Browse Source

Drop OPENSSL_NO_RSA everywhere

The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
master
Richard Levitte 1 year ago
parent
commit
3a1ee3c199
43 changed files with 337 additions and 489 deletions
  1. +2
    -2
      Configure
  2. +1
    -3
      apps/lib/apps.c
  3. +0
    -3
      apps/list.c
  4. +3
    -8
      apps/req.c
  5. +1
    -3
      apps/s_server.c
  6. +30
    -27
      apps/speed.c
  7. +1
    -3
      apps/x509.c
  8. +1
    -3
      crypto/asn1/asn1_item_list.h
  9. +0
    -2
      crypto/asn1/d2i_pu.c
  10. +0
    -2
      crypto/asn1/i2d_evp.c
  11. +0
    -4
      crypto/asn1/standard_methods.h
  12. +0
    -4
      crypto/engine/eng_fat.c
  13. +0
    -2
      crypto/engine/eng_list.c
  14. +0
    -2
      crypto/engine/eng_openssl.c
  15. +0
    -2
      crypto/err/err_all.c
  16. +0
    -4
      crypto/evp/p_dec.c
  17. +0
    -4
      crypto/evp/p_enc.c
  18. +0
    -4
      crypto/evp/pmeth_lib.c
  19. +2
    -6
      crypto/pem/pem_all.c
  20. +1
    -6
      crypto/pem/pem_info.c
  21. +2
    -5
      crypto/x509/x_all.c
  22. +0
    -2
      crypto/x509/x_pubkey.c
  23. +0
    -2
      engines/e_devcrypto.c
  24. +0
    -2
      include/crypto/evp.h
  25. +1
    -7
      include/openssl/evp.h
  26. +0
    -2
      include/openssl/pem.h
  27. +89
    -91
      include/openssl/rsa.h
  28. +4
    -12
      include/openssl/ssl.h.in
  29. +0
    -6
      include/openssl/x509.h.in
  30. +0
    -7
      providers/fips/self_test_data.inc
  31. +0
    -4
      ssl/s3_lib.c
  32. +0
    -4
      ssl/ssl_ciph.c
  33. +0
    -7
      ssl/statem/statem_clnt.c
  34. +0
    -6
      ssl/statem/statem_srvr.c
  35. +0
    -10
      test/acvp_test.c
  36. +0
    -3
      test/acvp_test.inc
  37. +0
    -4
      test/evp_test.c
  38. +2
    -6
      test/rsa_mp_test.c
  39. +2
    -10
      test/rsa_sp800_56b_test.c
  40. +2
    -10
      test/rsa_test.c
  41. +1
    -3
      test/ssl_old_test.c
  42. +186
    -186
      util/libcrypto.num
  43. +6
    -6
      util/libssl.num

+ 2
- 2
Configure View File

@ -75,7 +75,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
# 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# no-<cipher> build without specified algorithm (dsa, idea, rc5, ...)
# -<xxx> +<xxx> All options which are unknown to the 'Configure' script are
# /<xxx> passed through to the compiler. Unix-style options beginning
# with a '-' or '+' are recognized, as well as Windows-style
@ -292,7 +292,7 @@ $config{perlargv} = [ @argvcopy ];
# 'unshift' adds at the front of the list (i.e. in reverse input order).
foreach ( reverse sort( 'aes', 'aria', 'bf', 'camellia', 'cast', 'des', 'dh',
'dsa', 'ec', 'hmac', 'idea', 'md2', 'md5', 'mdc2',
'rc2', 'rc4', 'rc5', 'ripemd', 'rsa', 'seed', 'sha',
'rc2', 'rc4', 'rc5', 'ripemd', 'seed', 'sha',
'sm2', 'sm3', 'sm4') ) {
unshift @argvcopy, "no-$_" if ! -d catdir($srcdir, 'crypto', $_);
}


+ 1
- 3
apps/lib/apps.c View File

@ -34,9 +34,7 @@
#include <openssl/pkcs12.h>
#include <openssl/ui.h>
#include <openssl/safestack.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/ssl.h>
#include <openssl/store.h>


+ 0
- 3
apps/list.c View File

@ -1261,9 +1261,6 @@ static void list_disabled(void)
#ifdef OPENSSL_NO_RMD160
BIO_puts(bio_out, "RMD160\n");
#endif
#ifdef OPENSSL_NO_RSA
BIO_puts(bio_out, "RSA\n");
#endif
#ifdef OPENSSL_NO_SCRYPT
BIO_puts(bio_out, "SCRYPT\n");
#endif


