1 /*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * RSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <string.h>
17 #include <openssl/core_names.h>
18 #include <openssl/params.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #ifndef FIPS_MODULE
22 # include <openssl/x509.h>
23 # include "crypto/asn1.h"
24 #endif
25 #include "internal/sizes.h"
26 #include "internal/param_build_set.h"
27 #include "crypto/rsa.h"
28 #include "rsa_local.h"
29
30 #include "e_os.h" /* strcasecmp for Windows() */
31
32 /*
33 * The intention with the "backend" source file is to offer backend support
34 * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
35 * implementations alike.
36 */
37
DEFINE_STACK_OF(BIGNUM)38 DEFINE_STACK_OF(BIGNUM)
39
40 static int collect_numbers(STACK_OF(BIGNUM) *numbers,
41 const OSSL_PARAM params[], const char *names[])
42 {
43 const OSSL_PARAM *p = NULL;
44 int i;
45
46 if (numbers == NULL)
47 return 0;
48
49 for (i = 0; names[i] != NULL; i++) {
50 p = OSSL_PARAM_locate_const(params, names[i]);
51 if (p != NULL) {
52 BIGNUM *tmp = NULL;
53
54 if (!OSSL_PARAM_get_BN(p, &tmp)
55 || sk_BIGNUM_push(numbers, tmp) == 0)
56 return 0;
57 }
58 }
59
60 return 1;
61 }
62
ossl_rsa_fromdata(RSA * rsa,const OSSL_PARAM params[])63 int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
64 {
65 const OSSL_PARAM *param_n, *param_e, *param_d;
66 BIGNUM *n = NULL, *e = NULL, *d = NULL;
67 STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
68 int is_private = 0;
69
70 if (rsa == NULL)
71 return 0;
72
73 param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
74 param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
75 param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
76
77 if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
78 || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
79 || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
80 goto err;
81
82 is_private = (d != NULL);
83
84 if (!RSA_set0_key(rsa, n, e, d))
85 goto err;
86 n = e = d = NULL;
87
88 if (is_private) {
89 if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
90 ossl_rsa_mp_factor_names)
91 || !collect_numbers(exps = sk_BIGNUM_new_null(), params,
92 ossl_rsa_mp_exp_names)
93 || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
94 ossl_rsa_mp_coeff_names))
95 goto err;
96
97 /* It's ok if this private key just has n, e and d */
98 if (sk_BIGNUM_num(factors) != 0
99 && !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs))
100 goto err;
101 }
102
103
104 sk_BIGNUM_free(factors);
105 sk_BIGNUM_free(exps);
106 sk_BIGNUM_free(coeffs);
107 return 1;
108
109 err:
110 BN_free(n);
111 BN_free(e);
112 BN_free(d);
113 sk_BIGNUM_pop_free(factors, BN_free);
114 sk_BIGNUM_pop_free(exps, BN_free);
115 sk_BIGNUM_pop_free(coeffs, BN_free);
116 return 0;
117 }
118
DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const,BIGNUM)119 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
120
121 int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
122 {
123 int ret = 0;
124 const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
125 STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
126 STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
127 STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();
128
129 if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL)
130 goto err;
131
132 RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
133 ossl_rsa_get0_all_params(rsa, factors, exps, coeffs);
134
135 if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
136 || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
137 goto err;
138
139 /* Check private key data integrity */
140 if (rsa_d != NULL) {
141 int numprimes = sk_BIGNUM_const_num(factors);
142 int numexps = sk_BIGNUM_const_num(exps);
143 int numcoeffs = sk_BIGNUM_const_num(coeffs);
144
145 /*
146 * It's permissible to have zero primes, i.e. no CRT params.
147 * Otherwise, there must be at least two, as many exponents,
148 * and one coefficient less.
