Browse Source

Deprecate the low level RSA functions.

Use of the low level RSA functions has been informally discouraged for a
long time. We now formally deprecate them.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
master
Pauli 2 years ago
parent
commit
c5f8713443
47 changed files with 880 additions and 455 deletions
  1. +39
    -0
      CHANGES
  2. +4
    -4
      apps/build.info
  3. +3
    -0
      apps/genrsa.c
  4. +7
    -5
      apps/progs.c
  5. +3
    -2
      apps/progs.pl
  6. +3
    -0
      apps/rsa.c
  7. +3
    -0
      apps/rsautl.c
  8. +18
    -13
      apps/speed.c
  9. +6
    -0
      crypto/evp/p_dec.c
  10. +6
    -0
      crypto/evp/p_enc.c
  11. +6
    -0
      crypto/rsa/rsa_ameth.c
  12. +6
    -0
      crypto/rsa/rsa_asn1.c
  13. +6
    -0
      crypto/rsa/rsa_chk.c
  14. +6
    -0
      crypto/rsa/rsa_crpt.c
  15. +6
    -0
      crypto/rsa/rsa_depr.c
  16. +6
    -0
      crypto/rsa/rsa_gen.c
  17. +6
    -0
      crypto/rsa/rsa_lib.c
  18. +6
    -0
      crypto/rsa/rsa_meth.c
  19. +6
    -0
      crypto/rsa/rsa_none.c
  20. +6
    -0
      crypto/rsa/rsa_oaep.c
  21. +6
    -0
      crypto/rsa/rsa_ossl.c
  22. +6
    -0
      crypto/rsa/rsa_pk1.c
  23. +6
    -0
      crypto/rsa/rsa_pmeth.c
  24. +6
    -0
      crypto/rsa/rsa_prn.c
  25. +6
    -0
      crypto/rsa/rsa_pss.c
  26. +6
    -0
      crypto/rsa/rsa_saos.c
  27. +6
    -0
      crypto/rsa/rsa_sign.c
  28. +6
    -0
      crypto/rsa/rsa_ssl.c
  29. +6
    -0
      crypto/rsa/rsa_x931.c
  30. +6
    -0
      crypto/rsa/rsa_x931g.c
  31. +1
    -0
      engines/build.info
  32. +190
    -84
      engines/e_dasync.c
  33. +1
    -1
      fuzz/asn1.c
  34. +232
    -190
      include/openssl/rsa.h
  35. +6
    -0
      providers/implementations/asymciphers/rsa_enc.c
  36. +6
    -0
      providers/implementations/keymgmt/rsa_kmgmt.c
  37. +6
    -0
      providers/implementations/serializers/serializer_rsa.c
  38. +6
    -0
      providers/implementations/serializers/serializer_rsa_priv.c
  39. +6
    -0
      providers/implementations/serializers/serializer_rsa_pub.c
  40. +5
    -7
      ssl/t1_lib.c
  41. +11
    -13
      test/build.info
  42. +50
    -12
      test/recipes/15-test_genrsa.t
  43. +15
    -19
      test/recipes/15-test_mp_rsa.t
  44. +36
    -20
      test/recipes/15-test_rsa.t
  45. +6
    -0
      test/rsa_mp_test.c
  46. +6
    -0
      test/rsa_test.c
  47. +85
    -85
      util/libcrypto.num

