1 files changed, 0 insertions, 675 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
deleted file mode 100644
index 528b72b4b9..0000000000
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ /dev/null
@@ -1,675 +0,0 @@
-/* $OpenBSD: rsa_ameth.c,v 1.14 2015/02/11 04:05:14 beck Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/opensslconf.h>
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-#include "asn1_locl.h"
-static int
-rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
-{
-        unsigned char *penc = NULL;
-        int penclen;
-        penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
-        if (penclen <= 0)
-                return 0;
-        if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
-            V_ASN1_NULL, NULL, penc, penclen))
-                return 1;
-        free(penc);
-        return 0;
-}
-static int
-rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
-{
-        const unsigned char *p;
-        int pklen;
-        RSA *rsa = NULL;
-        if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
-                return 0;
-        if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
-                RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
-                return 0;
-        }
-        EVP_PKEY_assign_RSA (pkey, rsa);
-        return 1;
-}
-static int
-rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-        if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ||
-            BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
-                return 0;
-        return 1;
-}
-static int
-old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
-{
-        RSA *rsa;
-        if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
-                RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
-                return 0;
-        }
-        EVP_PKEY_assign_RSA(pkey, rsa);
-        return 1;
-}
-static int
-old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
-{
-        return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
-}
-static int
-rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
-{
-        unsigned char *rk = NULL;
-        int rklen;
-        rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
-        if (rklen <= 0) {
-                RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
-            V_ASN1_NULL, NULL, rk, rklen)) {
-                RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        return 1;
-}
-static int
-rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
-{
-        const unsigned char *p;
-        int pklen;
-        if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
-                return 0;
-        return old_rsa_priv_decode(pkey, &p, pklen);
-}
-static int
-int_rsa_size(const EVP_PKEY *pkey)
-{
-        return RSA_size(pkey->pkey.rsa);
-}
-static int
-rsa_bits(const EVP_PKEY *pkey)
-{
-        return BN_num_bits(pkey->pkey.rsa->n);
-}
-static void
-int_rsa_free(EVP_PKEY *pkey)
-{
-        RSA_free(pkey->pkey.rsa);
-}
-static void
-update_buflen(const BIGNUM *b, size_t *pbuflen)
-{
-        size_t i;
-        if (!b)
-                return;
-        if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
-                *pbuflen = i;
-}
-static int
-do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
-{
-        char *str;
-        const char *s;
-        unsigned char *m = NULL;
-        int ret = 0, mod_len = 0;
-        size_t buf_len = 0;
-        update_buflen(x->n, &buf_len);
-        update_buflen(x->e, &buf_len);
-        if (priv) {
-                update_buflen(x->d, &buf_len);
-                update_buflen(x->p, &buf_len);
-                update_buflen(x->q, &buf_len);
-                update_buflen(x->dmp1, &buf_len);
-                update_buflen(x->dmq1, &buf_len);
-                update_buflen(x->iqmp, &buf_len);
-        }
-        m = malloc(buf_len + 10);
-        if (m == NULL) {
-                RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (x->n != NULL)
-                mod_len = BN_num_bits(x->n);
-        if (!BIO_indent(bp, off, 128))
-                goto err;
-        if (priv && x->d) {
-                if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
-                        goto err;
-                str = "modulus:";
-                s = "publicExponent:";
-        } else {
-                if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
-                        goto err;
-                str = "Modulus:";
-                s= "Exponent:";
-        }
-        if (!ASN1_bn_print(bp, str, x->n, m, off))
-                goto err;
-        if (!ASN1_bn_print(bp, s, x->e, m, off))
-                goto err;
-        if (priv) {
-                if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off))
-                        goto err;
-                if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
-                        goto err;
-                if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
-                        goto err;
-                if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
-                        goto err;
-                if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
-                        goto err;
-                if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
-                        goto err;
-        }
-        ret = 1;
-err:
-        free(m);
-        return (ret);
-}
-static int
-rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
-{
-        return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
-}
-static int
-rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx)
