Coverage Report

Created: 2023-06-08 06:40

/src/openssl111/crypto/rsa/rsa_ameth.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the OpenSSL license (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <stdio.h>
11
#include "internal/cryptlib.h"
12
#include <openssl/asn1t.h>
13
#include <openssl/x509.h>
14
#include <openssl/bn.h>
15
#include <openssl/cms.h>
16
#include "crypto/asn1.h"
17
#include "crypto/evp.h"
18
#include "rsa_local.h"
19
20
#ifndef OPENSSL_NO_CMS
21
static int rsa_cms_sign(CMS_SignerInfo *si);
22
static int rsa_cms_verify(CMS_SignerInfo *si);
23
static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
24
static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
25
#endif
26
27
static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg);
28
29
/* Set any parameters associated with pkey */
30
static int rsa_param_encode(const EVP_PKEY *pkey,
31
                            ASN1_STRING **pstr, int *pstrtype)
32
0
{
33
0
    const RSA *rsa = pkey->pkey.rsa;
34
35
0
    *pstr = NULL;
36
    /* If RSA it's just NULL type */
37
0
    if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) {
38
0
        *pstrtype = V_ASN1_NULL;
39
0
        return 1;
40
0
    }
41
    /* If no PSS parameters we omit parameters entirely */
42
0
    if (rsa->pss == NULL) {
43
0
        *pstrtype = V_ASN1_UNDEF;
44
0
        return 1;
45
0
    }
46
    /* Encode PSS parameters */
47
0
    if (ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr) == NULL)
48
0
        return 0;
49
50
0
    *pstrtype = V_ASN1_SEQUENCE;
51
0
    return 1;
52
0
}
53
/* Decode any parameters and set them in RSA structure */
54
static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
55
0
{
56
0
    const ASN1_OBJECT *algoid;
57
0
    const void *algp;
58
0
    int algptype;
59
60
0
    X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
61
0
    if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
62
0
        return 1;
63
0
    if (algptype == V_ASN1_UNDEF)
64
0
        return 1;
65
0
    if (algptype != V_ASN1_SEQUENCE) {
66
0
        RSAerr(RSA_F_RSA_PARAM_DECODE, RSA_R_INVALID_PSS_PARAMETERS);
67
0
        return 0;
68
0
    }
69
0
    rsa->pss = rsa_pss_decode(alg);
70
0
    if (rsa->pss == NULL)
71
0
        return 0;
72
0
    return 1;
73
0
}
74
75
static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
76
0
{
77
0
    unsigned char *penc = NULL;
78
0
    int penclen;
79
0
    ASN1_STRING *str;
80
0
    int strtype;
81
82
0
    if (!rsa_param_encode(pkey, &str, &strtype))
83
0
        return 0;
84
0
    penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
85
0
    if (penclen <= 0)
86
0
        return 0;
87
0
    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
88
0
                               strtype, str, penc, penclen))
89
0
        return 1;
90
91
0
    OPENSSL_free(penc);
92
0
    return 0;
93
0
}
94
95
static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
96
0
{
97
0
    const unsigned char *p;
98
0
    int pklen;
99
0
    X509_ALGOR *alg;
100
0
    RSA *rsa = NULL;
101
102
0
    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey))
103
0
        return 0;
104
0
    if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
105
0
        RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
106
0
        return 0;
107
0
    }
108
0
    if (!rsa_param_decode(rsa, alg)) {
109
0
        RSA_free(rsa);
110
0
        return 0;
111
0
    }
112
0
    if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
113
0
        RSA_free(rsa);
114
0
        return 0;
115
0
    }
116
0
    return 1;
117
0
}
118
119
static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
120
0
{
121
    /*
122
     * Don't check the public/private key, this is mostly for smart
123
     * cards.