+ 39
- 0
CHANGES View File

@ -18,6 +18,45 @@
use the pkeyparam, pkey and genpkey programs.
[Paul Dale]
*) All of the low level RSA functions have been deprecated including:
RSA_new_method, RSA_bits, RSA_size, RSA_security_bits,
RSA_get0_pss_params, RSA_get_version, RSA_get0_engine,
RSA_generate_key_ex, RSA_generate_multi_prime_key,
RSA_X931_derive_ex, RSA_X931_generate_key_ex, RSA_check_key,
RSA_check_key_ex, RSA_public_encrypt, RSA_private_encrypt,
RSA_public_decrypt, RSA_private_decrypt, RSA_set_default_method,
RSA_get_default_method, RSA_null_method, RSA_get_method, RSA_set_method,
RSA_PKCS1_OpenSSL, RSA_print_fp, RSA_print, RSA_sign, RSA_verify,
RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING,
RSA_blinding_on, RSA_blinding_off, RSA_setup_blinding,
RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
PKCS1_MGF1, RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
RSA_padding_add_PKCS1_OAEP_mgf1, RSA_padding_check_PKCS1_OAEP_mgf1,
RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
RSA_padding_add_none, RSA_padding_check_none, RSA_padding_add_X931,
RSA_padding_check_X931, RSA_X931_hash_id, RSA_verify_PKCS1_PSS,
RSA_padding_add_PKCS1_PSS, RSA_verify_PKCS1_PSS_mgf1,
RSA_padding_add_PKCS1_PSS_mgf1, RSA_set_ex_data, RSA_get_ex_data,
RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
RSA_meth_get0_app_data, RSA_meth_set0_app_data, RSA_meth_get_pub_enc,
RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec,
RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec,
RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp,
RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init,
RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish,
RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify,
RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
RSA_meth_get_multi_prime_keygen and RSA_meth_set_multi_prime_keygen.
Use of these low level functions has been informally discouraged for a long
time. Instead applications should use L<EVP_PKEY_encrypt_init(3)>,
L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt_init(3)> and
L<EVP_PKEY_decrypt(3)>.
[Paul Dale]
*) X509 certificates signed using SHA1 are no longer allowed at security
level 1 and above.
In TLS/SSL the default security level is 1. It can be set either


+ 4
- 4
apps/build.info View File

@ -14,9 +14,9 @@ $OPENSSLSRC=\
openssl.c progs.c \
asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c \
ec.c ecparam.c enc.c engine.c errstr.c \
genpkey.c genrsa.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \
pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c \
rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
genpkey.c kdf.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c \
pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c \
list.c info.c provider.c fipsinstall.c
@ -32,7 +32,7 @@ IF[{- !$disabled{apps} -}]
ENDIF
IF[{- !$disabled{'deprecated-3.0'} -}]
SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c
SOURCE[openssl]=dhparam.c dsa.c dsaparam.c gendsa.c rsa.c rsautl.c genrsa.c
ENDIF
SCRIPTS{misc}=CA.pl


+ 3
- 0
apps/genrsa.c View File

@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
/* We need to use the deprecated RSA low level calls */
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT


+ 7
- 5
apps/progs.c View File

@ -49,8 +49,8 @@ FUNCTION functions[] = {
{FT_general, "gendsa", gendsa_main, gendsa_options, "genpkey"},
#endif
{FT_general, "genpkey", genpkey_main, genpkey_options, NULL},
#ifndef OPENSSL_NO_RSA
{FT_general, "genrsa", genrsa_main, genrsa_options, NULL},
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{FT_general, "genrsa", genrsa_main, genrsa_options, "genpkey"},
#endif
{FT_general, "help", help_main, help_options, NULL},
{FT_general, "info", info_main, info_options, NULL},
@ -75,9 +75,11 @@ FUNCTION functions[] = {
{FT_general, "rand", rand_main, rand_options, NULL},
{FT_general, "rehash", rehash_main, rehash_options, NULL},
{FT_general, "req", req_main, req_options, NULL},
{FT_general, "rsa", rsa_main, rsa_options, NULL},
#ifndef OPENSSL_NO_RSA
{FT_general, "rsautl", rsautl_main, rsautl_options, NULL},
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{FT_general, "rsa", rsa_main, rsa_options, "pkey"},
#endif
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
{FT_general, "rsautl", rsautl_main, rsautl_options, "pkeyutl"},
#endif
#ifndef OPENSSL_NO_SOCK
{FT_general, "s_client", s_client_main, s_client_options, NULL},