+ 3
- 8
apps/req.c View File

@ -25,9 +25,7 @@
#include <openssl/pem.h>
#include <openssl/bn.h>
#include <openssl/lhash.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#include <openssl/rsa.h>
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
@ -939,7 +937,6 @@ int req_main(int argc, char **argv)
goto end;
}
fprintf(stdout, "Modulus=");
#ifndef OPENSSL_NO_RSA
if (EVP_PKEY_is_a(tpubkey, "RSA")) {
BIGNUM *n;
@ -947,9 +944,9 @@ int req_main(int argc, char **argv)
EVP_PKEY_get_bn_param(pkey, "n", &n);
BN_print(out, n);
BN_free(n);
} else
#endif
} else {
fprintf(stdout, "Wrong Algorithm type");
}
fprintf(stdout, "\n");
}
@ -1596,7 +1593,6 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
EVP_PKEY_CTX_free(gctx);
return NULL;
}
#ifndef OPENSSL_NO_RSA
if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
BIO_puts(bio_err, "Error setting RSA keysize\n");
@ -1605,7 +1601,6 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
return NULL;
}
}
#endif
return gctx;
}


+ 1
- 3
apps/s_server.c View File

@ -48,9 +48,7 @@ typedef unsigned int u_int;
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#include <openssl/rsa.h>
#ifndef OPENSSL_NO_SRP
# include <openssl/srp.h>
#endif


+ 30
- 27
apps/speed.c View File

@ -101,7 +101,7 @@
#ifndef OPENSSL_NO_CAST
# include <openssl/cast.h>
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
# include <openssl/rsa.h>
# include "./testrsa.h"
#endif
@ -155,9 +155,10 @@ static int usertime = 1;
static double Time_F(int s);
static void print_message(const char *s, long num, int length, int tm);
#if (!defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
|| (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
|| !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
#if !defined(OPENSSL_NO_DEPRECATED_3_0) \
|| !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_DH) \
|| !defined(OPENSSL_NO_EC)
static void pkey_print_message(const char *str, const char *str2,
long num, unsigned int bits, int sec);
#endif
@ -433,7 +434,7 @@ static const OPT_PAIR dsa_choices[DSA_NUM] = {
static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_DSA */
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
enum {
R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
R_RSA_15360, RSA_NUM
@ -449,7 +450,7 @@ static const OPT_PAIR rsa_choices[RSA_NUM] = {
};
static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_RSA */
#endif /* OPENSSL_NO_DEPRECATED_3_0 */
#ifndef OPENSSL_NO_DH
enum ff_params_t {
@ -575,7 +576,7 @@ typedef struct loopargs_st {
unsigned char *key;
unsigned int siglen;
size_t sigsize;
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
RSA *rsa_key[RSA_NUM];
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@ -1060,7 +1061,7 @@ static int EVP_CMAC_loop(void *args)
}
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
static int RSA_sign_loop(void *args)
@ -1513,9 +1514,10 @@ int speed_main(int argc, char **argv)
#ifndef NO_FORK
int multi = 0;
#endif
#if (!defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
|| (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
|| !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
#if !defined(OPENSSL_NO_DEPRECATED_3_0) \
|| !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_DH) \
|| !defined(OPENSSL_NO_EC)
long op_count = 1;
#endif
openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
@ -1562,7 +1564,7 @@ int speed_main(int argc, char **argv)
#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
CAMELLIA_KEY camellia_ks[3];
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
static const struct {
const unsigned char *data;
unsigned int length;
@ -1829,7 +1831,7 @@ int speed_main(int argc, char **argv)
doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
continue;
}
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (strcmp(algo, "openssl") == 0) /* just for compatibility */
continue;
if (strncmp(algo, "rsa", 3) == 0) {
@ -2009,15 +2011,15 @@ int speed_main(int argc, char **argv)
memset(doit, 1, sizeof(doit));
doit[D_EVP] = doit[D_EVP_HMAC] = doit[D_EVP_CMAC] = 0;
#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DEPRECATED_3_0)
doit[D_MDC2] = 0;
doit[D_MDC2] = 0;
#endif
#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DEPRECATED_3_0)
doit[D_MD4] = 0;
doit[D_MD4] = 0;
#endif
#if !defined(OPENSSL_NO_RMD160) && !defined(OPENSSL_NO_DEPRECATED_3_0)
doit[D_RMD160] = 0;
doit[D_RMD160] = 0;
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
memset(rsa_doit, 1, sizeof(rsa_doit));
#endif
#ifndef OPENSSL_NO_DH
@ -2044,7 +2046,7 @@ int speed_main(int argc, char **argv)
"You have chosen to measure elapsed time "
"instead of user CPU time.\n");
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
for (i = 0; i < loopargs_len; i++) {
if (primes > RSA_DEFAULT_PRIME_NUM) {
/* for multi-prime RSA, skip this */
@ -2214,7 +2216,7 @@ int speed_main(int argc, char **argv)
c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
}
# if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
# ifndef OPENSSL_NO_DEPRECATED_3_0
rsa_c[R_RSA_512][0] = count / 2000;
rsa_c[R_RSA_512][1] = count / 400;
for (i = 1; i < RSA_NUM; i++) {
@ -2983,7 +2985,7 @@ int speed_main(int argc, char **argv)
if (RAND_bytes(loopargs[i].buf, 36) <= 0)
goto end;
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
for (testnum = 0; testnum < RSA_NUM; testnum++) {
int st = 0;
if (!rsa_doit[testnum])
@ -3073,7 +3075,7 @@ int speed_main(int argc, char **argv)
stop_it(rsa_doit, testnum);
}
}
#endif /* OPENSSL_NO_RSA */
#endif /* OPENSSL_NO_DEPRECATED_3_0 */
for (i = 0; i < loopargs_len; i++)
if (RAND_bytes(loopargs[i].buf, 36) <= 0)
@ -3879,7 +3881,7 @@ int speed_main(int argc, char **argv)
}
printf("\n");
}
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
testnum = 1;
for (k = 0; k < RSA_NUM; k++) {
if (!rsa_doit[k])
@ -4026,7 +4028,7 @@ int speed_main(int argc, char **argv)
OPENSSL_free(loopargs[i].buf_malloc);
OPENSSL_free(loopargs[i].buf2_malloc);
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
for (k = 0; k < RSA_NUM; k++)
RSA_free(loopargs[i].rsa_key[k]);
#endif
@ -4109,9 +4111,10 @@ static void print_message(const char *s, long num, int length, int tm)
#endif
}
#if (!defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
|| (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)) \
|| !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
#if !defined(OPENSSL_NO_DEPRECATED_3_0) \
|| !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_DH) \
|| !defined(OPENSSL_NO_EC)
static void pkey_print_message(const char *str, const char *str2, long num,
unsigned int bits, int tm)
{
@ -4236,7 +4239,7 @@ static int do_multi(int multi, int size_num)
for (j = 0; j < size_num; ++j)
results[alg][j] += atof(sstrsep(&p, sep));
}
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
#ifndef OPENSSL_NO_DEPRECATED_3_0
else if (strncmp(buf, "+F2:", 4) == 0) {
int k;
double d;