-{
-        return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
-}
-static RSA_PSS_PARAMS *
-rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash)
-{
-        const unsigned char *p;
-        int plen;
-        RSA_PSS_PARAMS *pss;
-        *pmaskHash = NULL;
-        if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
-                return NULL;
-        p = alg->parameter->value.sequence->data;
-        plen = alg->parameter->value.sequence->length;
-        pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
-        if (!pss)
-                return NULL;
-        if (pss->maskGenAlgorithm) {
-                ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
-                if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
-                    param->type == V_ASN1_SEQUENCE) {
-                        p = param->value.sequence->data;
-                        plen = param->value.sequence->length;
-                        *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
-                }
-        }
-        return pss;
-}
-static int
-rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
-    int indent)
-{
-        int rv = 0;
-        if (!pss) {
-                if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
-                        return 0;
-                return 1;
-        }
-        if (BIO_puts(bp, "\n") <= 0)
-                goto err;
-        if (!BIO_indent(bp, indent, 128))
-                goto err;
-        if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
-                goto err;
-        if (pss->hashAlgorithm) {
-                if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
-                        goto err;
-        } else if (BIO_puts(bp, "sha1 (default)") <= 0)
-                goto err;
-        if (BIO_puts(bp, "\n") <= 0)
-                goto err;
-        if (!BIO_indent(bp, indent, 128))
-                goto err;
-        if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
-                goto err;
-        if (pss->maskGenAlgorithm) {
-                if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
-                        goto err;
-                if (BIO_puts(bp, " with ") <= 0)
-                        goto err;
-                if (maskHash) {
-                        if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
-                                goto err;
-                } else if (BIO_puts(bp, "INVALID") <= 0)
-                        goto err;
-        } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
-                goto err;
-        BIO_puts(bp, "\n");
-        if (!BIO_indent(bp, indent, 128))
-                goto err;
-        if (BIO_puts(bp, "Salt Length: 0x") <= 0)
-                goto err;
-        if (pss->saltLength) {
-                if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
-                        goto err;
-        } else if (BIO_puts(bp, "14 (default)") <= 0)
-                goto err;
-        BIO_puts(bp, "\n");
-        if (!BIO_indent(bp, indent, 128))
-                goto err;
-        if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
-                goto err;
-        if (pss->trailerField) {
-                if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
-                        goto err;
-        } else if (BIO_puts(bp, "BC (default)") <= 0)
-                goto err;
-        BIO_puts(bp, "\n");
-        rv = 1;
-err:
-        return rv;
-}
-static int
-rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig,
-    int indent, ASN1_PCTX *pctx)
-{
-        if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
-                int rv;
-                RSA_PSS_PARAMS *pss;
-                X509_ALGOR *maskHash;
-                pss = rsa_pss_decode(sigalg, &maskHash);
-                rv = rsa_pss_param_print(bp, pss, maskHash, indent);
-                if (pss)
-                        RSA_PSS_PARAMS_free(pss);
-                if (maskHash)
-                        X509_ALGOR_free(maskHash);
-                if (!rv)
-                        return 0;
-        } else if (!sig && BIO_puts(bp, "\n") <= 0)
-                return 0;
-        if (sig)
-                return X509_signature_dump(bp, sig, indent);
-        return 1;
-}
-static int
-rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-{
-        X509_ALGOR *alg = NULL;
-        switch (op) {
-        case ASN1_PKEY_CTRL_PKCS7_SIGN:
-                if (arg1 == 0)
-                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
-                break;
-        case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
-                if (arg1 == 0)
-                        PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
-                break;
-#ifndef OPENSSL_NO_CMS
-        case ASN1_PKEY_CTRL_CMS_SIGN:
-                if (arg1 == 0)
-                        CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
-                break;
-        case ASN1_PKEY_CTRL_CMS_ENVELOPE:
-                if (arg1 == 0)
-                        CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
-                break;
-#endif
-        case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-                *(int *)arg2 = NID_sha1;
-                return 1;
-        default:
-                return -2;
-        }
-        if (alg)
-                X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
-                    V_ASN1_NULL, 0);
-        return 1;
-}
-/* Customised RSA item verification routine. This is called
- * when a signature is encountered requiring special handling. We
- * currently only handle PSS.
