New RSA keymgmt implementation to handle import / export of RSA keys
authorRichard Levitte <levitte@openssl.org>
Tue, 15 Oct 2019 19:31:45 +0000 (21:31 +0200)
committerRichard Levitte <levitte@openssl.org>
Thu, 17 Oct 2019 16:07:45 +0000 (18:07 +0200)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)

crypto/rsa/rsa_ameth.c
crypto/rsa/rsa_gen.c
crypto/rsa/rsa_lib.c
crypto/rsa/rsa_local.h
crypto/rsa/rsa_sp800_56b_gen.c
crypto/rsa/rsa_x931g.c
include/openssl/core_names.h
providers/defltprov.c
providers/implementations/include/prov/implementations.h
providers/implementations/keymgmt/build.info
providers/implementations/keymgmt/rsa_kmgmt.c [new file with mode: 0644]

index 69e7c5ea1ae3a2d4814fd4762d96208bf2e8ae1d..d2f976f6814a33f8e2313f77f9081b450060a0a6 100644 (file)
 #include <openssl/x509.h>
 #include <openssl/bn.h>
 #include <openssl/cms.h>
+#include <openssl/core_names.h>
+#include "internal/param_build.h"
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
+#include "crypto/rsa.h"
 #include "rsa_local.h"
 
 #ifndef OPENSSL_NO_CMS
@@ -1045,6 +1048,114 @@ static int rsa_pkey_check(const EVP_PKEY *pkey)
     return RSA_check_key_ex(pkey->pkey.rsa, NULL);
 }
 
+static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
+{
+    return pkey->pkey.rsa->dirty_cnt;
+}
+
+DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
+
+static void *rsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
+                                int want_domainparams)
+{
+    RSA *rsa = pk->pkey.rsa;
+    OSSL_PARAM_BLD tmpl;
+    const BIGNUM *n = RSA_get0_n(rsa), *e = RSA_get0_e(rsa);
+    const BIGNUM *d = RSA_get0_d(rsa);
+    STACK_OF(BIGNUM_const) *primes = NULL, *exps = NULL, *coeffs = NULL;
+    int numprimes = 0, numexps = 0, numcoeffs = 0;
+    OSSL_PARAM *params = NULL;
+    void *provkey = NULL;
+
+    /*
+     * There are no domain parameters for RSA keys, or rather, they are
+     * included in the key data itself.
+     */
+    if (want_domainparams)
+        goto err;
+
+    /* Get all the primes and CRT params */
+    if ((primes = sk_BIGNUM_const_new_null()) == NULL
+        || (exps = sk_BIGNUM_const_new_null()) == NULL
+        || (coeffs = sk_BIGNUM_const_new_null()) == NULL)
+        goto err;
+
+    if (!rsa_get0_all_params(rsa, primes, exps, coeffs))
+        goto err;
+
+    /* Public parameters must always be present */
+    if (n == NULL || e == NULL)
+        goto err;
+
+    if (d != NULL) {
+        /* It's a private key, so we should have everything else too */
+        numprimes = sk_BIGNUM_const_num(primes);
+        numexps = sk_BIGNUM_const_num(exps);
+        numcoeffs = sk_BIGNUM_const_num(coeffs);
+
+        if (numprimes < 2 || numexps < 2 || numcoeffs < 1)
+            goto err;
+
+        /*
+         * assert that an OSSL_PARAM_BLD has enough space.
+         * (the current 10 places doesn't have space for multi-primes)
+         */
+        if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1
+                         + numprimes + numexps + numcoeffs
+                         <= OSSL_PARAM_BLD_MAX))
+            goto err;
+    }
+
+    ossl_param_bld_init(&tmpl);
+    if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_N, n)
+        || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_E, e))
+        goto err;
+
+    if (d != NULL) {
+        int i;
+
+        if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_D, d))
+            goto err;
+
+        for (i = 0; i < numprimes; i++) {
+            const BIGNUM *num = sk_BIGNUM_const_value(primes, i);
+
+            if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_FACTOR,
+                                        num))
+                goto err;
+        }
+
+        for (i = 0; i < numexps; i++) {
+            const BIGNUM *num = sk_BIGNUM_const_value(exps, i);
+
+            if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT,
+                                        num))
+                goto err;
+        }
+
+        for (i = 0; i < numcoeffs; i++) {
+            const BIGNUM *num = sk_BIGNUM_const_value(coeffs, i);
+
+            if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_COEFFICIENT,
+                                        num))
+                goto err;
+        }
+    }
+
+    if ((params = ossl_param_bld_to_param(&tmpl)) == NULL)
+        goto err;
+
+    /* We export, the provider imports */
+    provkey = evp_keymgmt_importkey(keymgmt, params);
+
+ err:
+    sk_BIGNUM_const_free(primes);
+    sk_BIGNUM_const_free(exps);
+    sk_BIGNUM_const_free(coeffs);
+    ossl_param_bld_free(params);
+    return provkey;
+}
+
 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
     {
      EVP_PKEY_RSA,
@@ -1077,7 +1188,13 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
      rsa_item_verify,
      rsa_item_sign,
      rsa_sig_info_set,
-     rsa_pkey_check
+     rsa_pkey_check,
+
+     0, 0,
+     0, 0, 0, 0,
+
+     rsa_pkey_dirty_cnt,
+     rsa_pkey_export_to
     },
 