+ 3
- 2
apps/progs.pl View File

@ -92,12 +92,13 @@ EOF
my %cmd_disabler = (
ciphers => "sock",
genrsa => "rsa",
rsautl => "rsa",
gendh => "dh",
pkcs12 => "des",
);
my %cmd_deprecated = (
rsa => [ "3_0", "pkey", "rsa" ],
genrsa => [ "3_0", "genpkey", "rsa" ],
rsautl => [ "3_0", "pkeyutl", "rsa" ],
dhparam => [ "3_0", "pkeyparam", "dh" ],
dsaparam => [ "3_0", "pkeyparam", "dsa" ],
dsa => [ "3_0", "pkey", "dsa" ],


+ 3
- 0
apps/rsa.c View File

@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
/* We need to use the deprecated RSA low level calls */
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT


+ 3
- 0
apps/rsautl.c View File

@ -7,6 +7,9 @@
* https://www.openssl.org/source/license.html
*/
/* We need to use the deprecated RSA low level calls */
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_RSA
NON_EMPTY_TRANSLATION_UNIT


+ 18
- 13
apps/speed.c View File

@ -94,7 +94,7 @@
#ifndef OPENSSL_NO_CAST
# include <openssl/cast.h>
#endif
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
# include <openssl/rsa.h>
# include "./testrsa.h"
#endif
@ -416,7 +416,7 @@ static const OPT_PAIR dsa_choices[DSA_NUM] = {
static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */
#endif /* OPENSSL_NO_DSA */
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
enum {
R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680,
R_RSA_15360, RSA_NUM
@ -542,7 +542,7 @@ typedef struct loopargs_st {
unsigned char *key;
unsigned int siglen;
size_t sigsize;
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
RSA *rsa_key[RSA_NUM];
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@ -1021,7 +1021,7 @@ static int EVP_CMAC_loop(void *args)
}
#endif
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */
static int RSA_sign_loop(void *args)
@ -1503,7 +1503,7 @@ int speed_main(int argc, char **argv)
#if !defined(OPENSSL_NO_CAMELLIA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
CAMELLIA_KEY camellia_ks[3];
#endif
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
static const struct {
const unsigned char *data;
unsigned int length;
@ -1707,8 +1707,10 @@ int speed_main(int argc, char **argv)
goto end;
break;
case OPT_PRIMES:
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (!opt_int(opt_arg(), &primes))
goto end;
#endif
break;
case OPT_SECONDS:
seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
@ -1746,7 +1748,7 @@ int speed_main(int argc, char **argv)
doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
continue;
}
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
if (strcmp(algo, "openssl") == 0) /* just for compatibility */
continue;
if (strncmp(algo, "rsa", 3) == 0) {
@ -1909,7 +1911,7 @@ int speed_main(int argc, char **argv)
if (argc == 0 && !doit[D_EVP] && !doit[D_EVP_HMAC] && !doit[D_EVP_CMAC]) {
memset(doit, 1, sizeof(doit));
doit[D_EVP] = doit[D_EVP_HMAC] = doit[D_EVP_CMAC] = 0;
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
memset(rsa_doit, 1, sizeof(rsa_doit));
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
@ -1933,7 +1935,7 @@ int speed_main(int argc, char **argv)
"You have chosen to measure elapsed time "
"instead of user CPU time.\n");
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (i = 0; i < loopargs_len; i++) {
if (primes > RSA_DEFAULT_PRIME_NUM) {
/* for multi-prime RSA, skip this */
@ -2103,7 +2105,7 @@ int speed_main(int argc, char **argv)
c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
}
# ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
rsa_c[R_RSA_512][0] = count / 2000;
rsa_c[R_RSA_512][1] = count / 400;
for (i = 1; i < RSA_NUM; i++) {
@ -2859,7 +2861,7 @@ int speed_main(int argc, char **argv)
if (RAND_bytes(loopargs[i].buf, 36) <= 0)
goto end;
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (testnum = 0; testnum < RSA_NUM; testnum++) {
int st = 0;
if (!rsa_doit[testnum])
@ -3564,7 +3566,7 @@ int speed_main(int argc, char **argv)
}
printf("\n");
}
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
testnum = 1;
for (k = 0; k < RSA_NUM; k++) {
if (!rsa_doit[k])
@ -3691,7 +3693,7 @@ int speed_main(int argc, char **argv)
OPENSSL_free(loopargs[i].buf_malloc);
OPENSSL_free(loopargs[i].buf2_malloc);
#ifndef OPENSSL_NO_RSA
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
for (k = 0; k < RSA_NUM; k++)
RSA_free(loopargs[i].rsa_key[k]);
#endif
@ -3887,7 +3889,9 @@ static int do_multi(int multi, int size_num)
sstrsep(&p, sep);
for (j = 0; j < size_num; ++j)
results[alg][j] += atof(sstrsep(&p, sep));
} else if (strncmp(buf, "+F2:", 4) == 0) {
}
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
else if (strncmp(buf, "+F2:", 4) == 0) {
int k;
double d;
@ -3901,6 +3905,7 @@ static int do_multi(int multi, int size_num)
d = atof(sstrsep(&p, sep));
rsa_results[k][1] += d;
}
#endif
#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
else if (strncmp(buf, "+F3:", 4) == 0) {
int k;