149 */
150 if (numprimes != 0
151 && (numprimes < 2 || numexps < 2 || numcoeffs < 1))
152 goto err;
153
154 if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
155 rsa_d)
156 || !ossl_param_build_set_multi_key_bn(bld, params,
157 ossl_rsa_mp_factor_names,
158 factors)
159 || !ossl_param_build_set_multi_key_bn(bld, params,
160 ossl_rsa_mp_exp_names, exps)
161 || !ossl_param_build_set_multi_key_bn(bld, params,
162 ossl_rsa_mp_coeff_names,
163 coeffs))
164 goto err;
165 }
166
167 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
168 /* The acvp test results are not meant for export so check for bld == NULL */
169 if (bld == NULL)
170 ossl_rsa_acvp_test_get_params(rsa, params);
171 #endif
172 ret = 1;
173 err:
174 sk_BIGNUM_const_free(factors);
175 sk_BIGNUM_const_free(exps);
176 sk_BIGNUM_const_free(coeffs);
177 return ret;
178 }
179
ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 * pss,OSSL_PARAM_BLD * bld,OSSL_PARAM params[])180 int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
181 OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
182 {
183 if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
184 int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
185 int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss);
186 int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
187 int saltlen = ossl_rsa_pss_params_30_saltlen(pss);
188 int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
189 int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
190 int default_maskgenhashalg_nid =
191 ossl_rsa_pss_params_30_maskgenhashalg(NULL);
192 const char *mdname =
193 (hashalg_nid == default_hashalg_nid
194 ? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid));
195 const char *mgfname =
196 (maskgenalg_nid == default_maskgenalg_nid
197 ? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid));
198 const char *mgf1mdname =
199 (maskgenhashalg_nid == default_maskgenhashalg_nid
200 ? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid));
201 const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST;
202 const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC;
203 const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
204 const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
205
206 /*
207 * To ensure that the key isn't seen as unrestricted by the recipient,
208 * we make sure that at least one PSS-related parameter is passed, even
209 * if it has a default value; saltlen.
210 */
211 if ((mdname != NULL
212 && !ossl_param_build_set_utf8_string(bld, params, key_md, mdname))
213 || (mgfname != NULL
214 && !ossl_param_build_set_utf8_string(bld, params,
215 key_mgf, mgfname))
216 || (mgf1mdname != NULL
217 && !ossl_param_build_set_utf8_string(bld, params,
218 key_mgf1_md, mgf1mdname))
219 || (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen)))
220 return 0;
221 }
222 return 1;
223 }
224
ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 * pss_params,int * defaults_set,const OSSL_PARAM params[],OSSL_LIB_CTX * libctx)225 int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
226 int *defaults_set,
227 const OSSL_PARAM params[],
228 OSSL_LIB_CTX *libctx)
229 {
230 const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md, *param_saltlen;
231 const OSSL_PARAM *param_propq;
232 const char *propq = NULL;
233 EVP_MD *md = NULL, *mgf1md = NULL;
234 int saltlen;
235 int ret = 0;
236
237 if (pss_params == NULL)
238 return 0;
239 param_propq =
240 OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
241 param_md =
242 OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
243 param_mgf =
244 OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC);
245 param_mgf1md =
246 OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST);
247 param_saltlen =
248 OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);
249
250 if (param_propq != NULL) {
251 if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
252 propq = param_propq->data;
253 }
254 /*
255 * If we get any of the parameters, we know we have at least some
256 * restrictions, so we start by setting default values, and let each
257 * parameter override their specific restriction data.
258 */
259 if (!*defaults_set
260 && (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL
261 || param_saltlen != NULL)) {
262 if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
263 return 0;
264 *defaults_set = 1;
265 }
266
267 if (param_mgf != NULL) {
268 int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
269 const char *mgfname = NULL;
270
271 if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING)
272 mgfname = param_mgf->data;
273 else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
274 return 0;
275
276 if (strcasecmp(param_mgf->data,
277 ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
278 return 0;
279 }
280
281 /*
282 * We're only interested in the NIDs that correspond to the MDs, so the
283 * exact propquery is unimportant in the EVP_MD_fetch() calls below.