- */
-static int
-rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-    X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey)
-{
-        int rv = -1;
-        int saltlen;
-        const EVP_MD *mgf1md = NULL, *md = NULL;
-        RSA_PSS_PARAMS *pss;
-        X509_ALGOR *maskHash;
-        EVP_PKEY_CTX *pkctx;
-        /* Sanity check: make sure it is PSS */
-        if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
-                RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
-                return -1;
-        }
-        /* Decode PSS parameters */
-        pss = rsa_pss_decode(sigalg, &maskHash);
-        if (pss == NULL) {
-                RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
-                goto err;
-        }
-        /* Check mask and lookup mask hash algorithm */
-        if (pss->maskGenAlgorithm) {
-                if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY,
-                            RSA_R_UNSUPPORTED_MASK_ALGORITHM);
-                        goto err;
-                }
-                if (!maskHash) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY,
-                            RSA_R_UNSUPPORTED_MASK_PARAMETER);
-                        goto err;
-                }
-                mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
-                if (mgf1md == NULL) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY,
-                            RSA_R_UNKNOWN_MASK_DIGEST);
-                        goto err;
-                }
-        } else
-                mgf1md = EVP_sha1();
-        if (pss->hashAlgorithm) {
-                md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
-                if (md == NULL) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
-                        goto err;
-                }
-        } else
-                md = EVP_sha1();
-        if (pss->saltLength) {
-                saltlen = ASN1_INTEGER_get(pss->saltLength);
-                /* Could perform more salt length sanity checks but the main
-                 * RSA routines will trap other invalid values anyway.
-                 */
-                if (saltlen < 0) {
-                        RSAerr(RSA_F_RSA_ITEM_VERIFY,
-                            RSA_R_INVALID_SALT_LENGTH);
-                        goto err;
-                }
-        } else
-                saltlen = 20;
-        /* low-level routines support only trailer field 0xbc (value 1)
-         * and PKCS#1 says we should reject any other value anyway.
-         */
-        if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
-                RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
-                goto err;
-        }
-        /* We have all parameters now set up context */
-        if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
-                goto err;
-        if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
-                goto err;
-        if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
-                goto err;
-        if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
-                goto err;
-        /* Carry on */
-        rv = 2;
-err:
-        RSA_PSS_PARAMS_free(pss);
-        if (maskHash)
-                X509_ALGOR_free(maskHash);
-        return rv;
-}
-static int
-rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-    X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
-{
-        int pad_mode;
-        EVP_PKEY_CTX *pkctx = ctx->pctx;
-        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
-                return 0;
-        if (pad_mode == RSA_PKCS1_PADDING)
-                return 2;
-        if (pad_mode == RSA_PKCS1_PSS_PADDING) {
-                const EVP_MD *sigmd, *mgf1md;
-                RSA_PSS_PARAMS *pss = NULL;
-                X509_ALGOR *mgf1alg = NULL;
-                ASN1_STRING *os1 = NULL, *os2 = NULL;
-                EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
-                int saltlen, rv = 0;
-                sigmd = EVP_MD_CTX_md(ctx);
-                if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
-                        goto err;
-                if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
-                        goto err;
-                if (saltlen == -1)
-                        saltlen = EVP_MD_size(sigmd);
-                else if (saltlen == -2) {
-                        saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
-                        if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