124
     */
125
0
    if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
126
0
            || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) {
127
0
        return 1;
128
0
    }
129
130
0
    if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
131
0
        || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
132
0
        return 0;
133
0
    return 1;
134
0
}
135
136
static int old_rsa_priv_decode(EVP_PKEY *pkey,
137
                               const unsigned char **pder, int derlen)
138
0
{
139
0
    RSA *rsa;
140
141
0
    if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
142
0
        RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
143
0
        return 0;
144
0
    }
145
0
    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
146
0
    return 1;
147
0
}
148
149
static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
150
0
{
151
0
    return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
152
0
}
153
154
static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
155
0
{
156
0
    unsigned char *rk = NULL;
157
0
    int rklen;
158
0
    ASN1_STRING *str;
159
0
    int strtype;
160
161
0
    if (!rsa_param_encode(pkey, &str, &strtype))
162
0
        return 0;
163
0
    rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
164
165
0
    if (rklen <= 0) {
166
0
        RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
167
0
        ASN1_STRING_free(str);
168
0
        return 0;
169
0
    }
170
171
0
    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
172
0
                         strtype, str, rk, rklen)) {
173
0
        RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
174
0
        ASN1_STRING_free(str);
175
0
        OPENSSL_clear_free(rk, rklen);
176
0
        return 0;
177
0
    }
178
179
0
    return 1;
180
0
}
181
182
static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
183
0
{
184
0
    const unsigned char *p;
185
0
    RSA *rsa;
186
0
    int pklen;
187
0
    const X509_ALGOR *alg;
188
189
0
    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8))
190
0
        return 0;
191
0
    rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
192
0
    if (rsa == NULL) {
193
0
        RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
194
0
        return 0;
195
0
    }
196
0
    if (!rsa_param_decode(rsa, alg)) {
197
0
        RSA_free(rsa);
198
0
        return 0;
199
0
    }
200
0
    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
201
0
    return 1;
202
0
}
203
204
static int int_rsa_size(const EVP_PKEY *pkey)
205
0
{
206
0
    return RSA_size(pkey->pkey.rsa);
207
0
}
208
209
static int rsa_bits(const EVP_PKEY *pkey)
210
0
{
211
0
    return BN_num_bits(pkey->pkey.rsa->n);
212
0
}
213
214
static int rsa_security_bits(const EVP_PKEY *pkey)
215
0
{
216
0
    return RSA_security_bits(pkey->pkey.rsa);
217
0
}
218
219
static void int_rsa_free(EVP_PKEY *pkey)
220
0
{
221
0
    RSA_free(pkey->pkey.rsa);
222
0
}
223
224
static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
225
0
{
226
0
    if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
227
0
        return NULL;
228
0
    return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
229
0
                                     alg->parameter);
230
0
}
231
232
static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss,
233
                               int indent)
234
0
{
235
0
    int rv = 0;
236
0
    X509_ALGOR *maskHash = NULL;
237
238
0
    if (!BIO_indent(bp, indent, 128))
239
0
        goto err;
240
0
    if (pss_key) {
241
0
        if (pss == NULL) {
242
0
            if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0)
243
0
                return 0;
244
0
            return 1;
245
0
        } else {
246
0
            if (BIO_puts(bp, "PSS parameter restrictions:") <= 0)
247
0
                return 0;
248
0
        }
249
0
    } else if (pss == NULL) {
250
0
        if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0)
251
0
            return 0;
252
0
        return 1;
253
0
    }
254
0
    if (BIO_puts(bp, "\n") <= 0)
255
0
        goto err;
256
0
    if (pss_key)
257
0
        indent += 2;
258
0
    if (!BIO_indent(bp, indent, 128))
259
0
        goto err;
260
0
    if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
261
0
        goto err;
262
263
0
    if (pss->hashAlgorithm) {
264
0
        if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
265
0
            goto err;
266
0
    } else if (BIO_puts(bp, "sha1 (default)") <= 0) {
267
0
        goto err;
268
0
    }
269
270
0
    if (BIO_puts(bp, "\n") <= 0)
271
0
        goto err;
272
273
0
    if (!BIO_indent(bp, indent, 128))
274
0
        goto err;
275
276
0
    if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
277
0
        goto err;
278
0
    if (pss->maskGenAlgorithm) {
279
0
        if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
280
0
            goto err;
281
0
        if (BIO_puts(bp, " with ") <= 0)
282
0
            goto err;
283
0
        maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
284
0
        if (maskHash != NULL) {
285
0