+ 6
- 0
crypto/evp/p_dec.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/rsa.h>


+ 6
- 0
crypto/evp/p_enc.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/rsa.h>


+ 6
- 0
crypto/rsa/rsa_ameth.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>


+ 6
- 0
crypto/rsa/rsa_asn1.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>


+ 6
- 0
crypto/rsa/rsa_chk.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/bn.h>
#include <openssl/err.h>
#include "crypto/rsa.h"


+ 6
- 0
crypto/rsa/rsa_crpt.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"


+ 6
- 0
crypto/rsa/rsa_depr.c View File

@ -12,6 +12,12 @@
* "new" versions).
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/opensslconf.h>
#ifdef OPENSSL_NO_DEPRECATED_0_9_8
NON_EMPTY_TRANSLATION_UNIT


+ 6
- 0
crypto/rsa/rsa_gen.c View File

@ -13,6 +13,12 @@
* Geoff
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"


+ 6
- 0
crypto/rsa/rsa_lib.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/core_names.h>


+ 6
- 0
crypto/rsa/rsa_meth.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <string.h>
#include "rsa_local.h"
#include <openssl/err.h>


+ 6
- 0
crypto/rsa/rsa_none.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>


+ 6
- 0
crypto/rsa/rsa_oaep.c View File

@ -20,6 +20,12 @@
* one-wayness. For the RSA function, this is an equivalent notion.
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "internal/constant_time.h"
#include <stdio.h>


+ 6
- 0
crypto/rsa/rsa_ossl.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "internal/cryptlib.h"
#include "crypto/bn.h"
#include "rsa_local.h"


+ 6
- 0
crypto/rsa/rsa_pk1.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "internal/constant_time.h"
#include <stdio.h>


+ 6
- 0
crypto/rsa/rsa_pmeth.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "internal/constant_time.h"
#include <stdio.h>


+ 6
- 0
crypto/rsa/rsa_prn.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/rsa.h>


+ 6
- 0
crypto/rsa/rsa_pss.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>


+ 6
- 0
crypto/rsa/rsa_saos.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>


+ 6
- 0
crypto/rsa/rsa_sign.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>


+ 6
- 0
crypto/rsa/rsa_ssl.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>


+ 6
- 0
crypto/rsa/rsa_x931.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>


+ 6
- 0
crypto/rsa/rsa_x931g.c View File

@ -7,6 +7,12 @@
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <stdio.h>
#include <string.h>
#include <time.h>


+ 1
- 0
engines/build.info View File

@ -78,6 +78,7 @@ IF[{- !$disabled{"engine"} -}]
SOURCE[dasync]=dasync.ld
GENERATE[dasync.ld]=../util/engines.num
ENDIF
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto
INCLUDE[ossltest]=../include