-                                saltlen--;
-                }
-                pss = RSA_PSS_PARAMS_new();
-                if (!pss)
-                        goto err;
-                if (saltlen != 20) {
-                        pss->saltLength = ASN1_INTEGER_new();
-                        if (!pss->saltLength)
-                                goto err;
-                        if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
-                                goto err;
-                }
-                if (EVP_MD_type(sigmd) != NID_sha1) {
-                        pss->hashAlgorithm = X509_ALGOR_new();
-                        if (!pss->hashAlgorithm)
-                                goto err;
-                        X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
-                }
-                if (EVP_MD_type(mgf1md) != NID_sha1) {
-                        ASN1_STRING *stmp = NULL;
-                        /* need to embed algorithm ID inside another */
-                        mgf1alg = X509_ALGOR_new();
-                        X509_ALGOR_set_md(mgf1alg, mgf1md);
-                        if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
-                            &stmp))
-                                goto err;
-                        pss->maskGenAlgorithm = X509_ALGOR_new();
-                        if (!pss->maskGenAlgorithm)
-                                goto err;
-                        X509_ALGOR_set0(pss->maskGenAlgorithm,
-                            OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
-                }
-                /* Finally create string with pss parameter encoding. */
-                if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
-                        goto err;
-                if (alg2) {
-                        os2 = ASN1_STRING_dup(os1);
-                        if (!os2)
-                                goto err;
-                        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
-                            V_ASN1_SEQUENCE, os2);
-                }
-                X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
-                    V_ASN1_SEQUENCE, os1);
-                os1 = os2 = NULL;
-                rv = 3;
-err:
-                if (mgf1alg)
-                        X509_ALGOR_free(mgf1alg);
-                if (pss)
-                        RSA_PSS_PARAMS_free(pss);
-                ASN1_STRING_free(os1);
-                return rv;
-        }
-        return 2;
-}
-const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
-        {
-                .pkey_id = EVP_PKEY_RSA,
-                .pkey_base_id = EVP_PKEY_RSA,
-                .pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
-                .pem_str = "RSA",
-                .info = "OpenSSL RSA method",
-                .pub_decode = rsa_pub_decode,
-                .pub_encode = rsa_pub_encode,
-                .pub_cmp = rsa_pub_cmp,
-                .pub_print = rsa_pub_print,
-                .priv_decode = rsa_priv_decode,
-                .priv_encode = rsa_priv_encode,
-                .priv_print = rsa_priv_print,
-                .pkey_size = int_rsa_size,
-                .pkey_bits = rsa_bits,
-                .sig_print = rsa_sig_print,
-                .pkey_free = int_rsa_free,
-                .pkey_ctrl = rsa_pkey_ctrl,
-                .old_priv_decode = old_rsa_priv_decode,
-                .old_priv_encode = old_rsa_priv_encode,
-                .item_verify = rsa_item_verify,
-                .item_sign = rsa_item_sign
-        },
-        {
-                .pkey_id = EVP_PKEY_RSA2,
-                .pkey_base_id = EVP_PKEY_RSA,
-                .pkey_flags = ASN1_PKEY_ALIAS
-        }
-};

diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c deleted file mode 100644 index 528b72b4b9..0000000000 --- a/src/lib/libcrypto/rsa/rsa_ameth.c +++ /dev/null
@@ -1,675 +0,0 @@
1	/* $OpenBSD: rsa_ameth.c,v 1.14 2015/02/11 04:05:14 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <stdio.h>
60
61	#include <openssl/opensslconf.h>
62
63	#include <openssl/asn1t.h>
64	#include <openssl/bn.h>
65	#include <openssl/err.h>
66	#include <openssl/rsa.h>
67	#include <openssl/x509.h>
68
69	#ifndef OPENSSL_NO_CMS
70	#include <openssl/cms.h>
71	#endif
72
73	#include "asn1_locl.h"
74
75	static int
76	rsa_pub_encode(X509_PUBKEY pk, const EVP_PKEY pkey)
77	{
78	unsigned char *penc = NULL;
79	int penclen;
80
81	penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