     {
@@ -1116,5 +1233,11 @@ const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
      rsa_item_verify,
      rsa_item_sign,
      0,
-     rsa_pkey_check
+     rsa_pkey_check,
+
+     0, 0,
+     0, 0, 0, 0,
+
+     rsa_pkey_dirty_cnt,
+     rsa_pkey_export_to
 };
index c87b709722c7a017ca2103ac229d3e6a58600905..cb2abff6a1b6ed54ada3261736eb7ab446bb030d 100644 (file)
@@ -108,6 +108,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
     for (i = 0; i < primes; i++)
         bitsr[i] = (i < rmd) ? quo + 1 : quo;
 
+    rsa->dirty_cnt++;
+
     /* We need the RSA components non-NULL */
     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
         goto err;
index 17ff7e76863554523cd0b113a7b38fd9b3241639..353b9d872568d09d1e09a89326ccba9a03020fb6 100644 (file)
@@ -328,6 +328,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
         r->d = d;
         BN_set_flags(r->d, BN_FLG_CONSTTIME);
     }
+    r->dirty_cnt++;
 
     return 1;
 }
@@ -351,6 +352,7 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
         r->q = q;
         BN_set_flags(r->q, BN_FLG_CONSTTIME);
     }
+    r->dirty_cnt++;
 
     return 1;
 }
@@ -380,6 +382,7 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
         r->iqmp = iqmp;
         BN_set_flags(r->iqmp, BN_FLG_CONSTTIME);
     }
+    r->dirty_cnt++;
 
     return 1;
 }
@@ -444,6 +447,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
     }
 
     r->version = RSA_ASN1_VERSION_MULTI;
+    r->dirty_cnt++;
 
     return 1;
  err:
index 204fde29fa433046fafe73ebef8f04d444d32a4c..ae71567f7a58d6d412e3a9d325ebffbc1856889a 100644 (file)
@@ -66,6 +66,8 @@ struct rsa_st {
     BN_BLINDING *blinding;
     BN_BLINDING *mt_blinding;
     CRYPTO_RWLOCK *lock;
+
+    int dirty_cnt;
 };
 
 struct rsa_meth_st {
index c22b10cfbded34d52c0a7a1ca6011af5f9177fba..5474aaa4b5b66c07febf881cdb4caedd77ed94bc 100644 (file)
@@ -118,6 +118,7 @@ int rsa_fips186_4_gen_prob_primes(RSA *rsa, BIGNUM *p1, BIGNUM *p2,
             continue;
         break; /* successfully finished */
     }
+    rsa->dirty_cnt++;
     ret = 1;
 err:
     /* Zeroize any internally generated values that are not returned */
@@ -239,6 +240,7 @@ int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits,
             || BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx) == NULL)
         goto err;
 
+    rsa->dirty_cnt++;
     ret = 1;
 err:
     if (ret != 1) {
index 3798d02b55bfc5c2b34261a12783e8f0ee69ea11..1f6042a3d2cb0e5752694ecc230a4f4b9466a979 100644 (file)
@@ -131,6 +131,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
     if (rsa->iqmp == NULL)
         goto err;
 
+    rsa->dirty_cnt++;
     ret = 1;
  err:
     BN_CTX_end(ctx);
@@ -184,6 +185,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
                             NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
         goto error;
 
+    rsa->dirty_cnt++;
     ok = 1;
 
  error:
index f0e6334d89b9fe279e740188f79894760872a20a..e7e5ea060effa1345c5359f83c88a5cd3674731c 100644 (file)
@@ -159,6 +159,27 @@ extern "C" {
 #define OSSL_PKEY_PARAM_DSA_PUB_KEY  "pub"
 #define OSSL_PKEY_PARAM_DSA_PRIV_KEY "priv"
 