+ 190
- 84
engines/e_dasync.c View File

@ -15,6 +15,7 @@
*/
#include "internal/deprecated.h"
#include <openssl/opensslconf.h>
#if defined(_WIN32)
# include <windows.h>
#endif
@ -101,22 +102,29 @@ static int dasync_digest_nids(const int **nids)
}
/* RSA */
static int dasync_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
BN_CTX *ctx);
static int dasync_rsa_init(RSA *rsa);
static int dasync_rsa_finish(RSA *rsa);
static RSA_METHOD *dasync_rsa_method = NULL;
static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
const int **pnids, int nid);
static int dasync_rsa_init(EVP_PKEY_CTX *ctx);
static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx);
static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx);
static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx);
static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx);
static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *in,
size_t inlen);
static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx);
static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *in,
size_t inlen);
static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value);
static EVP_PKEY_METHOD *dasync_rsa;
static const EVP_PKEY_METHOD *dasync_rsa_orig;
/* AES */
@ -197,26 +205,30 @@ static int dasync_cipher_nids[] = {
static int bind_dasync(ENGINE *e)
{
/* Setup RSA_METHOD */
if ((dasync_rsa_method = RSA_meth_new("Dummy Async RSA method", 0)) == NULL
|| RSA_meth_set_pub_enc(dasync_rsa_method, dasync_pub_enc) == 0
|| RSA_meth_set_pub_dec(dasync_rsa_method, dasync_pub_dec) == 0
|| RSA_meth_set_priv_enc(dasync_rsa_method, dasync_rsa_priv_enc) == 0
|| RSA_meth_set_priv_dec(dasync_rsa_method, dasync_rsa_priv_dec) == 0
|| RSA_meth_set_mod_exp(dasync_rsa_method, dasync_rsa_mod_exp) == 0
|| RSA_meth_set_bn_mod_exp(dasync_rsa_method, BN_mod_exp_mont) == 0
|| RSA_meth_set_init(dasync_rsa_method, dasync_rsa_init) == 0
|| RSA_meth_set_finish(dasync_rsa_method, dasync_rsa_finish) == 0) {
DASYNCerr(DASYNC_F_BIND_DASYNC, DASYNC_R_INIT_FAILED);
/* Setup RSA */
;
if ((dasync_rsa_orig = EVP_PKEY_meth_find(EVP_PKEY_RSA)) == NULL
|| (dasync_rsa = EVP_PKEY_meth_new(EVP_PKEY_RSA, 0)) == NULL)
return 0;
}
EVP_PKEY_meth_set_init(dasync_rsa, dasync_rsa_init);
EVP_PKEY_meth_set_cleanup(dasync_rsa, dasync_rsa_cleanup);
EVP_PKEY_meth_set_paramgen(dasync_rsa, dasync_rsa_paramgen_init,
dasync_rsa_paramgen);
EVP_PKEY_meth_set_keygen(dasync_rsa, dasync_rsa_keygen_init,
dasync_rsa_keygen);
EVP_PKEY_meth_set_encrypt(dasync_rsa, dasync_rsa_encrypt_init,
dasync_rsa_encrypt);
EVP_PKEY_meth_set_decrypt(dasync_rsa, dasync_rsa_decrypt_init,
dasync_rsa_decrypt);
EVP_PKEY_meth_set_ctrl(dasync_rsa, dasync_rsa_ctrl,
dasync_rsa_ctrl_str);
/* Ensure the dasync error handling is set up */
ERR_load_DASYNC_strings();