            if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
286
0
                goto err;
287
0
        } else if (BIO_puts(bp, "INVALID") <= 0) {
288
0
            goto err;
289
0
        }
290
0
    } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {
291
0
        goto err;
292
0
    }
293
0
    BIO_puts(bp, "\n");
294
295
0
    if (!BIO_indent(bp, indent, 128))
296
0
        goto err;
297
0
    if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0)
298
0
        goto err;
299
0
    if (pss->saltLength) {
300
0
        if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
301
0
            goto err;
302
0
    } else if (BIO_puts(bp, "14 (default)") <= 0) {
303
0
        goto err;
304
0
    }
305
0
    BIO_puts(bp, "\n");
306
307
0
    if (!BIO_indent(bp, indent, 128))
308
0
        goto err;
309
0
    if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
310
0
        goto err;
311
0
    if (pss->trailerField) {
312
0
        if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
313
0
            goto err;
314
0
    } else if (BIO_puts(bp, "BC (default)") <= 0) {
315
0
        goto err;
316
0
    }
317
0
    BIO_puts(bp, "\n");
318
319
0
    rv = 1;
320
321
0
 err:
322
0
    X509_ALGOR_free(maskHash);
323
0
    return rv;
324
325
0
}
326
327
static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv)
328
0
{
329
0
    const RSA *x = pkey->pkey.rsa;
330
0
    char *str;
331
0
    const char *s;
332
0
    int ret = 0, mod_len = 0, ex_primes;
333
334
0
    if (x->n != NULL)
335
0
        mod_len = BN_num_bits(x->n);
336
0
    ex_primes = sk_RSA_PRIME_INFO_num(x->prime_infos);
337
338
0
    if (!BIO_indent(bp, off, 128))
339
0
        goto err;
340
341
0
    if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ?  "RSA-PSS" : "RSA") <= 0)
342
0
        goto err;
343
344
0
    if (priv && x->d) {
345
0
        if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n",
346
0
                       mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0)
347
0
            goto err;
348
0
        str = "modulus:";
349
0
        s = "publicExponent:";
350
0
    } else {
351
0
        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
352
0
            goto err;
353
0
        str = "Modulus:";
354
0
        s = "Exponent:";
355
0
    }
356
0
    if (!ASN1_bn_print(bp, str, x->n, NULL, off))
357
0
        goto err;
358
0
    if (!ASN1_bn_print(bp, s, x->e, NULL, off))
359
0
        goto err;
360
0
    if (priv) {
361
0
        int i;
362
363
0
        if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
364
0
            goto err;
365
0
        if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
366
0
            goto err;
367
0
        if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
368
0
            goto err;
369
0
        if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
370
0
            goto err;
371
0
        if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
372
0
            goto err;
373
0
        if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
374
0
            goto err;
375
0
        for (i = 0; i < sk_RSA_PRIME_INFO_num(x->prime_infos); i++) {
376
            /* print multi-prime info */
377
0
            BIGNUM *bn = NULL;
378
0
            RSA_PRIME_INFO *pinfo;
379
0
            int j;
380
381
0
            pinfo = sk_RSA_PRIME_INFO_value(x->prime_infos, i);
382
0
            for (j = 0; j < 3; j++) {
383
0
                if (!BIO_indent(bp, off, 128))
384
0
                    goto err;
385
0
                switch (j) {
386
0
                case 0:
387
0
                    if (BIO_printf(bp, "prime%d:", i + 3) <= 0)
388
0
                        goto err;
389
0
                    bn = pinfo->r;
390
0
                    break;
391
0
                case 1:
392
0
                    if (BIO_printf(bp, "exponent%d:", i + 3) <= 0)
393
0
                        goto err;
394
0
                    bn = pinfo->d;
395
0
                    break;
396
0
                case 2:
397
0
                    if (BIO_printf(bp, "coefficient%d:", i + 3) <= 0)
398
0
                        goto err;
399
0
                    bn = pinfo->t;
400
0
                    break;
401
0
                default:
402
0
                    break;
403
0
                }
404
0
                if (!ASN1_bn_print(bp, "", bn, NULL, off))
405
0
                    goto err;
406
0
            }
407
0
        }
408
0
    }
409
0
    if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off))
410
0
        goto err;
411
0
    ret = 1;
412
0
 err:
413
0
    return ret;
414
0
}
415
416
static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
417
                         ASN1_PCTX *ctx)
418
0
{
419
0
    return pkey_rsa_print(bp, pkey, indent, 0);
420
0
}
421
422
static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
423
                          ASN1_PCTX *ctx)
424
0
{
425
0
    return pkey_rsa_print(bp, pkey, indent, 1);
426
0
}
427
428
static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg)
429
0
{
430
0
    RSA_PSS_PARAMS *pss;
431
432
0