+ 1
- 3
apps/x509.c View File

@ -21,9 +21,7 @@
#include <openssl/x509v3.h>
#include <openssl/objects.h>
#include <openssl/pem.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#include <openssl/rsa.h>
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif


+ 1
- 3
crypto/asn1/asn1_item_list.h View File

@ -134,13 +134,11 @@ static ASN1_ITEM_EXP *asn1_item_list[] = {
ASN1_ITEM_ref(POLICY_MAPPING),
ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
ASN1_ITEM_ref(PROXY_POLICY),
#ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_DEPRECATED_3_0
#ifndef OPENSSL_NO_DEPRECATED_3_0
ASN1_ITEM_ref(RSAPrivateKey),
ASN1_ITEM_ref(RSAPublicKey),
ASN1_ITEM_ref(RSA_OAEP_PARAMS),
ASN1_ITEM_ref(RSA_PSS_PARAMS),
# endif
#endif
#ifndef OPENSSL_NO_SCRYPT
ASN1_ITEM_ref(SCRYPT_PARAMS),


+ 0
- 2
crypto/asn1/d2i_pu.c View File

@ -44,14 +44,12 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
}
switch (EVP_PKEY_id(ret)) {
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
goto err;
}
break;
#endif
#ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
/* TMP UGLY CAST */


+ 0
- 2
crypto/asn1/i2d_evp.c View File

@ -107,10 +107,8 @@ int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp)
return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_structures, pp);
}
switch (EVP_PKEY_id(a)) {
#ifndef OPENSSL_NO_RSA
case EVP_PKEY_RSA:
return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
#endif
#ifndef OPENSSL_NO_DSA
case EVP_PKEY_DSA:
return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp);


+ 0
- 4
crypto/asn1/standard_methods.h View File

@ -13,10 +13,8 @@
* is used to search it.
*/
static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
#ifndef OPENSSL_NO_RSA
&rsa_asn1_meths[0],
&rsa_asn1_meths[1],
#endif
#ifndef OPENSSL_NO_DH
&dh_asn1_meth,
#endif
@ -30,9 +28,7 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
#ifndef OPENSSL_NO_EC
&eckey_asn1_meth,
#endif
#ifndef OPENSSL_NO_RSA
&rsa_pss_asn1_meth,
#endif
#ifndef OPENSSL_NO_DH
&dhx_asn1_meth,
#endif


+ 0
- 4
crypto/engine/eng_fat.c View File

@ -20,10 +20,8 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
return 0;
if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
return 0;
#ifndef OPENSSL_NO_RSA
if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
return 0;
#endif
#ifndef OPENSSL_NO_DSA
if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
return 0;
@ -96,9 +94,7 @@ int ENGINE_register_complete(ENGINE *e)
{
ENGINE_register_ciphers(e);
ENGINE_register_digests(e);
#ifndef OPENSSL_NO_RSA
ENGINE_register_RSA(e);
#endif
#ifndef OPENSSL_NO_DSA
ENGINE_register_DSA(e);
#endif


+ 0
- 2
crypto/engine/eng_list.c View File

@ -250,9 +250,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
{
dest->id = src->id;
dest->name = src->name;
#ifndef OPENSSL_NO_RSA
dest->rsa_meth = src->rsa_meth;
#endif
#ifndef OPENSSL_NO_DSA
dest->dsa_meth = src->dsa_meth;
#endif