if (!ENGINE_set_id(e, engine_dasync_id)
|| !ENGINE_set_name(e, engine_dasync_name)
|| !ENGINE_set_RSA(e, dasync_rsa_method)
|| !ENGINE_set_pkey_meths(e, dasync_pkey)
|| !ENGINE_set_digests(e, dasync_digests)
|| !ENGINE_set_ciphers(e, dasync_ciphers)
|| !ENGINE_set_destroy_function(e, dasync_destroy)
@ -295,6 +307,13 @@ static int bind_dasync(ENGINE *e)
return 1;
}
static void destroy_pkey(void)
{
EVP_PKEY_meth_free(dasync_rsa);
dasync_rsa_orig = NULL;
dasync_rsa = NULL;
}
# ifndef OPENSSL_NO_DYNAMIC_ENGINE
static int bind_helper(ENGINE *e, const char *id)
{
@ -347,11 +366,30 @@ static int dasync_destroy(ENGINE *e)
{
destroy_digests();
destroy_ciphers();
RSA_meth_free(dasync_rsa_method);
destroy_pkey();
ERR_unload_DASYNC_strings();
return 1;
}
static int dasync_pkey(ENGINE *e, EVP_PKEY_METHOD **pmeth,
const int **pnids, int nid)
{
static const int rnid = EVP_PKEY_RSA;
if (pmeth == NULL) {
*pnids = &rnid;
return 1;
}
if (nid == EVP_PKEY_RSA) {
*pmeth = dasync_rsa;
return 1;
}
*pmeth = NULL;
return 0;
}
static int dasync_digests(ENGINE *e, const EVP_MD **digest,
const int **nids, int nid)
{
@ -522,60 +560,6 @@ static int dasync_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
return EVP_MD_meth_get_final(EVP_sha1())(ctx, md);
}
/*
* RSA implementation
*/
static int dasync_pub_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_pub_enc(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_pub_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding) {
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_pub_dec(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_priv_enc(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_priv_enc(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_priv_dec(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_priv_dec(RSA_PKCS1_OpenSSL())
(flen, from, to, rsa, padding);
}
static int dasync_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
/* Ignore errors - we carry on anyway */
dummy_pause_job();
return RSA_meth_get_mod_exp(RSA_PKCS1_OpenSSL())(r0, I, rsa, ctx);
}
static int dasync_rsa_init(RSA *rsa)
{
return RSA_meth_get_init(RSA_PKCS1_OpenSSL())(rsa);
}
static int dasync_rsa_finish(RSA *rsa)
{
return RSA_meth_get_finish(RSA_PKCS1_OpenSSL())(rsa);
}
/* Cipher helper functions */
static int dasync_cipher_ctrl_helper(EVP_CIPHER_CTX *ctx, int type, int arg,
@ -803,3 +787,125 @@ static int dasync_aes128_cbc_hmac_sha1_cleanup(EVP_CIPHER_CTX *ctx)
*/
return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc_hmac_sha1());
}
/*
* RSA implementation
*/
static int dasync_rsa_init(EVP_PKEY_CTX *ctx)
{
static int (*pinit)(EVP_PKEY_CTX *ctx);
if (pinit == NULL)
EVP_PKEY_meth_get_init(dasync_rsa_orig, &pinit);
return pinit(ctx);
}
static void dasync_rsa_cleanup(EVP_PKEY_CTX *ctx)
{