    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
433
0
                                    alg->parameter);
434
435
0
    if (pss == NULL)
436
0
        return NULL;
437
438
0
    if (pss->maskGenAlgorithm != NULL) {
439
0
        pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
440
0
        if (pss->maskHash == NULL) {
441
0
            RSA_PSS_PARAMS_free(pss);
442
0
            return NULL;
443
0
        }
444
0
    }
445
446
0
    return pss;
447
0
}
448
449
static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
450
                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
451
0
{
452
0
    if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) {
453
0
        int rv;
454
0
        RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
455
456
0
        rv = rsa_pss_param_print(bp, 0, pss, indent);
457
0
        RSA_PSS_PARAMS_free(pss);
458
0
        if (!rv)
459
0
            return 0;
460
0
    } else if (!sig && BIO_puts(bp, "\n") <= 0) {
461
0
        return 0;
462
0
    }
463
0
    if (sig)
464
0
        return X509_signature_dump(bp, sig, indent);
465
0
    return 1;
466
0
}
467
468
static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
469
0
{
470
0
    X509_ALGOR *alg = NULL;
471
0
    const EVP_MD *md;
472
0
    const EVP_MD *mgf1md;
473
0
    int min_saltlen;
474
475
0
    switch (op) {
476
477
0
    case ASN1_PKEY_CTRL_PKCS7_SIGN:
478
0
        if (arg1 == 0)
479
0
            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
480
0
        break;
481
482
0
    case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
483
0
        if (pkey_is_pss(pkey))
484
0
            return -2;
485
0
        if (arg1 == 0)
486
0
            PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
487
0
        break;
488
0
#ifndef OPENSSL_NO_CMS
489
0
    case ASN1_PKEY_CTRL_CMS_SIGN:
490
0
        if (arg1 == 0)
491
0
            return rsa_cms_sign(arg2);
492
0
        else if (arg1 == 1)
493
0
            return rsa_cms_verify(arg2);
494
0
        break;
495
496
0
    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
497
0
        if (pkey_is_pss(pkey))
498
0
            return -2;
499
0
        if (arg1 == 0)
500
0
            return rsa_cms_encrypt(arg2);
501
0
        else if (arg1 == 1)
502
0
            return rsa_cms_decrypt(arg2);
503
0
        break;
504
505
0
    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
506
0
        if (pkey_is_pss(pkey))
507
0
            return -2;
508
0
        *(int *)arg2 = CMS_RECIPINFO_TRANS;
509
0
        return 1;
510
0
#endif
511
512
0
    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
513
0
        if (pkey->pkey.rsa->pss != NULL) {
514
0
            if (!rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md,
515
0
                                   &min_saltlen)) {
516
0
                RSAerr(0, ERR_R_INTERNAL_ERROR);
517
0
                return 0;
518
0
            }
519
0
            *(int *)arg2 = EVP_MD_type(md);
520
            /* Return of 2 indicates this MD is mandatory */
521
0
            return 2;
522
0
        }
523
0
        *(int *)arg2 = NID_sha256;
524
0
        return 1;
525
526
0
    default:
527
0
        return -2;
528
529
0
    }
530
531
0
    if (alg)
532
0
        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
533
534
0
    return 1;
535
536
0
}
537
538
/* allocate and set algorithm ID from EVP_MD, default SHA1 */
539
static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
540
0
{
541
0
    if (md == NULL || EVP_MD_type(md) == NID_sha1)
542
0
        return 1;
543
0
    *palg = X509_ALGOR_new();
544
0
    if (*palg == NULL)
545
0
        return 0;
546
0
    X509_ALGOR_set_md(*palg, md);
547
0
    return 1;
548
0
}
549
550
/* Allocate and set MGF1 algorithm ID from EVP_MD */
551
static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
552
0
{
553
0
    X509_ALGOR *algtmp = NULL;
554
0
    ASN1_STRING *stmp = NULL;
555
556
0
    *palg = NULL;
557
0
    if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1)
558
0
        return 1;
559
    /* need to embed algorithm ID inside another */
560
0
    if (!rsa_md_to_algor(&algtmp, mgf1md))
561
0
        goto err;
562
0
    if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL)
563
0
         goto err;
564
0
    *palg = X509_ALGOR_new();
565
0
    if (*palg == NULL)
566
0
        goto err;
567
0
    X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
568
0
    stmp = NULL;
569
0
 err:
570
0
    ASN1_STRING_free(stmp);
571
0
    X509_ALGOR_free(algtmp);
572
0
    if (*palg)
573
0
        return 1;
574
0
    return 0;
575
0
}
576
577
/* convert algorithm ID to EVP_MD, default SHA1 */
578
static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
579
0
{
580
0
    const EVP_MD *md;
581
582
0
    if (!alg)
583
0
        return EVP_sha1();
584
0
    md = EVP_get_digestbyobj(alg->algorithm);
585
0
    if (md == NULL)
586
0
        RSAerr(RSA_F_RSA_ALGOR_TO_MD, RSA_R_UNKNOWN_DIGEST);
587
0
    return md;
588
0
}
589
590
/*
591
 * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter,
592
 * suitable for setting an AlgorithmIdentifier.