+ 0
- 2
crypto/engine/eng_openssl.c View File

@ -98,9 +98,7 @@ static int bind_helper(ENGINE *e)
|| !ENGINE_set_name(e, engine_openssl_name)
|| !ENGINE_set_destroy_function(e, openssl_destroy)
#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
# ifndef OPENSSL_NO_RSA
|| !ENGINE_set_RSA(e, RSA_get_default_method())
# endif
# ifndef OPENSSL_NO_DSA
|| !ENGINE_set_DSA(e, DSA_get_default_method())
# endif


+ 0
- 2
crypto/err/err_all.c View File

@ -51,9 +51,7 @@ int err_load_crypto_strings_int(void)
#ifndef OPENSSL_NO_ERR
|| err_load_ERR_strings_int() == 0 /* include error strings for SYSerr */
|| err_load_BN_strings_int() == 0
# ifndef OPENSSL_NO_RSA
|| err_load_RSA_strings_int() == 0
# endif
# ifndef OPENSSL_NO_DH
|| err_load_DH_strings_int() == 0
# endif


+ 0
- 4
crypto/evp/p_dec.c View File

@ -22,11 +22,8 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
{
int ret = -1;
#ifndef OPENSSL_NO_RSA
if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
#endif
ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef OPENSSL_NO_RSA
goto err;
}
@ -34,6 +31,5 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv),
RSA_PKCS1_PADDING);
err:
#endif
return ret;
}

+ 0
- 4
crypto/evp/p_enc.c View File

@ -22,17 +22,13 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
{
int ret = 0;
#ifndef OPENSSL_NO_RSA
if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) {
#endif
ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA);
#ifndef OPENSSL_NO_RSA
goto err;
}
ret =
RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
RSA_PKCS1_PADDING);
err:
#endif
return ret;
}

+ 0
- 4
crypto/evp/pmeth_lib.c View File

@ -49,9 +49,7 @@ static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
/* This array needs to be in order of NIDs */
static pmeth_fn standard_methods[] = {
# ifndef OPENSSL_NO_RSA
ossl_rsa_pkey_method,
# endif
# ifndef OPENSSL_NO_DH
dh_pkey_method,
# endif
@ -61,9 +59,7 @@ static pmeth_fn standard_methods[] = {
# ifndef OPENSSL_NO_EC
ec_pkey_method,
# endif
# ifndef OPENSSL_NO_RSA
ossl_rsa_pss_pkey_method,
# endif
# ifndef OPENSSL_NO_DH
dhx_pkey_method,
# endif


+ 2
- 6
crypto/pem/pem_all.c View File

@ -25,9 +25,7 @@
#include <openssl/dh.h>
#include "pem_local.h"
#ifndef OPENSSL_NO_RSA
static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
#endif
#ifndef OPENSSL_NO_DSA
static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
#endif
@ -46,7 +44,6 @@ IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
#ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_RSA
/*
* We treat RSA or DSA private keys as a special case. For private keys we
* read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract
@ -77,7 +74,7 @@ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
return pkey_get_rsa(pktmp, rsa);
}
# ifndef OPENSSL_NO_STDIO
# ifndef OPENSSL_NO_STDIO
RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
{
@ -86,12 +83,11 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
return pkey_get_rsa(pktmp, rsa);
}
# endif
# endif
IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
# endif
#endif
#ifndef OPENSSL_NO_DSA
static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)


+ 1
- 6
crypto/pem/pem_info.c View File

@ -124,9 +124,7 @@ STACK_OF(X509_INFO)
goto start;
}
pp = &(xi->crl);
} else
#ifndef OPENSSL_NO_RSA
if (strcmp(name, PEM_STRING_RSA) == 0) {
} else if (strcmp(name, PEM_STRING_RSA) == 0) {
d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
if (xi->x_pkey != NULL) {
if (!sk_X509_INFO_push(ret, xi))
@ -147,7 +145,6 @@ STACK_OF(X509_INFO)
if ((int)strlen(header) > 10) /* assume encrypted */
raw = 1;
} else
#endif
#ifndef OPENSSL_NO_DSA
if (strcmp(name, PEM_STRING_DSA) == 0) {
d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
@ -335,13 +332,11 @@ int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc,
goto err;
} else {
/* Add DSA/DH */
#ifndef OPENSSL_NO_RSA
/* normal optionally encrypted stuff */
if (PEM_write_bio_RSAPrivateKey(bp,
EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
enc, kstr, klen, cb, u) <= 0)
goto err;
#endif
}
}


+ 2
- 5
crypto/x509/x_all.c View File

@ -226,9 +226,7 @@ int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req)
return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
}
#ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_STDIO
#ifndef OPENSSL_NO_STDIO
RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
{
return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
@ -260,7 +258,7 @@ int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa)
{
return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
}
# endif
#endif
RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
{
@ -291,7 +289,6 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa)
{
return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
}
#endif
#ifndef OPENSSL_NO_DSA
# ifndef OPENSSL_NO_STDIO


