	273
	274	if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING)
	275	mgfname = param_mgf->data;
	276	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
	277	return 0;
	278
fba140c7 DB	279	if (OPENSSL_strcasecmp(param_mgf->data,
fba140c7 DB	280	ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
15671090 RL	281	return 0;
	282	}
	283
	284	/*
	285	* We're only interested in the NIDs that correspond to the MDs, so the
	286	* exact propquery is unimportant in the EVP_MD_fetch() calls below.
	287	*/
	288
	289	if (param_md != NULL) {
	290	const char *mdname = NULL;
	291
	292	if (param_md->data_type == OSSL_PARAM_UTF8_STRING)
	293	mdname = param_md->data;
	294	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
	295	goto err;
	296
719523c7	297	if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
23b2fc0b P	298	\|\| !ossl_rsa_pss_params_30_set_hashalg(pss_params,
23b2fc0b P	299	ossl_rsa_oaeppss_md2nid(md)))
15671090 RL	300	goto err;
	301	}
	302
	303	if (param_mgf1md != NULL) {
	304	const char *mgf1mdname = NULL;
	305
	306	if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING)
	307	mgf1mdname = param_mgf1md->data;
	308	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
	309	goto err;
	310
719523c7	311	if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
23b2fc0b P	312	\|\| !ossl_rsa_pss_params_30_set_maskgenhashalg(
23b2fc0b P	313	pss_params, ossl_rsa_oaeppss_md2nid(mgf1md)))
15671090 RL	314	goto err;
	315	}
	316
	317	if (param_saltlen != NULL) {
	318	if (!OSSL_PARAM_get_int(param_saltlen, &saltlen)
23b2fc0b	319	\|\| !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen))
15671090 RL	320	goto err;
	321	}
	322
	323	ret = 1;
	324
	325	err:
	326	EVP_MD_free(md);
	327	EVP_MD_free(mgf1md);
	328	return ret;
	329	}
cf333799	330
b247113c TM	331	int ossl_rsa_is_foreign(const RSA *rsa)
	332	{
	333	#ifndef FIPS_MODULE
	334	if (rsa->engine != NULL \|\| RSA_get_method(rsa) != RSA_PKCS1_OpenSSL())
	335	return 1;
	336	#endif
	337	return 0;
	338	}
	339
4a9fe33c TM	340	static ossl_inline int rsa_bn_dup_check(BIGNUM *out, const BIGNUM f)
	341	{
	342	if (f != NULL && (*out = BN_dup(f)) == NULL)
	343	return 0;
	344	return 1;
	345	}
	346
b4f447c0	347	RSA ossl_rsa_dup(const RSA rsa, int selection)
4a9fe33c TM	348	{
	349	RSA *dupkey = NULL;
	350	#ifndef FIPS_MODULE
	351	int pnum, i;
b247113c	352	#endif
4a9fe33c TM	353
4a9fe33c TM	354	/* Do not try to duplicate foreign RSA keys */
b247113c	355	if (ossl_rsa_is_foreign(rsa))
4a9fe33c	356	return NULL;
4a9fe33c TM	357
	358	if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL)
	359	return NULL;
	360
b4f447c0 TM	361	/* public key */
	362	if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
	363	if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
	364	goto err;
	365	if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
	366	goto err;
	367	}
4a9fe33c	368
b4f447c0 TM	369	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
	370
	371	/* private key */
	372	if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
	373	goto err;
	374
	375	/* factors and crt params */
	376	if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
	377	goto err;
	378	if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
	379	goto err;
	380	if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
	381	goto err;
	382	if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
	383	goto err;
	384	if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
	385	goto err;
	386	}
4a9fe33c TM	387
	388	dupkey->version = rsa->version;
	389	dupkey->flags = rsa->flags;
b4f447c0	390	/* we always copy the PSS parameters regardless of selection */
4a9fe33c TM	391	dupkey->pss_params = rsa->pss_params;
	392
	393	#ifndef FIPS_MODULE
	394	/* multiprime */
b4f447c0 TM	395	if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
b4f447c0 TM	396	&& (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) {
4a9fe33c	397	dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
9dddcd90	398	if (dupkey->prime_infos == NULL)
9dddcd90	399	goto err;
4a9fe33c TM	400	for (i = 0; i < pnum; i++) {
	401	const RSA_PRIME_INFO *pinfo = NULL;
	402	RSA_PRIME_INFO *duppinfo = NULL;
	403
e077455e	404	if ((duppinfo = OPENSSL_zalloc(sizeof(*duppinfo))) == NULL)
4a9fe33c	405	goto err;
4a9fe33c TM	406	/* push first so cleanup in error case works */
	407	(void)sk_RSA_PRIME_INFO_push(dupkey->prime_infos, duppinfo);
	408
	409	pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
	410	if (!rsa_bn_dup_check(&duppinfo->r, pinfo->r))
	411	goto err;
	412	if (!rsa_bn_dup_check(&duppinfo->d, pinfo->d))
	413	goto err;
	414	if (!rsa_bn_dup_check(&duppinfo->t, pinfo->t))
	415	goto err;
	416	}
	417	if (!ossl_rsa_multip_calc_product(dupkey))
	418	goto err;
	419	}
	420
	421	if (rsa->pss != NULL) {
	422	dupkey->pss = RSA_PSS_PARAMS_dup(rsa->pss);
	423	if (rsa->pss->maskGenAlgorithm != NULL
	424	&& dupkey->pss->maskGenAlgorithm == NULL) {