593
 */
594
595
static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
596
0
{
597
0
    const EVP_MD *sigmd, *mgf1md;
598
0
    EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
599
0
    int saltlen;
600
601
0
    if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
602
0
        return NULL;
603
0
    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
604
0
        return NULL;
605
0
    if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
606
0
        return NULL;
607
0
    if (saltlen == -1) {
608
0
        saltlen = EVP_MD_size(sigmd);
609
0
    } else if (saltlen == -2 || saltlen == -3) {
610
0
        saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
611
0
        if ((EVP_PKEY_bits(pk) & 0x7) == 1)
612
0
            saltlen--;
613
0
        if (saltlen < 0)
614
0
            return NULL;
615
0
    }
616
617
0
    return rsa_pss_params_create(sigmd, mgf1md, saltlen);
618
0
}
619
620
RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
621
                                      const EVP_MD *mgf1md, int saltlen)
622
0
{
623
0
    RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
624
625
0
    if (pss == NULL)
626
0
        goto err;
627
0
    if (saltlen != 20) {
628
0
        pss->saltLength = ASN1_INTEGER_new();
629
0
        if (pss->saltLength == NULL)
630
0
            goto err;
631
0
        if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
632
0
            goto err;
633
0
    }
634
0
    if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
635
0
        goto err;
636
0
    if (mgf1md == NULL)
637
0
        mgf1md = sigmd;
638
0
    if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
639
0
        goto err;
640
0
    if (!rsa_md_to_algor(&pss->maskHash, mgf1md))
641
0
        goto err;
642
0
    return pss;
643
0
 err:
644
0
    RSA_PSS_PARAMS_free(pss);
645
0
    return NULL;
646
0
}
647
648
static ASN1_STRING *rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx)
649
0
{
650
0
    RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx);
651
0
    ASN1_STRING *os;
652
653
0
    if (pss == NULL)
654
0
        return NULL;
655
656
0
    os = ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), NULL);
657
0
    RSA_PSS_PARAMS_free(pss);
658
0
    return os;
659
0
}
660
661
/*
662
 * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
663
 * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
664
 * passed to pkctx instead.
665
 */
666
667
static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
668
                          X509_ALGOR *sigalg, EVP_PKEY *pkey)
669
0
{
670
0
    int rv = -1;
671
0
    int saltlen;
672
0
    const EVP_MD *mgf1md = NULL, *md = NULL;
673
0
    RSA_PSS_PARAMS *pss;
674
675
    /* Sanity check: make sure it is PSS */
676
0
    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
677
0
        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
678
0
        return -1;
679
0
    }
680
    /* Decode PSS parameters */
681
0
    pss = rsa_pss_decode(sigalg);
682
683
0
    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
684
0
        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
685
0
        goto err;
686
0
    }
687
688
    /* We have all parameters now set up context */
689
0
    if (pkey) {
690
0
        if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
691
0
            goto err;
692
0
    } else {
693
0
        const EVP_MD *checkmd;
694
0
        if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
695
0
            goto err;
696
0
        if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
697
0
            RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_DIGEST_DOES_NOT_MATCH);
698
0
            goto err;
699
0
        }
700
0
    }
701
702
0
    if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
703
0
        goto err;
704
705
0
    if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
706
0
        goto err;
707
708
0
    if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
709
0
        goto err;
710
    /* Carry on */
711
0
    rv = 1;
712
713
0
 err:
714
0
    RSA_PSS_PARAMS_free(pss);
715
0
    return rv;
716
0
}
717
718
int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
719
                      const EVP_MD **pmgf1md, int *psaltlen)
720
0
{
721
0
    if (pss == NULL)
722
0
        return 0;
723
0
    *pmd = rsa_algor_to_md(pss->hashAlgorithm);
724
0
    if (*pmd == NULL)
725
0
        return 0;
726
0
    *pmgf1md = rsa_algor_to_md(pss->maskHash);
727
0
    if (*pmgf1md == NULL)
728
0
        return 0;
729
0
    if (pss->saltLength) {
730
0
        *psaltlen = ASN1_INTEGER_get(pss->saltLength);
731
0
        if (*psaltlen < 0) {
732
0
            RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_SALT_LENGTH);
733
0
            return 0;
734
0
        }
735
0
    } else {
736
0
        *psaltlen = 20;
737
0
    }
738
739
    /*
740
     * low-level routines support only trailer field 0xbc (value 1) and
741
     * PKCS#1 says we should reject any other value anyway.