+/* RSA Keys */
+/*
+ * n, e, d are the usual public and private key components
+ *
+ * rsa-num is the number of factors, including p and q
+ * rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
+ * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
+ * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
+ *
+ * The number of rsa-factor items must be equal to the number of rsa-exponent
+ * items, and the number of rsa-coefficients must be one less.
+ * (the base i for the coefficients is 2, not 1, at least as implied by
+ * RFC 8017)
+ */
+#define OSSL_PKEY_PARAM_RSA_N           "n"
+#define OSSL_PKEY_PARAM_RSA_E           "e"
+#define OSSL_PKEY_PARAM_RSA_D           "d"
+#define OSSL_PKEY_PARAM_RSA_FACTOR      "rsa-factor"
+#define OSSL_PKEY_PARAM_RSA_EXPONENT    "rsa-exponent"
+#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient"
+
 /* Key Exchange parameters */
 
 #define OSSL_EXCHANGE_PARAM_PAD      "pad" /* uint */
index 2d457ae53f63cbe0b18aaa33d1edac7b8d1d7dfe..8104227fffa240d1f0400ea79476e70c34961645 100644 (file)
@@ -364,6 +364,7 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
 #ifndef OPENSSL_NO_DSA
     { "DSA", "default=yes", dsa_keymgmt_functions },
 #endif
+    { "RSA", "default=yes", rsa_keymgmt_functions },
     { NULL, NULL, NULL }
 };
 
index 44b0a6fbc222bfcc2aae7a6501ada88b1a72ecb0..16f212911509790b27503e648aea35e7cb2a4f79 100644 (file)
@@ -241,6 +241,7 @@ extern const OSSL_DISPATCH kdf_x942_kdf_functions[];
 /* Key management */
 extern const OSSL_DISPATCH dh_keymgmt_functions[];
 extern const OSSL_DISPATCH dsa_keymgmt_functions[];
+extern const OSSL_DISPATCH rsa_keymgmt_functions[];
 
 /* Key Exchange */
 extern const OSSL_DISPATCH dh_keyexch_functions[];
index dc6039b02d5e483f7d3b07a20901002dd0f56afe..f4a9d1a5deb95a3d3c749a3b13da8de6648a4388 100644 (file)
@@ -3,6 +3,7 @@
 
 $DH_GOAL=../../libimplementations.a
 $DSA_GOAL=../../libimplementations.a
+$RSA_GOAL=../../libimplementations.a
 