+ 0
- 2
crypto/x509/x_pubkey.c View File

@ -360,7 +360,6 @@ int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp)
/*
* The following are equivalents but which return RSA and DSA keys
*/
#ifndef OPENSSL_NO_RSA
RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
{
EVP_PKEY *pkey;
@ -400,7 +399,6 @@ int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp)
EVP_PKEY_free(pktmp);
return ret;
}
#endif
#ifndef OPENSSL_NO_DSA
DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)


+ 0
- 2
engines/e_devcrypto.c View File

@ -1252,9 +1252,7 @@ static int bind_devcrypto(ENGINE *e) {
* /Richard Levitte, 2017-05-11
*/
#if 0
# ifndef OPENSSL_NO_RSA
&& ENGINE_set_RSA(e, devcrypto_rsa)
# endif
# ifndef OPENSSL_NO_DSA
&& ENGINE_set_DSA(e, devcrypto_dsa)
# endif


+ 0
- 2
include/crypto/evp.h View File

@ -600,9 +600,7 @@ struct evp_pkey_st {
ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
union {
void *ptr;
# ifndef OPENSSL_NO_RSA
struct rsa_st *rsa; /* RSA */
# endif
# ifndef OPENSSL_NO_DSA
struct dsa_st *dsa; /* DSA */
# endif


+ 1
- 7
include/openssl/evp.h View File

@ -481,10 +481,8 @@ typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
int en_de);
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_RSA
# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
(rsa))
# endif
# endif
# ifndef OPENSSL_NO_DSA
@ -765,7 +763,6 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize);
__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
size_t siglen);
# ifndef OPENSSL_NO_RSA
__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
const unsigned char *ek, int ekl,
const unsigned char *iv, EVP_PKEY *priv);
@ -775,7 +772,6 @@ __owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
unsigned char **ek, int *ekl, unsigned char *iv,
EVP_PKEY **pubk, int npubk);
__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
# endif
EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
@ -1243,7 +1239,6 @@ const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_RSA
struct rsa_st;
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
@ -1251,7 +1246,6 @@ OSSL_DEPRECATEDIN_3_0
struct rsa_st *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
OSSL_DEPRECATEDIN_3_0
struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
# endif
# endif
# ifndef OPENSSL_NO_DSA
struct dsa_st;


+ 0
- 2
include/openssl/pem.h View File

@ -444,11 +444,9 @@ DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
DECLARE_PEM_rw(PKCS8, X509_SIG)
DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_RSA
DECLARE_PEM_rw_cb_attr(OSSL_DEPRECATEDIN_3_0, RSAPrivateKey, RSA)
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSAPublicKey, RSA)
DECLARE_PEM_rw_attr(OSSL_DEPRECATEDIN_3_0, RSA_PUBKEY, RSA)
# endif
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DSA