	425	dupkey->pss->maskHash = ossl_x509_algor_mgf1_decode(rsa->pss->maskGenAlgorithm);
	426	if (dupkey->pss->maskHash == NULL)
	427	goto err;
	428	}
	429	}
	430	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA,
	431	&dupkey->ex_data, &rsa->ex_data))
	432	goto err;
	433	#endif
	434
	435	return dupkey;
	436
	437	err:
	438	RSA_free(dupkey);
	439	return NULL;
	440	}
	441
cf333799 RL	442	#ifndef FIPS_MODULE
	443	RSA_PSS_PARAMS ossl_rsa_pss_decode(const X509_ALGOR alg)
	444	{
	445	RSA_PSS_PARAMS *pss;
	446
	447	pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
	448	alg->parameter);
	449
	450	if (pss == NULL)
	451	return NULL;
	452
	453	if (pss->maskGenAlgorithm != NULL) {
	454	pss->maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm);
	455	if (pss->maskHash == NULL) {
	456	RSA_PSS_PARAMS_free(pss);
	457	return NULL;
	458	}
	459	}
	460
	461	return pss;
	462	}
	463
	464	static int ossl_rsa_sync_to_pss_params_30(RSA *rsa)
	465	{
	466	const RSA_PSS_PARAMS *legacy_pss = NULL;
	467	RSA_PSS_PARAMS_30 *pss = NULL;
	468
	469	if (rsa != NULL
	470	&& (legacy_pss = RSA_get0_pss_params(rsa)) != NULL
	471	&& (pss = ossl_rsa_get0_pss_params_30(rsa)) != NULL) {
	472	const EVP_MD md = NULL, mgf1md = NULL;
	473	int md_nid, mgf1md_nid, saltlen, trailerField;
	474	RSA_PSS_PARAMS_30 pss_params;
	475
	476	/*
	477	* We don't care about the validity of the fields here, we just
	478	* want to synchronise values. Verifying here makes it impossible
	479	* to even read a key with invalid values, making it hard to test
	480	* a bad situation.
	481	*
	482	* Other routines use ossl_rsa_pss_get_param(), so the values will
	483	* be checked, eventually.
	484	*/
	485	if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md,
	486	&saltlen, &trailerField))
	487	return 0;
ed576acd TM	488	md_nid = EVP_MD_get_type(md);
ed576acd TM	489	mgf1md_nid = EVP_MD_get_type(mgf1md);
cf333799 RL	490	if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
	491	\|\| !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
	492	\|\| !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
	493	mgf1md_nid)
	494	\|\| !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
	495	\|\| !ossl_rsa_pss_params_30_set_trailerfield(&pss_params,
	496	trailerField))
	497	return 0;
	498	*pss = pss_params;
	499	}
	500	return 1;
	501	}
	502
	503	int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
	504	const EVP_MD pmd, const EVP_MD pmgf1md,
	505	int psaltlen, int ptrailerField)
	506	{
	507	RSA_PSS_PARAMS_30 pss_params;
	508
	509	/* Get the defaults from the ONE place */
	510	(void)ossl_rsa_pss_params_30_set_defaults(&pss_params);
	511
	512	if (pss == NULL)
	513	return 0;
	514	*pmd = ossl_x509_algor_get_md(pss->hashAlgorithm);
	515	if (*pmd == NULL)
	516	return 0;
	517	*pmgf1md = ossl_x509_algor_get_md(pss->maskHash);
	518	if (*pmgf1md == NULL)
	519	return 0;
	520	if (pss->saltLength)
	521	*psaltlen = ASN1_INTEGER_get(pss->saltLength);
	522	else
	523	*psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params);
	524	if (pss->trailerField)
	525	*ptrailerField = ASN1_INTEGER_get(pss->trailerField);
	526	else
d715dbd8	527	*ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);
cf333799 RL	528
	529	return 1;
	530	}
	531
	532	int ossl_rsa_param_decode(RSA rsa, const X509_ALGOR alg)
	533	{
	534	RSA_PSS_PARAMS *pss;
	535	const ASN1_OBJECT *algoid;
	536	const void *algp;
	537	int algptype;
	538
	539	X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
	540	if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
	541	return 1;
	542	if (algptype == V_ASN1_UNDEF)
	543	return 1;
	544	if (algptype != V_ASN1_SEQUENCE) {
	545	ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS);
	546	return 0;
	547	}
	548	if ((pss = ossl_rsa_pss_decode(alg)) == NULL
	549	\|\| !ossl_rsa_set0_pss_params(rsa, pss)) {
	550	RSA_PSS_PARAMS_free(pss);
	551	return 0;
	552	}
	553	if (!ossl_rsa_sync_to_pss_params_30(rsa))
	554	return 0;
	555	return 1;
	556	}
	557
	558	RSA ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO p8inf,
	559	OSSL_LIB_CTX libctx, const char propq)
	560	{
	561	const unsigned char *p;
	562	RSA *rsa;
	563	int pklen;
	564	const X509_ALGOR *alg;
	565
	566	if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8inf))
	567	return 0;
	568	rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
	569	if (rsa == NULL) {
	570	ERR_raise(ERR_LIB_RSA, ERR_R_RSA_LIB);
	571	return NULL;
	572	}
	573	if (!ossl_rsa_param_decode(rsa, alg)) {
	574	RSA_free(rsa);
	575	return NULL;
	576	}
	577
	578	RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
	579	switch (OBJ_obj2nid(alg->algorithm)) {
	580	case EVP_PKEY_RSA:
	581	RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
	582	break;
	583	case EVP_PKEY_RSA_PSS:
	584	RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
	585	break;
	586	default:
	587	/* Leave the type bits zero */
	588	break;
	589	}
	590
	591	return rsa;
592	}
593	#endif