 IF[{- !$disabled{dh} -}]
   SOURCE[$DH_GOAL]=dh_kmgmt.c
@@ -10,3 +11,4 @@ ENDIF
 IF[{- !$disabled{dsa} -}]
   SOURCE[$DSA_GOAL]=dsa_kmgmt.c
 ENDIF
+SOURCE[$RSA_GOAL]=rsa_kmgmt.c
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
new file mode 100644 (file)
index 0000000..aaa9815
--- /dev/null
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/params.h>
+#include <openssl/types.h>
+#include "prov/implementations.h"
+#include "crypto/rsa.h"
+
+static OSSL_OP_keymgmt_importkey_fn rsa_importkey;
+static OSSL_OP_keymgmt_exportkey_fn rsa_exportkey;
+
+DEFINE_STACK_OF(BIGNUM)
+DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
+
+static int collect_numbers(STACK_OF(BIGNUM) *numbers,
+                           const OSSL_PARAM params[], const char *key)
+{
+    const OSSL_PARAM *p = NULL;
+
+    if (numbers == NULL)
+        return 0;
+
+    for (p = params; (p = OSSL_PARAM_locate_const(p, key)) != NULL; p++) {
+        BIGNUM *tmp = NULL;
+
+        if (!OSSL_PARAM_get_BN(p, &tmp))
+            return 0;
+        sk_BIGNUM_push(numbers, tmp);
+    }
+
+    return 1;
+}
+
+static int params_to_key(RSA *rsa, const OSSL_PARAM params[])
+{
+    const OSSL_PARAM *param_n, *param_e,  *param_d;
+    BIGNUM *n = NULL, *e = NULL, *d = NULL;
+    STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
+    int is_private = 0;
+
+    if (rsa == NULL)
+        return 0;
+
+    param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
+    param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
+    param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
+
+    if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
+        || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
+        || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
+        goto err;
+
+    is_private = (d != NULL);
+
+    if (!RSA_set0_key(rsa, n, e, d))
+        goto err;
+    n = e = d = NULL;
+
+    if (is_private) {
+        if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
+                             OSSL_PKEY_PARAM_RSA_FACTOR)
+            || !collect_numbers(exps = sk_BIGNUM_new_null(), params,
+                                OSSL_PKEY_PARAM_RSA_EXPONENT)
+            || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
+                                OSSL_PKEY_PARAM_RSA_COEFFICIENT))
+            goto err;
+
+        /* It's ok if this private key just has n, e and d */
+        if (sk_BIGNUM_num(factors) != 0
+            && !rsa_set0_all_params(rsa, factors, exps, coeffs))
+            goto err;
+    }
+
+    sk_BIGNUM_free(factors);
+    sk_BIGNUM_free(exps);
+    sk_BIGNUM_free(coeffs);
+    return 1;
+
+ err:
+    BN_free(n);
+    BN_free(e);
+    BN_free(d);
+    sk_BIGNUM_pop_free(factors, BN_free);
+    sk_BIGNUM_pop_free(exps, BN_free);
+    sk_BIGNUM_pop_free(coeffs, BN_free);
+    return 0;
+}
+
+static int export_numbers(OSSL_PARAM params[], const char *key,
+                          STACK_OF(BIGNUM_const) *numbers)
+{
+    OSSL_PARAM *p = NULL;
+    int i, nnum;
+
+    if (numbers == NULL)
+        return 0;
+
+    nnum = sk_BIGNUM_const_num(numbers);
+
+    for (p = params, i = 0;
+         i < nnum && (p = OSSL_PARAM_locate(p, key)) != NULL;
+         p++, i++) {
+        if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(numbers, i)))
+            return 0;
+    }
+
+    /*
+     * If we didn't export the amount of numbers we have, the caller didn't
+     * specify enough OSSL_PARAM entries named |key|.
+     */
+    return i == nnum;
+}
+
+static int key_to_params(RSA *rsa, OSSL_PARAM params[])
+{
+    int ret = 0;
+    OSSL_PARAM *p;
+    const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
+    STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
+    STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
+    STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();
+
+    if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL)
+        goto err;
+
+    RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
+    rsa_get0_all_params(rsa, factors, exps, coeffs);
+
+    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_N)) != NULL
+        && !OSSL_PARAM_set_BN(p, rsa_n))
+        goto err;
+    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_E)) != NULL
+        && !OSSL_PARAM_set_BN(p, rsa_e))
+        goto err;
+    if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_D)) != NULL
+        && !OSSL_PARAM_set_BN(p, rsa_d))
+        goto err;
+
+    if (!export_numbers(params, OSSL_PKEY_PARAM_RSA_FACTOR, factors)
+        || !export_numbers(params, OSSL_PKEY_PARAM_RSA_EXPONENT, exps)
+        || !export_numbers(params, OSSL_PKEY_PARAM_RSA_COEFFICIENT, coeffs))
+        goto err;
+
+    ret = 1;
+ err:
+    sk_BIGNUM_const_free(factors);
+    sk_BIGNUM_const_free(exps);
+    sk_BIGNUM_const_free(coeffs);
+    return ret;
+}
+
+static void *rsa_importkey(void *provctx, const OSSL_PARAM params[])
+{
+    RSA *rsa;
+
+    if ((rsa = RSA_new()) == NULL
+        || !params_to_key(rsa, params)) {
+        RSA_free(rsa);
+        rsa = NULL;
+    }
+    return rsa;
+}
+
+static int rsa_exportkey(void *key, OSSL_PARAM params[])
+{
+    RSA *rsa = key;
+
+    return rsa != NULL && key_to_params(rsa, params);
+}
+
+/*
+ * This provider can export everything in an RSA key, so we use the exact
+ * same type description for export as for import.  Other providers might
+ * choose to import full keys, but only export the public parts, and will
+ * therefore have the importkey_types and importkey_types functions return
+ * different arrays.
+ */
+static const OSSL_PARAM rsa_key_types[] = {
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0),
+    /* We tolerate up to 10 factors... */
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
+    /* ..., up to 10 CRT exponents... */
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
+    /* ..., and up to 9 CRT coefficients */
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+    OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
+};
+/*
+ * We lied about the amount of factors, exponents and coefficients, the
+ * export and import functions can really deal with an infinite amount
+ * of these numbers.  However, RSA keys with too many primes are futile,
+ * so we at least pretend to have some limits.
+ */
+
+static const OSSL_PARAM *rsa_exportkey_types(void)
+{
+    return rsa_key_types;
+}
+
+static const OSSL_PARAM *rsa_importkey_types(void)
+{
+    return rsa_key_types;
+}
+
+const OSSL_DISPATCH rsa_keymgmt_functions[] = {
+    { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))rsa_importkey },
+    { OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES, (void (*)(void))rsa_importkey_types },
+    { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))rsa_exportkey },
+    { OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES, (void (*)(void))rsa_exportkey_types },
+    { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))RSA_free },
+    { 0, NULL }
+};