Parse RSAPrivateKey with CBS.

This removes the version field from RSA and instead handles versioning
as part of parsing. (As a bonus, we now correctly limit multi-prime RSA
to version 1 keys.)

Most consumers are also converted. old_rsa_priv_{de,en}code are left
alone for now. Those hooks are passed in parameters which match the old
d2i/i2d pattern (they're only used in d2i_PrivateKey and

Include a test which, among other things, checks that public keys being
serialized as private keys are handled properly.


Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08
Reviewed-by: Adam Langley <>
diff --git a/crypto/evp/ b/crypto/evp/
index 674547d..9c955fa 100644
--- a/crypto/evp/
+++ b/crypto/evp/
@@ -322,8 +322,8 @@
 static ScopedEVP_PKEY LoadExampleRSAKey() {
-  const uint8_t *derp = kExampleRSAKeyDER;
-  ScopedRSA rsa(d2i_RSAPrivateKey(nullptr, &derp, sizeof(kExampleRSAKeyDER)));
+  ScopedRSA rsa(RSA_private_key_from_bytes(kExampleRSAKeyDER,
+                                           sizeof(kExampleRSAKeyDER)));
   if (!rsa) {
     return nullptr;