static void (*pcleanup)(EVP_PKEY_CTX *ctx);
if (pcleanup == NULL)
EVP_PKEY_meth_get_cleanup(dasync_rsa_orig, &pcleanup);
pcleanup(ctx);
}
static int dasync_rsa_paramgen_init(EVP_PKEY_CTX *ctx)
{
static int (*pparamgen_init)(EVP_PKEY_CTX *ctx);
if (pparamgen_init == NULL)
EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, &pparamgen_init, NULL);
return pparamgen_init(ctx);
}
static int dasync_rsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
static int (*pparamgen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
if (pparamgen == NULL)
EVP_PKEY_meth_get_paramgen(dasync_rsa_orig, NULL, &pparamgen);
return pparamgen(ctx, pkey);
}
static int dasync_rsa_keygen_init(EVP_PKEY_CTX *ctx)
{
static int (*pkeygen_init)(EVP_PKEY_CTX *ctx);
if (pkeygen_init == NULL)
EVP_PKEY_meth_get_keygen(dasync_rsa_orig, &pkeygen_init, NULL);
return pkeygen_init(ctx);
}
static int dasync_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
static int (*pkeygen)(EVP_PKEY_CTX *c, EVP_PKEY *pkey);
if (pkeygen == NULL)
EVP_PKEY_meth_get_keygen(dasync_rsa_orig, NULL, &pkeygen);
return pkeygen(ctx, pkey);
}
static int dasync_rsa_encrypt_init(EVP_PKEY_CTX *ctx)
{
static int (*pencrypt_init)(EVP_PKEY_CTX *ctx);
if (pencrypt_init == NULL)
EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, &pencrypt_init, NULL);
return pencrypt_init(ctx);
}
static int dasync_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *in,
size_t inlen)
{
static int (*pencryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *in,
size_t inlen);
if (pencryptfn == NULL)
EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pencryptfn);
return pencryptfn(ctx, out, outlen, in, inlen);
}
static int dasync_rsa_decrypt_init(EVP_PKEY_CTX *ctx)
{
static int (*pdecrypt_init)(EVP_PKEY_CTX *ctx);
if (pdecrypt_init == NULL)
EVP_PKEY_meth_get_decrypt(dasync_rsa_orig, &pdecrypt_init, NULL);
return pdecrypt_init(ctx);
}
static int dasync_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *in,
size_t inlen)
{
static int (*pdecrypt)(EVP_PKEY_CTX *ctx, unsigned char *out,
size_t *outlen, const unsigned char *in,
size_t inlen);
if (pdecrypt == NULL)
EVP_PKEY_meth_get_encrypt(dasync_rsa_orig, NULL, &pdecrypt);
return pdecrypt(ctx, out, outlen, in, inlen);
}
static int dasync_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
static int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
if (pctrl == NULL)
EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, &pctrl, NULL);
return pctrl(ctx, type, p1, p2);
}
static int dasync_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value)
{
static int (*pctrl_str)(EVP_PKEY_CTX *ctx, const char *type,
const char *value);
if (pctrl_str == NULL)
EVP_PKEY_meth_get_ctrl(dasync_rsa_orig, NULL, &pctrl_str);
return pctrl_str(ctx, type, value);
}