+ 89
- 91
include/openssl/rsa.h View File

@ -18,59 +18,58 @@
# include <openssl/opensslconf.h>
# ifndef OPENSSL_NO_RSA
# include <openssl/asn1.h>
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/types.h>
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/rsaerr.h>
# include <openssl/safestack.h>
# include <openssl/asn1.h>
# include <openssl/bio.h>
# include <openssl/crypto.h>
# include <openssl/types.h>
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# include <openssl/bn.h>
# endif
# include <openssl/rsaerr.h>
# include <openssl/safestack.h>
# ifdef __cplusplus
# ifdef __cplusplus
extern "C" {
# endif
# endif
# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
# endif
# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
# endif
# define RSA_3 0x3L
# define RSA_F4 0x10001L
# define RSA_3 0x3L
# define RSA_F4 0x10001L
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DEPRECATED_3_0
/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048
# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 2048
# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
# endif
# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
# endif
/* exponent limit enforced for "large" modulus only */
# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
# endif
# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
# endif
/* based on RFC 8017 appendix A.1.2 */
# define RSA_ASN1_VERSION_DEFAULT 0
# define RSA_ASN1_VERSION_MULTI 1
# define RSA_ASN1_VERSION_DEFAULT 0
# define RSA_ASN1_VERSION_MULTI 1
# define RSA_DEFAULT_PRIME_NUM 2
# define RSA_DEFAULT_PRIME_NUM 2
# define RSA_METHOD_FLAG_NO_CHECK 0x0001
# define RSA_FLAG_CACHE_PUBLIC 0x0002
# define RSA_FLAG_CACHE_PRIVATE 0x0004
# define RSA_FLAG_BLINDING 0x0008
# define RSA_FLAG_THREAD_SAFE 0x0010
# define RSA_METHOD_FLAG_NO_CHECK 0x0001
# define RSA_FLAG_CACHE_PUBLIC 0x0002
# define RSA_FLAG_CACHE_PRIVATE 0x0004
# define RSA_FLAG_BLINDING 0x0008
# define RSA_FLAG_THREAD_SAFE 0x0010
/*
* This flag means the private key operations will be handled by rsa_mod_exp
* and that they do not depend on the private key components being present:
* for example a key stored in external hardware. Without this flag
* bn_mod_exp gets called when private key components are absent.
*/
# define RSA_FLAG_EXT_PKEY 0x0020
# define RSA_FLAG_EXT_PKEY 0x0020
/*
* new with 0.9.6j and 0.9.7b; the built-in
@ -78,14 +77,14 @@ extern "C" {
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
# define RSA_FLAG_NO_BLINDING 0x0080
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
# define RSA_FLAG_NO_BLINDING 0x0080
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define RSA_FLAG_NO_CONSTTIME 0x0000
# endif
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define RSA_FLAG_NO_CONSTTIME 0x0000
# endif
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
@ -95,9 +94,9 @@ extern "C" {
* faster variable sliding window method to
* be used for all exponents.
*/
# ifndef OPENSSL_NO_DEPRECATED_0_9_8
# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
# endif
# ifndef OPENSSL_NO_DEPRECATED_0_9_8
# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
# endif
/*-
* New with 3.0: use part of the flags to denote exact type of RSA key,
@ -112,10 +111,10 @@ extern "C" {
*
* 4 bits allow for 16 types
*/
# define RSA_FLAG_TYPE_MASK 0xF000
# define RSA_FLAG_TYPE_RSA 0x0000
# define RSA_FLAG_TYPE_RSASSAPSS 0x1000
# define RSA_FLAG_TYPE_RSAESOAEP 0x2000
# define RSA_FLAG_TYPE_MASK 0xF000
# define RSA_FLAG_TYPE_RSA 0x0000
# define RSA_FLAG_TYPE_RSASSAPSS 0x1000
# define RSA_FLAG_TYPE_RSAESOAEP 0x2000
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode);
int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode);
@ -127,19 +126,19 @@ int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits);
int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
# endif
# endif
/* Salt length matches digest */
# define RSA_PSS_SALTLEN_DIGEST -1
# define RSA_PSS_SALTLEN_DIGEST -1
/* Verify only: auto detect salt length */
# define RSA_PSS_SALTLEN_AUTO -2
# define RSA_PSS_SALTLEN_AUTO -2
/* Set salt length to maximum possible */
# define RSA_PSS_SALTLEN_MAX -3
# define RSA_PSS_SALTLEN_MAX -3
/* Old compatible max salt length for sign only */
# define RSA_PSS_SALTLEN_MAX_SIGN -2
# define RSA_PSS_SALTLEN_MAX_SIGN -2
int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
@ -160,47 +159,47 @@ int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name,
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen);
int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \
EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \
0, (void *)(md))
# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
# define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
# define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
# define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
# define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11)
# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11)
# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13)
# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13)
# define RSA_PKCS1_PADDING 1
# define RSA_SSLV23_PADDING 2
# define RSA_NO_PADDING 3
# define RSA_PKCS1_OAEP_PADDING 4
# define RSA_X931_PADDING 5
# define RSA_PKCS1_PADDING 1
# define RSA_SSLV23_PADDING 2
# define RSA_NO_PADDING 3
# define RSA_PKCS1_OAEP_PADDING 4
# define RSA_X931_PADDING 5
/* EVP_PKEY_ only */
# define RSA_PKCS1_PSS_PADDING 6
# define RSA_PKCS1_WITH_TLS_PADDING 7
# define RSA_PKCS1_PSS_PADDING 6
# define RSA_PKCS1_WITH_TLS_PADDING 7
# define RSA_PKCS1_PADDING_SIZE 11
# define RSA_PKCS1_PADDING_SIZE 11
# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
# define RSA_get_app_data(s) RSA_get_ex_data(s,0)
# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
# define RSA_get_app_data(s) RSA_get_ex_data(s,0)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine);
OSSL_DEPRECATEDIN_3_0 int RSA_bits(const RSA *rsa);
@ -246,17 +245,17 @@ OSSL_DEPRECATEDIN_3_0 int RSA_test_flags(const RSA *r, int flags);
OSSL_DEPRECATEDIN_3_0 void RSA_set_flags(RSA *r, int flags);
OSSL_DEPRECATEDIN_3_0 int RSA_get_version(RSA *r);
OSSL_DEPRECATEDIN_3_0 ENGINE *RSA_get0_engine(const RSA *r);
# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
/* Deprecated version */
# ifndef OPENSSL_NO_DEPRECATED_0_9_8
# ifndef OPENSSL_NO_DEPRECATED_0_9_8
OSSL_DEPRECATEDIN_0_9_8 RSA *RSA_generate_key(int bits, unsigned long e, void
(*callback) (int, int, void *),
void *cb_arg);
# endif
# endif
/* New version */
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
BN_GENCB *cb);
/* Multi-prime version */
@ -308,7 +307,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0,
RSA, RSAPublicKey)
DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr(OSSL_DEPRECATEDIN_3_0,
RSA, RSAPrivateKey)
# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
@ -333,10 +332,10 @@ typedef struct rsa_oaep_params_st {
DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_STDIO
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_STDIO
OSSL_DEPRECATEDIN_3_0 int RSA_print_fp(FILE *fp, const RSA *r, int offset);
# endif
# endif
OSSL_DEPRECATEDIN_3_0 int RSA_print(BIO *bp, const RSA *r, int offset);
@ -446,7 +445,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
int sLen);
# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
# define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef)
OSSL_DEPRECATEDIN_3_0 int RSA_set_ex_data(RSA *r, int idx, void *arg);
OSSL_DEPRECATEDIN_3_0 void *RSA_get_ex_data(const RSA *r, int idx);
@ -461,7 +460,7 @@ DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSAPrivateKey)
* result is compliant.
*/
# define RSA_FLAG_FIPS_METHOD 0x0400
# define RSA_FLAG_FIPS_METHOD 0x0400
/*
* If this flag is set the operations normally disabled in FIPS mode are
@ -469,12 +468,12 @@ DECLARE_ASN1_DUP_FUNCTION_name_attr(OSSL_DEPRECATEDIN_3_0, RSA, RSAPrivateKey)
* usage is compliant.
*/
# define RSA_FLAG_NON_FIPS_ALLOW 0x0400
# define RSA_FLAG_NON_FIPS_ALLOW 0x0400
/*
* Application has decided PRNG is good enough to generate a key: don't
* check.
*/
# define RSA_FLAG_CHECKED 0x0800
# define RSA_FLAG_CHECKED 0x0800
OSSL_DEPRECATEDIN_3_0 RSA_METHOD *RSA_meth_new(const char *name, int flags);
OSSL_DEPRECATEDIN_3_0 void RSA_meth_free(RSA_METHOD *meth);
@ -604,8 +603,7 @@ int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
BN_GENCB *cb));
#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
# ifdef __cplusplus
# ifdef __cplusplus
}
# endif
# endif
#endif