742
     */
743
0
    if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
744
0
        RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_TRAILER);
745
0
        return 0;
746
0
    }
747
748
0
    return 1;
749
0
}
750
751
#ifndef OPENSSL_NO_CMS
752
static int rsa_cms_verify(CMS_SignerInfo *si)
753
0
{
754
0
    int nid, nid2;
755
0
    X509_ALGOR *alg;
756
0
    EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
757
758
0
    CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
759
0
    nid = OBJ_obj2nid(alg->algorithm);
760
0
    if (nid == EVP_PKEY_RSA_PSS)
761
0
        return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
762
    /* Only PSS allowed for PSS keys */
763
0
    if (pkey_ctx_is_pss(pkctx)) {
764
0
        RSAerr(RSA_F_RSA_CMS_VERIFY, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
765
0
        return 0;
766
0
    }
767
0
    if (nid == NID_rsaEncryption)
768
0
        return 1;
769
    /* Workaround for some implementation that use a signature OID */
770
0
    if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
771
0
        if (nid2 == NID_rsaEncryption)
772
0
            return 1;
773
0
    }
774
0
    return 0;
775
0
}
776
#endif
777
778
/*
779
 * Customised RSA item verification routine. This is called when a signature
780
 * is encountered requiring special handling. We currently only handle PSS.
781
 */
782
783
static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
784
                           X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
785
                           EVP_PKEY *pkey)
786
0
{
787
    /* Sanity check: make sure it is PSS */
788
0
    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
789
0
        RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
790
0
        return -1;
791
0
    }
792
0
    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
793
        /* Carry on */
794
0
        return 2;
795
0
    }
796
0
    return -1;
797
0
}
798
799
#ifndef OPENSSL_NO_CMS
800
static int rsa_cms_sign(CMS_SignerInfo *si)
801
0
{
802
0
    int pad_mode = RSA_PKCS1_PADDING;
803
0
    X509_ALGOR *alg;
804
0
    EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
805
0
    ASN1_STRING *os = NULL;
806
807
0
    CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
808
0
    if (pkctx) {
809
0
        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
810
0
            return 0;
811
0
    }
812
0
    if (pad_mode == RSA_PKCS1_PADDING) {
813
0
        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
814
0
        return 1;
815
0
    }
816
    /* We don't support it */
817
0
    if (pad_mode != RSA_PKCS1_PSS_PADDING)
818
0
        return 0;
819
0
    os = rsa_ctx_to_pss_string(pkctx);
820
0
    if (!os)
821
0
        return 0;
822
0
    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
823
0
    return 1;
824
0
}
825
#endif
826
827
static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
828
                         X509_ALGOR *alg1, X509_ALGOR *alg2,
829
                         ASN1_BIT_STRING *sig)
830
0
{
831
0
    int pad_mode;
832
0
    EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
833
834
0
    if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
835
0
        return 0;
836
0
    if (pad_mode == RSA_PKCS1_PADDING)
837
0
        return 2;
838
0
    if (pad_mode == RSA_PKCS1_PSS_PADDING) {
839
0
        ASN1_STRING *os1 = NULL;
840
0
        os1 = rsa_ctx_to_pss_string(pkctx);
841
0
        if (!os1)
842
0
            return 0;
843
        /* Duplicate parameters if we have to */
844
0
        if (alg2) {
845
0
            ASN1_STRING *os2 = ASN1_STRING_dup(os1);
846
0
            if (!os2) {
847
0
                ASN1_STRING_free(os1);
848
0
                return 0;
849
0
            }
850
0
            X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
851
0
                            V_ASN1_SEQUENCE, os2);
852
0
        }
853
0
        X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
854
0
                        V_ASN1_SEQUENCE, os1);
855
0
        return 3;
856
0
    }
857
0
    return 2;
858
0
}
859
860
static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
861
                            const ASN1_STRING *sig)