82	if (penclen <= 0)
83	return 0;
84	if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
85	V_ASN1_NULL, NULL, penc, penclen))
86	return 1;
87
88	free(penc);
89	return 0;
90	}
91
92	static int
93	rsa_pub_decode(EVP_PKEY pkey, X509_PUBKEY pubkey)
94	{
95	const unsigned char *p;
96	int pklen;
97	RSA *rsa = NULL;
98
99	if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
100	return 0;
101	if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
102	RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
103	return 0;
104	}
105	EVP_PKEY_assign_RSA (pkey, rsa);
106	return 1;
107	}
108
109	static int
110	rsa_pub_cmp(const EVP_PKEY a, const EVP_PKEY b)
111	{
112	if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 \|\|
113	BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
114	return 0;
115	return 1;
116	}
117
118	static int
119	old_rsa_priv_decode(EVP_PKEY pkey, const unsigned char *pder, int derlen)
120	{
121	RSA *rsa;
122
123	if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
124	RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
125	return 0;
126	}
127	EVP_PKEY_assign_RSA(pkey, rsa);
128	return 1;
129	}
130
131	static int
132	old_rsa_priv_encode(const EVP_PKEY pkey, unsigned char *pder)
133	{
134	return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
135	}
136
137	static int
138	rsa_priv_encode(PKCS8_PRIV_KEY_INFO p8, const EVP_PKEY pkey)
139	{
140	unsigned char *rk = NULL;
141	int rklen;
142
143	rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
144
145	if (rklen <= 0) {
146	RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
147	return 0;
148	}
149
150	if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
151	V_ASN1_NULL, NULL, rk, rklen)) {
152	RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
153	return 0;
154	}
155
156	return 1;
157	}
158
159	static int
160	rsa_priv_decode(EVP_PKEY pkey, PKCS8_PRIV_KEY_INFO p8)
161	{
162	const unsigned char *p;
163	int pklen;
164
165	if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
166	return 0;
167	return old_rsa_priv_decode(pkey, &p, pklen);
168	}
169
170	static int
171	int_rsa_size(const EVP_PKEY *pkey)
172	{
173	return RSA_size(pkey->pkey.rsa);
174	}
175
176	static int
177	rsa_bits(const EVP_PKEY *pkey)
178	{
179	return BN_num_bits(pkey->pkey.rsa->n);
180	}
181
182	static void
183	int_rsa_free(EVP_PKEY *pkey)
184	{
185	RSA_free(pkey->pkey.rsa);
186	}
187
188	static void
189	update_buflen(const BIGNUM b, size_t pbuflen)
190	{
191	size_t i;
192
193	if (!b)
194	return;
195	if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
196	*pbuflen = i;
197	}
198
199	static int
200	do_rsa_print(BIO bp, const RSA x, int off, int priv)
201	{
202	char *str;
203	const char *s;
204	unsigned char *m = NULL;
205	int ret = 0, mod_len = 0;
206	size_t buf_len = 0;
207
208	update_buflen(x->n, &buf_len);
209	update_buflen(x->e, &buf_len);
210
211	if (priv) {
212	update_buflen(x->d, &buf_len);
213	update_buflen(x->p, &buf_len);
214	update_buflen(x->q, &buf_len);
215	update_buflen(x->dmp1, &buf_len);
216	update_buflen(x->dmq1, &buf_len);
217	update_buflen(x->iqmp, &buf_len);
218	}
219
220	m = malloc(buf_len + 10);
221	if (m == NULL) {
222	RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
223	goto err;
224	}
225
226	if (x->n != NULL)
227	mod_len = BN_num_bits(x->n);
228
229	if (!BIO_indent(bp, off, 128))
230	goto err;
231
232	if (priv && x->d) {
233	if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
234	goto err;
235	str = "modulus:";
236	s = "publicExponent:";
237	} else {
238	if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
239	goto err;
240	str = "Modulus:";
241	s= "Exponent:";
242	}
243	if (!ASN1_bn_print(bp, str, x->n, m, off))
244	goto err;
245	if (!ASN1_bn_print(bp, s, x->e, m, off))
246	goto err;
247	if (priv) {
248	if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off))
249	goto err;
250	if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
251	goto err;
252	if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
253	goto err;
254	if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
255	goto err;
256	if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
257	goto err;
258	if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
259	goto err;
260	}
261	ret = 1;
262	err:
263	free(m);
264	return (ret);
265	}
266
267	static int
268	rsa_pub_print(BIO bp, const EVP_PKEY pkey, int indent, ASN1_PCTX *ctx)
269	{
270	return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
271	}
272
273	static int
274	rsa_priv_print(BIO bp, const EVP_PKEY pkey, int indent, ASN1_PCTX *ctx)