+ 4
- 12
include/openssl/ssl.h.in View File

@ -1607,13 +1607,11 @@ __owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
void SSL_set_verify_depth(SSL *s, int depth);
void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
# ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0 __owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
OSSL_DEPRECATEDIN_3_0
__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl,
const unsigned char *d, long len);
# endif
# endif
__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
@ -1636,22 +1634,18 @@ __owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
size_t serverinfo_length);
__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
#ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_DEPRECATED_3_0
#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
# endif
#endif
__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
#ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_DEPRECATED_3_0
#ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file,
int type);
# endif
#endif
__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file,
int type);
@ -1761,14 +1755,12 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
void *arg);
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
void *arg);
# ifndef OPENSSL_NO_RSA
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DEPRECATED_3_0
OSSL_DEPRECATEDIN_3_0
__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
OSSL_DEPRECATEDIN_3_0
__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
long len);
# endif
# endif
__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,


+ 0
- 6
include/openssl/x509.h.in View File

@ -415,14 +415,12 @@ int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl);
X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req);
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_RSA
OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa);
OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa);
OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa);
# endif
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DSA
@ -461,14 +459,12 @@ int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl);
X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req);
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_RSA
OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
OSSL_DEPRECATEDIN_3_0 int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa);
OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
OSSL_DEPRECATEDIN_3_0 int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa);
OSSL_DEPRECATEDIN_3_0 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
OSSL_DEPRECATEDIN_3_0 int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa);
# endif
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DSA
@ -552,9 +548,7 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_only(EVP_PKEY, PUBKEY)
EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length,
OSSL_LIB_CTX *libctx, const char *propq);
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_RSA
DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr(OSSL_DEPRECATEDIN_3_0,RSA, RSA_PUBKEY)
# endif
# endif
# ifndef OPENSSL_NO_DEPRECATED_3_0
# ifndef OPENSSL_NO_DSA


+ 0
- 7
providers/fips/self_test_data.inc View File

@ -1008,7 +1008,6 @@ static const ST_KAT_KAS st_kat_kas_tests[] =
};
#endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */
#if !defined(OPENSSL_NO_RSA)
/* RSA key data */
static const unsigned char rsa_n[] = {
0xDB, 0x10, 0x1A, 0xC2, 0xA3, 0xF1, 0xDC, 0xFF,
@ -1275,8 +1274,6 @@ static const unsigned char rsa_asym_expected_encrypt[256] = {
0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
};
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_EC
/* ECDSA key data */
static const char ecd_curve_name[] = "secp224r1";
@ -1433,7 +1430,6 @@ static const ST_KAT_PARAM dsa_key[] = {
#endif /* OPENSSL_NO_DSA */
static const ST_KAT_SIGN st_kat_sign_tests[] = {
#ifndef OPENSSL_NO_RSA
{
OSSL_SELF_TEST_DESC_SIGN_RSA,
"RSA",
@ -1441,7 +1437,6 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
rsa_crt_key,
ITM(rsa_expected_sig)
},
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_EC
{
OSSL_SELF_TEST_DESC_SIGN_ECDSA,
@ -1469,7 +1464,6 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
};
static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
#ifndef OPENSSL_NO_RSA
{
OSSL_SELF_TEST_DESC_ASYM_RSA_ENC,
"RSA",
@ -1497,5 +1491,4 @@ static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
ITM(rsa_asym_expected_encrypt),
ITM(rsa_asym_plaintext_encrypt),
},
#endif /* OPENSSL_NO_RSA */
};