284 */
285
286 if (param_md != NULL) {
287 const char *mdname = NULL;
288
289 if (param_md->data_type == OSSL_PARAM_UTF8_STRING)
290 mdname = param_md->data;
291 else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
292 goto err;
293
294 if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
295 || !ossl_rsa_pss_params_30_set_hashalg(pss_params,
296 ossl_rsa_oaeppss_md2nid(md)))
297 goto err;
298 }
299
300 if (param_mgf1md != NULL) {
301 const char *mgf1mdname = NULL;
302
303 if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING)
304 mgf1mdname = param_mgf1md->data;
305 else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
306 goto err;
307
308 if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
309 || !ossl_rsa_pss_params_30_set_maskgenhashalg(
310 pss_params, ossl_rsa_oaeppss_md2nid(mgf1md)))
311 goto err;
312 }
313
314 if (param_saltlen != NULL) {
315 if (!OSSL_PARAM_get_int(param_saltlen, &saltlen)
316 || !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen))
317 goto err;
318 }
319
320 ret = 1;
321
322 err:
323 EVP_MD_free(md);
324 EVP_MD_free(mgf1md);
325 return ret;
326 }
327
ossl_rsa_is_foreign(const RSA * rsa)328 int ossl_rsa_is_foreign(const RSA *rsa)
329 {
330 #ifndef FIPS_MODULE
331 if (rsa->engine != NULL || RSA_get_method(rsa) != RSA_PKCS1_OpenSSL())
332 return 1;
333 #endif
334 return 0;
335 }
336
rsa_bn_dup_check(BIGNUM ** out,const BIGNUM * f)337 static ossl_inline int rsa_bn_dup_check(BIGNUM **out, const BIGNUM *f)
338 {
339 if (f != NULL && (*out = BN_dup(f)) == NULL)
340 return 0;
341 return 1;
342 }
343
ossl_rsa_dup(const RSA * rsa,int selection)344 RSA *ossl_rsa_dup(const RSA *rsa, int selection)
345 {
346 RSA *dupkey = NULL;
347 #ifndef FIPS_MODULE
348 int pnum, i;
349 #endif
350
351 /* Do not try to duplicate foreign RSA keys */
352 if (ossl_rsa_is_foreign(rsa))
353 return NULL;
354
355 if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL)
356 return NULL;
357
358 /* public key */
359 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
360 if (!rsa_bn_dup_check(&dupkey->n, rsa->n))
361 goto err;
362 if (!rsa_bn_dup_check(&dupkey->e, rsa->e))
363 goto err;
364 }
365
366 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
367
368 /* private key */
369 if (!rsa_bn_dup_check(&dupkey->d, rsa->d))
370 goto err;
371
372 /* factors and crt params */
373 if (!rsa_bn_dup_check(&dupkey->p, rsa->p))
374 goto err;
375 if (!rsa_bn_dup_check(&dupkey->q, rsa->q))
376 goto err;
377 if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1))
378 goto err;
379 if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1))
380 goto err;
381 if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp))
382 goto err;
383 }
384
385 dupkey->version = rsa->version;
386 dupkey->flags = rsa->flags;
387 /* we always copy the PSS parameters regardless of selection */
388 dupkey->pss_params = rsa->pss_params;
389
390 #ifndef FIPS_MODULE
391 /* multiprime */
392 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0
393 && (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) {
394 dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
395 if (dupkey->prime_infos == NULL)
396 goto err;
397 for (i = 0; i < pnum; i++) {
398 const RSA_PRIME_INFO *pinfo = NULL;
399 RSA_PRIME_INFO *duppinfo = NULL;
400
401 if ((duppinfo = OPENSSL_zalloc(sizeof(*duppinfo))) == NULL) {
402 ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
403 goto err;
404 }
405 /* push first so cleanup in error case works */
406 (void)sk_RSA_PRIME_INFO_push(dupkey->prime_infos, duppinfo);
407
408 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
409 if (!rsa_bn_dup_check(&duppinfo->r, pinfo->r))
410 goto err;
411 if (!rsa_bn_dup_check(&duppinfo->d, pinfo->d))
412 goto err;
413 if (!rsa_bn_dup_check(&duppinfo->t, pinfo->t))
414 goto err;
415 }
416 if (!ossl_rsa_multip_calc_product(dupkey))
417 goto err;
418 }
419
420 if (rsa->pss != NULL) {
421 dupkey->pss = RSA_PSS_PARAMS_dup(rsa->pss);
422 if (rsa->pss->maskGenAlgorithm != NULL
423 && dupkey->pss->maskGenAlgorithm == NULL) {
424 dupkey->pss->maskHash = ossl_x509_algor_mgf1_decode(rsa->pss->maskGenAlgorithm);
425 if (dupkey->pss->maskHash == NULL)
426 goto err;
427 }
428 }
429 if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA,
430 &dupkey->ex_data, &rsa->ex_data))
431 goto err;
432 #endif
433
434 return dupkey;
435
436 err:
437 RSA_free(dupkey);
438 return NULL;
439 }
440
441 #ifndef FIPS_MODULE
ossl_rsa_pss_decode(const X509_ALGOR * alg)442 RSA_PSS_PARAMS *ossl_rsa_pss_decode(const X509_ALGOR *alg)
443 {
444 RSA_PSS_PARAMS *pss;
445
446 pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
447 alg->parameter);
448
449 if (pss == NULL)
450 return NULL;
451
452 if (pss->maskGenAlgorithm != NULL) {
453 pss->maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm);
454 if (pss->maskHash == NULL) {
455 RSA_PSS_PARAMS_free(pss);
456 return NULL;
457 }
458 }
459
460 return pss;
461 }
462
ossl_rsa_sync_to_pss_params_30(RSA * rsa)463 static int ossl_rsa_sync_to_pss_params_30(RSA *rsa)
464 {
465 const RSA_PSS_PARAMS *legacy_pss = NULL;
466 RSA_PSS_PARAMS_30 *pss = NULL;
467
468 if (rsa != NULL
469 && (legacy_pss = RSA_get0_pss_params(rsa)) != NULL
470 && (pss = ossl_rsa_get0_pss_params_30(rsa)) != NULL) {
471 const EVP_MD *md = NULL, *mgf1md = NULL;
472 int md_nid, mgf1md_nid, saltlen, trailerField;
473 RSA_PSS_PARAMS_30 pss_params;
474
475 /*
476 * We don't care about the validity of the fields here, we just
477 * want to synchronise values. Verifying here makes it impossible
478 * to even read a key with invalid values, making it hard to test
479 * a bad situation.