275	{
276	return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
277	}
278
279	static RSA_PSS_PARAMS *
280	rsa_pss_decode(const X509_ALGOR alg, X509_ALGOR *pmaskHash)
281	{
282	const unsigned char *p;
283	int plen;
284	RSA_PSS_PARAMS *pss;
285
286	*pmaskHash = NULL;
287
288	if (!alg->parameter \|\| alg->parameter->type != V_ASN1_SEQUENCE)
289	return NULL;
290
291	p = alg->parameter->value.sequence->data;
292	plen = alg->parameter->value.sequence->length;
293	pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
294
295	if (!pss)
296	return NULL;
297
298	if (pss->maskGenAlgorithm) {
299	ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
300	if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
301	param->type == V_ASN1_SEQUENCE) {
302	p = param->value.sequence->data;
303	plen = param->value.sequence->length;
304	*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
305	}
306	}
307
308	return pss;
309	}
310
311	static int
312	rsa_pss_param_print(BIO bp, RSA_PSS_PARAMS pss, X509_ALGOR *maskHash,
313	int indent)
314	{
315	int rv = 0;
316
317	if (!pss) {
318	if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
319	return 0;
320	return 1;
321	}
322	if (BIO_puts(bp, "\n") <= 0)
323	goto err;
324	if (!BIO_indent(bp, indent, 128))
325	goto err;
326	if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
327	goto err;
328
329	if (pss->hashAlgorithm) {
330	if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
331	goto err;
332	} else if (BIO_puts(bp, "sha1 (default)") <= 0)
333	goto err;
334
335	if (BIO_puts(bp, "\n") <= 0)
336	goto err;
337
338	if (!BIO_indent(bp, indent, 128))
339	goto err;
340
341	if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
342	goto err;
343	if (pss->maskGenAlgorithm) {
344	if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
345	goto err;
346	if (BIO_puts(bp, " with ") <= 0)
347	goto err;
348	if (maskHash) {
349	if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
350	goto err;
351	} else if (BIO_puts(bp, "INVALID") <= 0)
352	goto err;
353	} else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
354	goto err;
355	BIO_puts(bp, "\n");
356
357	if (!BIO_indent(bp, indent, 128))
358	goto err;
359	if (BIO_puts(bp, "Salt Length: 0x") <= 0)
360	goto err;
361	if (pss->saltLength) {
362	if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
363	goto err;
364	} else if (BIO_puts(bp, "14 (default)") <= 0)
365	goto err;
366	BIO_puts(bp, "\n");
367
368	if (!BIO_indent(bp, indent, 128))
369	goto err;
370	if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
371	goto err;
372	if (pss->trailerField) {
373	if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
374	goto err;
375	} else if (BIO_puts(bp, "BC (default)") <= 0)
376	goto err;
377	BIO_puts(bp, "\n");
378
379	rv = 1;
380
381	err:
382	return rv;
383	}
384
385	static int
386	rsa_sig_print(BIO bp, const X509_ALGOR sigalg, const ASN1_STRING *sig,
387	int indent, ASN1_PCTX *pctx)
388	{
389	if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
390	int rv;
391	RSA_PSS_PARAMS *pss;
392	X509_ALGOR *maskHash;
393	pss = rsa_pss_decode(sigalg, &maskHash);
394	rv = rsa_pss_param_print(bp, pss, maskHash, indent);
395	if (pss)
396	RSA_PSS_PARAMS_free(pss);
397	if (maskHash)
398	X509_ALGOR_free(maskHash);
399	if (!rv)
400	return 0;
401	} else if (!sig && BIO_puts(bp, "\n") <= 0)
402	return 0;
403	if (sig)
404	return X509_signature_dump(bp, sig, indent);
405	return 1;
406	}
407
408	static int
409	rsa_pkey_ctrl(EVP_PKEY pkey, int op, long arg1, void arg2)
410	{
411	X509_ALGOR *alg = NULL;
412
413	switch (op) {
414	case ASN1_PKEY_CTRL_PKCS7_SIGN:
415	if (arg1 == 0)
416	PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
417	break;
418
419	case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
420	if (arg1 == 0)
421	PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
422	break;
423	#ifndef OPENSSL_NO_CMS
424	case ASN1_PKEY_CTRL_CMS_SIGN:
425	if (arg1 == 0)
426	CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
427	break;
428
429	case ASN1_PKEY_CTRL_CMS_ENVELOPE:
430	if (arg1 == 0)
431	CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
432	break;
433	#endif
434
435	case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
436	(int )arg2 = NID_sha1;
437	return 1;
438
439	default:
440	return -2;
441	}
442
443	if (alg)
444	X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
445	V_ASN1_NULL, 0);
446
447	return 1;
448	}
449
450	/* Customised RSA item verification routine. This is called
451	* when a signature is encountered requiring special handling. We
452	* currently only handle PSS.