+ 0
- 4
ssl/s3_lib.c View File

@ -4386,20 +4386,16 @@ int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
#ifndef OPENSSL_NO_DH
# ifndef OPENSSL_NO_RSA
if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
return 0;
# endif
# ifndef OPENSSL_NO_DSA
if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
return 0;
# endif
#endif /* !OPENSSL_NO_DH */
}
#ifndef OPENSSL_NO_RSA
if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
return 0;
#endif
#ifndef OPENSSL_NO_DSA
if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
return 0;


+ 0
- 4
ssl/ssl_ciph.c View File

@ -354,10 +354,6 @@ int ssl_load_ciphers(SSL_CTX *ctx)
ctx->disabled_mkey_mask = 0;
ctx->disabled_auth_mask = 0;
#ifdef OPENSSL_NO_RSA
ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
dctx->isabled_auth_mask |= SSL_aRSA;
#endif
#ifdef OPENSSL_NO_DSA
ctx->disabled_auth_mask |= SSL_aDSS;
#endif


+ 0
- 7
ssl/statem/statem_clnt.c View File

@ -2808,7 +2808,6 @@ static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
{
#ifndef OPENSSL_NO_RSA
unsigned char *encdata = NULL;
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = NULL;
@ -2886,10 +2885,6 @@ static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
EVP_PKEY_CTX_free(pctx);
return 0;
#else
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
#endif
}
static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
@ -3556,13 +3551,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
return 0;
}
#endif
#ifndef OPENSSL_NO_RSA
if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) {
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
SSL_R_MISSING_RSA_ENCRYPTING_CERT);
return 0;
}
#endif
#ifndef OPENSSL_NO_DH
if ((alg_k & SSL_kDHE) && (s->s3.peer_tmp == NULL)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);


+ 0
- 6
ssl/statem/statem_srvr.c View File

@ -2856,7 +2856,6 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
{
#ifndef OPENSSL_NO_RSA
size_t outlen;
PACKET enc_premaster;
EVP_PKEY *rsa = NULL;
@ -2950,11 +2949,6 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
OPENSSL_free(rsa_decrypt);
EVP_PKEY_CTX_free(ctx);
return ret;
#else
/* Should never happen */
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
return 0;
#endif
}
static int tls_process_cke_dhe(SSL *s, PACKET *pkt)


+ 0
- 10
test/acvp_test.c View File

@ -58,8 +58,6 @@ const OPTIONS *test_get_options(void)
return test_options;
}
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA)
static int pkey_get_bn_bytes(EVP_PKEY *pkey, const char *name,
unsigned char **out, size_t *out_len)
{
@ -85,10 +83,7 @@ err:
BN_free(bn);
return 0;
}
#endif
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
|| !defined(OPENSSL_NO_RSA)
static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
const unsigned char *msg, size_t msg_len,
unsigned char **sig_out, size_t *sig_out_len)
@ -114,7 +109,6 @@ err:
EVP_MD_CTX_free(md_ctx);
return ret;
}
#endif
#ifndef OPENSSL_NO_EC
static int ecdsa_keygen_test(int id)
@ -1010,7 +1004,6 @@ err:
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_RSA
static EVP_PKEY *rsa_keygen(int bits)
{
EVP_PKEY *key = NULL;
@ -1302,7 +1295,6 @@ err:
BN_CTX_free(bn_ctx);
return ret;
}
#endif /* OPENSSL_NO_RSA */
static int self_test_events(const OSSL_PARAM params[], void *varg)
{
@ -1443,13 +1435,11 @@ int setup_tests(void)
ADD_ALL_TESTS(aes_ccm_enc_dec_test, OSSL_NELEM(aes_ccm_enc_data));
ADD_ALL_TESTS(aes_gcm_enc_dec_test, OSSL_NELEM(aes_gcm_enc_data));
#ifndef OPENSSL_NO_RSA
ADD_ALL_TESTS(rsa_keygen_test, OSSL_NELEM(rsa_keygen_data));
ADD_ALL_TESTS(rsa_siggen_test, OSSL_NELEM(rsa_siggen_data));
ADD_ALL_TESTS(rsa_sigver_test, OSSL_NELEM(rsa_sigver_data));
ADD_ALL_TESTS(rsa_decryption_primitive_test,
OSSL_NELEM(rsa_decrypt_prim_data));
#endif /* OPENSSL_NO_RSA */
#ifndef OPENSSL_NO_DH
ADD_ALL_TESTS(dh_safe_prime_keygen_test,


+ 0
- 3
test/acvp_test.inc View File

@ -1010,7 +1010,6 @@ static const struct dh_safe_prime_keyver_st dh_safe_prime_keyver_data[] = {
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_RSA
struct rsa_keygen_st {
size_t mod;
const unsigned char *e;
@ -1981,8 +1980,6 @@ static const struct rsa_decrypt_prim_st rsa_decrypt_prim_data[] = {
},