862
0
{
863
0
    int rv = 0;
864
0
    int mdnid, saltlen;
865
0
    uint32_t flags;
866
0
    const EVP_MD *mgf1md = NULL, *md = NULL;
867
0
    RSA_PSS_PARAMS *pss;
868
869
    /* Sanity check: make sure it is PSS */
870
0
    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
871
0
        return 0;
872
    /* Decode PSS parameters */
873
0
    pss = rsa_pss_decode(sigalg);
874
0
    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
875
0
        goto err;
876
0
    mdnid = EVP_MD_type(md);
877
    /*
878
     * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
879
     * match and salt length must equal digest size
880
     */
881
0
    if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
882
0
            && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
883
0
        flags = X509_SIG_INFO_TLS;
884
0
    else
885
0
        flags = 0;
886
    /* Note: security bits half number of digest bits */
887
0
    X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4,
888
0
                      flags);
889
0
    rv = 1;
890
0
    err:
891
0
    RSA_PSS_PARAMS_free(pss);
892
0
    return rv;
893
0
}
894
895
#ifndef OPENSSL_NO_CMS
896
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
897
0
{
898
0
    RSA_OAEP_PARAMS *oaep;
899
900
0
    oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
901
0
                                     alg->parameter);
902
903
0
    if (oaep == NULL)
904
0
        return NULL;
905
906
0
    if (oaep->maskGenFunc != NULL) {
907
0
        oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc);
908
0
        if (oaep->maskHash == NULL) {
909
0
            RSA_OAEP_PARAMS_free(oaep);
910
0
            return NULL;
911
0
        }
912
0
    }
913
0
    return oaep;
914
0
}
915
916
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
917
0
{
918
0
    EVP_PKEY_CTX *pkctx;
919
0
    X509_ALGOR *cmsalg;
920
0
    int nid;
921
0
    int rv = -1;
922
0
    unsigned char *label = NULL;
923
0
    int labellen = 0;
924
0
    const EVP_MD *mgf1md = NULL, *md = NULL;
925
0
    RSA_OAEP_PARAMS *oaep;
926
927
0
    pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
928
0
    if (pkctx == NULL)
929
0
        return 0;
930
0
    if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
931
0
        return -1;
932
0
    nid = OBJ_obj2nid(cmsalg->algorithm);
933
0
    if (nid == NID_rsaEncryption)
934
0
        return 1;
935
0
    if (nid != NID_rsaesOaep) {
936
0
        RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
937
0
        return -1;
938
0
    }
939
    /* Decode OAEP parameters */
940
0
    oaep = rsa_oaep_decode(cmsalg);
941
942
0
    if (oaep == NULL) {
943
0
        RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
944
0
        goto err;
945
0
    }
946
947
0
    mgf1md = rsa_algor_to_md(oaep->maskHash);
948
0
    if (mgf1md == NULL)
949
0
        goto err;
950
0
    md = rsa_algor_to_md(oaep->hashFunc);
951
0
    if (md == NULL)
952
0
        goto err;
953
954
0
    if (oaep->pSourceFunc != NULL) {
955
0
        X509_ALGOR *plab = oaep->pSourceFunc;
956
957
0
        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
958
0
            RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
959
0
            goto err;
960
0
        }
961
0
        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
962
0
            RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL);
963
0
            goto err;
964
0
        }
965
966
0
        label = plab->parameter->value.octet_string->data;
967
        /* Stop label being freed when OAEP parameters are freed */
968
0
        plab->parameter->value.octet_string->data = NULL;
969
0
        labellen = plab->parameter->value.octet_string->length;
970
0
    }
971
972
0
    if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
973
0
        goto err;
974
0
    if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0)
975
0
        goto err;
976
0
    if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
977
0
        goto err;
978
0
    if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
979
0
        goto err;
980
    /* Carry on */
981
0
    rv = 1;
982
983
0
 err:
984
0
    RSA_OAEP_PARAMS_free(oaep);