453	*/
454	static int
455	rsa_item_verify(EVP_MD_CTX ctx, const ASN1_ITEM it, void *asn,
456	X509_ALGOR sigalg, ASN1_BIT_STRING sig, EVP_PKEY *pkey)
457	{
458	int rv = -1;
459	int saltlen;
460	const EVP_MD mgf1md = NULL, md = NULL;
461	RSA_PSS_PARAMS *pss;
462	X509_ALGOR *maskHash;
463	EVP_PKEY_CTX *pkctx;
464
465	/* Sanity check: make sure it is PSS */
466	if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
467	RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
468	return -1;
469	}
470
471	/* Decode PSS parameters */
472	pss = rsa_pss_decode(sigalg, &maskHash);
473
474	if (pss == NULL) {
475	RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
476	goto err;
477	}
478	/* Check mask and lookup mask hash algorithm */
479	if (pss->maskGenAlgorithm) {
480	if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
481	RSAerr(RSA_F_RSA_ITEM_VERIFY,
482	RSA_R_UNSUPPORTED_MASK_ALGORITHM);
483	goto err;
484	}
485	if (!maskHash) {
486	RSAerr(RSA_F_RSA_ITEM_VERIFY,
487	RSA_R_UNSUPPORTED_MASK_PARAMETER);
488	goto err;
489	}
490	mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
491	if (mgf1md == NULL) {
492	RSAerr(RSA_F_RSA_ITEM_VERIFY,
493	RSA_R_UNKNOWN_MASK_DIGEST);
494	goto err;
495	}
496	} else
497	mgf1md = EVP_sha1();
498
499	if (pss->hashAlgorithm) {
500	md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
501	if (md == NULL) {
502	RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
503	goto err;
504	}
505	} else
506	md = EVP_sha1();
507
508	if (pss->saltLength) {
509	saltlen = ASN1_INTEGER_get(pss->saltLength);
510
511	/* Could perform more salt length sanity checks but the main
512	* RSA routines will trap other invalid values anyway.
513	*/
514	if (saltlen < 0) {
515	RSAerr(RSA_F_RSA_ITEM_VERIFY,
516	RSA_R_INVALID_SALT_LENGTH);
517	goto err;
518	}
519	} else
520	saltlen = 20;
521
522	/* low-level routines support only trailer field 0xbc (value 1)
523	* and PKCS#1 says we should reject any other value anyway.