480 *
481 * Other routines use ossl_rsa_pss_get_param(), so the values will
482 * be checked, eventually.
483 */
484 if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md,
485 &saltlen, &trailerField))
486 return 0;
487 md_nid = EVP_MD_get_type(md);
488 mgf1md_nid = EVP_MD_get_type(mgf1md);
489 if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
490 || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
491 || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
492 mgf1md_nid)
493 || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
494 || !ossl_rsa_pss_params_30_set_trailerfield(&pss_params,
495 trailerField))
496 return 0;
497 *pss = pss_params;
498 }
499 return 1;
500 }
501
ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS * pss,const EVP_MD ** pmd,const EVP_MD ** pmgf1md,int * psaltlen,int * ptrailerField)502 int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
503 const EVP_MD **pmd, const EVP_MD **pmgf1md,
504 int *psaltlen, int *ptrailerField)
505 {
506 RSA_PSS_PARAMS_30 pss_params;
507
508 /* Get the defaults from the ONE place */
509 (void)ossl_rsa_pss_params_30_set_defaults(&pss_params);
510
511 if (pss == NULL)
512 return 0;
513 *pmd = ossl_x509_algor_get_md(pss->hashAlgorithm);
514 if (*pmd == NULL)
515 return 0;
516 *pmgf1md = ossl_x509_algor_get_md(pss->maskHash);
517 if (*pmgf1md == NULL)
518 return 0;
519 if (pss->saltLength)
520 *psaltlen = ASN1_INTEGER_get(pss->saltLength);
521 else
522 *psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params);
523 if (pss->trailerField)
524 *ptrailerField = ASN1_INTEGER_get(pss->trailerField);
525 else
526 *ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);;
527
528 return 1;
529 }
530
ossl_rsa_param_decode(RSA * rsa,const X509_ALGOR * alg)531 int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
532 {
533 RSA_PSS_PARAMS *pss;
534 const ASN1_OBJECT *algoid;
535 const void *algp;
536 int algptype;
537
538 X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
539 if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
540 return 1;
541 if (algptype == V_ASN1_UNDEF)
542 return 1;
543 if (algptype != V_ASN1_SEQUENCE) {
544 ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS);
545 return 0;
546 }
547 if ((pss = ossl_rsa_pss_decode(alg)) == NULL
548 || !ossl_rsa_set0_pss_params(rsa, pss)) {
549 RSA_PSS_PARAMS_free(pss);
550 return 0;
551 }
552 if (!ossl_rsa_sync_to_pss_params_30(rsa))
553 return 0;
554 return 1;
555 }
556
ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO * p8inf,OSSL_LIB_CTX * libctx,const char * propq)557 RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf,
558 OSSL_LIB_CTX *libctx, const char *propq)
559 {
560 const unsigned char *p;
561 RSA *rsa;
562 int pklen;
563 const X509_ALGOR *alg;
564
565 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8inf))
566 return 0;
567 rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
568 if (rsa == NULL) {
569 ERR_raise(ERR_LIB_RSA, ERR_R_RSA_LIB);
570 return NULL;
571 }
572 if (!ossl_rsa_param_decode(rsa, alg)) {
573 RSA_free(rsa);
574 return NULL;
575 }
576
577 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
578 switch (OBJ_obj2nid(alg->algorithm)) {
579 case EVP_PKEY_RSA:
580 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
581 break;
582 case EVP_PKEY_RSA_PSS:
583 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
584 break;
585 default:
586 /* Leave the type bits zero */
587 break;
588 }
589
590 return rsa;
591 }
592 #endif
593