985
0
    return rv;
986
0
}
987
988
static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
989
0
{
990
0
    const EVP_MD *md, *mgf1md;
991
0
    RSA_OAEP_PARAMS *oaep = NULL;
992
0
    ASN1_STRING *os = NULL;
993
0
    X509_ALGOR *alg;
994
0
    EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
995
0
    int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
996
0
    unsigned char *label;
997
998
0
    if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
999
0
        return 0;
1000
0
    if (pkctx) {
1001
0
        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
1002
0
            return 0;
1003
0
    }
1004
0
    if (pad_mode == RSA_PKCS1_PADDING) {
1005
0
        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
1006
0
        return 1;
1007
0
    }
1008
    /* Not supported */
1009
0
    if (pad_mode != RSA_PKCS1_OAEP_PADDING)
1010
0
        return 0;
1011
0
    if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
1012
0
        goto err;
1013
0
    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
1014
0
        goto err;
1015
0
    labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
1016
0
    if (labellen < 0)
1017
0
        goto err;
1018
0
    oaep = RSA_OAEP_PARAMS_new();
1019
0
    if (oaep == NULL)
1020
0
        goto err;
1021
0
    if (!rsa_md_to_algor(&oaep->hashFunc, md))
1022
0
        goto err;
1023
0
    if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
1024
0
        goto err;
1025
0
    if (labellen > 0) {
1026
0
        ASN1_OCTET_STRING *los;
1027
0
        oaep->pSourceFunc = X509_ALGOR_new();
1028
0
        if (oaep->pSourceFunc == NULL)
1029
0
            goto err;
1030
0
        los = ASN1_OCTET_STRING_new();
1031
0
        if (los == NULL)
1032
0
            goto err;
1033
0
        if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
1034
0
            ASN1_OCTET_STRING_free(los);
1035
0
            goto err;
1036
0
        }
1037
0
        X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
1038
0
                        V_ASN1_OCTET_STRING, los);
1039
0
    }
1040
    /* create string with pss parameter encoding. */
1041
0
    if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
1042
0
         goto err;
1043
0
    X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
1044
0
    os = NULL;
1045
0
    rv = 1;
1046
0
 err:
1047
0
    RSA_OAEP_PARAMS_free(oaep);
1048
0
    ASN1_STRING_free(os);
1049
0
    return rv;
1050
0
}
1051
#endif
1052
1053
static int rsa_pkey_check(const EVP_PKEY *pkey)
1054
0
{
1055
0
    return RSA_check_key_ex(pkey->pkey.rsa, NULL);
1056
0
}
1057
1058
const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
1059
    {
1060
     EVP_PKEY_RSA,
1061
     EVP_PKEY_RSA,
1062
     ASN1_PKEY_SIGPARAM_NULL,
1063
1064
     "RSA",
1065
     "OpenSSL RSA method",
1066
1067
     rsa_pub_decode,
1068
     rsa_pub_encode,
1069
     rsa_pub_cmp,
1070
     rsa_pub_print,
1071
1072
     rsa_priv_decode,
1073
     rsa_priv_encode,
1074
     rsa_priv_print,
1075
1076
     int_rsa_size,
1077
     rsa_bits,
1078
     rsa_security_bits,
1079
1080
     0, 0, 0, 0, 0, 0,
1081
1082
     rsa_sig_print,
1083
     int_rsa_free,
1084
     rsa_pkey_ctrl,
1085
     old_rsa_priv_decode,
1086
     old_rsa_priv_encode,
1087
     rsa_item_verify,
1088
     rsa_item_sign,
1089
     rsa_sig_info_set,
1090
     rsa_pkey_check
1091
    },
1092
1093
    {
1094
     EVP_PKEY_RSA2,
1095
     EVP_PKEY_RSA,
1096
     ASN1_PKEY_ALIAS}
1097
};
1098
1099
const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
1100
     EVP_PKEY_RSA_PSS,
1101
     EVP_PKEY_RSA_PSS,
1102
     ASN1_PKEY_SIGPARAM_NULL,
1103
1104
     "RSA-PSS",
1105
     "OpenSSL RSA-PSS method",
1106
1107
     rsa_pub_decode,
1108
     rsa_pub_encode,
1109
     rsa_pub_cmp,
1110
     rsa_pub_print,
1111
1112
     rsa_priv_decode,
1113
     rsa_priv_encode,
1114
     rsa_priv_print,
1115
1116
     int_rsa_size,
1117
     rsa_bits,
1118
     rsa_security_bits,
1119
1120
     0, 0, 0, 0, 0, 0,
1121
1122
     rsa_sig_print,
1123
     int_rsa_free,
1124
     rsa_pkey_ctrl,
1125
     0, 0,
1126
     rsa_item_verify,
1127
     rsa_item_sign,
1128
     0,
1129
     rsa_pkey_check
1130
};