524	*/
525	if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
526	RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
527	goto err;
528	}
529
530	/* We have all parameters now set up context */
531
532	if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
533	goto err;
534
535	if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
536	goto err;
537
538	if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
539	goto err;
540
541	if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
542	goto err;
543	/* Carry on */
544	rv = 2;
545
546	err:
547	RSA_PSS_PARAMS_free(pss);
548	if (maskHash)
549	X509_ALGOR_free(maskHash);
550	return rv;
551	}
552
553	static int
554	rsa_item_sign(EVP_MD_CTX ctx, const ASN1_ITEM it, void *asn,
555	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig)
556	{
557	int pad_mode;
558	EVP_PKEY_CTX *pkctx = ctx->pctx;
559
560	if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
561	return 0;
562	if (pad_mode == RSA_PKCS1_PADDING)
563	return 2;
564	if (pad_mode == RSA_PKCS1_PSS_PADDING) {
565	const EVP_MD sigmd, mgf1md;
566	RSA_PSS_PARAMS *pss = NULL;
567	X509_ALGOR *mgf1alg = NULL;
568	ASN1_STRING os1 = NULL, os2 = NULL;
569	EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
570	int saltlen, rv = 0;
571
572	sigmd = EVP_MD_CTX_md(ctx);
573	if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
574	goto err;
575	if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
576	goto err;
577	if (saltlen == -1)
578	saltlen = EVP_MD_size(sigmd);
579	else if (saltlen == -2) {
580	saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
581	if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
582	saltlen--;
583	}
584	pss = RSA_PSS_PARAMS_new();
585	if (!pss)
586	goto err;
587	if (saltlen != 20) {
588	pss->saltLength = ASN1_INTEGER_new();
589	if (!pss->saltLength)
590	goto err;
591	if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
592	goto err;
593	}
594	if (EVP_MD_type(sigmd) != NID_sha1) {
595	pss->hashAlgorithm = X509_ALGOR_new();
596	if (!pss->hashAlgorithm)
597	goto err;
598	X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
599	}
600	if (EVP_MD_type(mgf1md) != NID_sha1) {
601	ASN1_STRING *stmp = NULL;
602	/* need to embed algorithm ID inside another */
603	mgf1alg = X509_ALGOR_new();
604	X509_ALGOR_set_md(mgf1alg, mgf1md);
605	if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
606	&stmp))
607	goto err;
608	pss->maskGenAlgorithm = X509_ALGOR_new();
609	if (!pss->maskGenAlgorithm)
610	goto err;
611	X509_ALGOR_set0(pss->maskGenAlgorithm,
612	OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
613	}
614	/* Finally create string with pss parameter encoding. */
615	if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
616	goto err;
617	if (alg2) {
618	os2 = ASN1_STRING_dup(os1);
619	if (!os2)
620	goto err;
621	X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
622	V_ASN1_SEQUENCE, os2);
623	}
624	X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
625	V_ASN1_SEQUENCE, os1);
626	os1 = os2 = NULL;
627	rv = 3;
628	err:
629	if (mgf1alg)
630	X509_ALGOR_free(mgf1alg);
631	if (pss)
632	RSA_PSS_PARAMS_free(pss);
633	ASN1_STRING_free(os1);
634	return rv;
635	}
636	return 2;
637	}
638
639	const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
640	{
641	.pkey_id = EVP_PKEY_RSA,
642	.pkey_base_id = EVP_PKEY_RSA,
643	.pkey_flags = ASN1_PKEY_SIGPARAM_NULL,
644
645	.pem_str = "RSA",
646	.info = "OpenSSL RSA method",
647
648	.pub_decode = rsa_pub_decode,
649	.pub_encode = rsa_pub_encode,
650	.pub_cmp = rsa_pub_cmp,
651	.pub_print = rsa_pub_print,
652
653	.priv_decode = rsa_priv_decode,
654	.priv_encode = rsa_priv_encode,
655	.priv_print = rsa_priv_print,
656
657	.pkey_size = int_rsa_size,
658	.pkey_bits = rsa_bits,
659
660	.sig_print = rsa_sig_print,
661
662	.pkey_free = int_rsa_free,
663	.pkey_ctrl = rsa_pkey_ctrl,
664	.old_priv_decode = old_rsa_priv_decode,
665	.old_priv_encode = old_rsa_priv_encode,
666	.item_verify = rsa_item_verify,
667	.item_sign = rsa_item_sign
668	},
669
670	{
671	.pkey_id = EVP_PKEY_RSA2,
672	.pkey_base_id = EVP_PKEY_RSA,
673	.pkey_flags = ASN1_PKEY_ALIAS
674	}
675	};