+ 1
- 1
fuzz/asn1.c View File

@ -338,7 +338,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey);
DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams);
#endif
DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey);
#ifndef OPENSSL_NO_EC
DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);


+ 232
- 190
include/openssl/rsa.h View File

@ -33,46 +33,50 @@
extern "C" {
# endif
/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
# endif
# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
# ifndef OPENSSL_NO_DEPRECATED_3_0
/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
# endif
# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
# endif
/* exponent limit enforced for "large" modulus only */
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
# endif
# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
# endif
# define RSA_3 0x3L
# define RSA_F4 0x10001L
# define RSA_3 0x3L
# define RSA_F4 0x10001L
/* based on RFC 8017 appendix A.1.2 */
# define RSA_ASN1_VERSION_DEFAULT 0
# define RSA_ASN1_VERSION_MULTI 1
# define RSA_ASN1_VERSION_DEFAULT 0
# define RSA_ASN1_VERSION_MULTI 1
# define RSA_DEFAULT_PRIME_NUM 2
# define RSA_DEFAULT_PRIME_NUM 2
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/* Don't check pub/private match */
/* TODO(3.0): deprecate this? It is exposed for sls/t1_lib.c's use */
# define RSA_METHOD_FLAG_NO_CHECK 0x0001
# define RSA_FLAG_CACHE_PUBLIC 0x0002
# define RSA_FLAG_CACHE_PRIVATE 0x0004
# define RSA_FLAG_BLINDING 0x0008
# define RSA_FLAG_THREAD_SAFE 0x0010
# ifndef OPENSSL_NO_DEPRECATED_3_0
# define RSA_FLAG_CACHE_PUBLIC 0x0002
# define RSA_FLAG_CACHE_PRIVATE 0x0004
# define RSA_FLAG_BLINDING 0x0008
# define RSA_FLAG_THREAD_SAFE 0x0010
/*
* This flag means the private key operations will be handled by rsa_mod_exp
* and that they do not depend on the private key components being present:
* for example a key stored in external hardware. Without this flag
* bn_mod_exp gets called when private key components are absent.
*/
# define RSA_FLAG_EXT_PKEY 0x0020
# define RSA_FLAG_EXT_PKEY 0x0020
/*
* new with 0.9.6j and 0.9.7b; the built-in
@ -80,14 +84,14 @@ extern "C" {
* default (ignoring RSA_FLAG_BLINDING),
* but other engines might not need it
*/
# define RSA_FLAG_NO_BLINDING 0x0080
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define RSA_FLAG_NO_BLINDING 0x0080
# endif /* OPENSSL_NO_DEPRECATED_3_0 */
/*
* Does nothing. Previously this switched off constant time behaviour.
*/
# ifndef OPENSSL_NO_DEPRECATED_1_1_0
# define RSA_FLAG_NO_CONSTTIME 0x0000
# endif
# ifndef OPENSSL_NO_DEPRECATED_0_9_8
/* deprecated name for the flag*/
/*
* new with 0.9.7h; the built-in RSA
@ -97,6 +101,7 @@ extern "C" {
* faster variable sliding window method to
* be used for all exponents.
*/
# ifndef OPENSSL_NO_DEPRECATED_0_9_8
# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
# endif
@ -142,7 +147,6 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name,
size_t namelen);
# define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
@ -153,8 +157,7 @@ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md);
int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name,
size_t namelen);
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label,
int llen);
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen);
int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
# define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
@ -198,10 +201,10 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label);
# define RSA_get_app_data(s) RSA_get_ex_data(s,0)
RSA *RSA_new(void);
RSA *RSA_new_method(ENGINE *engine);
int RSA_bits(const RSA *rsa);
int RSA_size(const RSA *rsa);
int RSA_security_bits(const RSA *rsa);
DEPRECATEDIN_3_0(RSA *RSA_new_method(ENGINE *engine))
DEPRECATEDIN_3_0(int RSA_bits(const RSA *rsa))
DEPRECATEDIN_3_0(int RSA_size(const RSA *rsa))
DEPRECATEDIN_3_0(int RSA_security_bits(const RSA *rsa))
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
@ -226,12 +229,12 @@ const BIGNUM *RSA_get0_q(const RSA *d);
const BIGNUM *RSA_get0_dmp1(const RSA *r);
const BIGNUM *RSA_get0_dmq1(const RSA *r);
const BIGNUM *RSA_get0_iqmp(const RSA *r);
const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
DEPRECATEDIN_3_0(const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r))
void RSA_clear_flags(RSA *r, int flags);
int RSA_test_flags(const RSA *r, int flags);
void RSA_set_flags(RSA *r, int flags);
int RSA_get_version(RSA *r);
ENGINE *RSA_get0_engine(const RSA *r);
DEPRECATEDIN_3_0(int RSA_get_version(RSA *r))
DEPRECATEDIN_3_0(ENGINE *RSA_get0_engine(const RSA *r))
/* Deprecated version */
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
@ -239,43 +242,52 @@ DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
void *cb_arg))
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
DEPRECATEDIN_3_0(int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
BN_GENCB *cb))
/* Multi-prime version */
int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
BIGNUM *e, BN_GENCB *cb);
int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb);
int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
BN_GENCB *cb);
int RSA_check_key(const RSA *);
int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
DEPRECATEDIN_3_0(int RSA_generate_multi_prime_key(RSA *rsa, int bits,
int primes, BIGNUM *e,
BN_GENCB *cb))
DEPRECATEDIN_3_0(int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2,
BIGNUM *q1, BIGNUM *q2,
const BIGNUM *Xp1, const BIGNUM *Xp2,
const BIGNUM *Xp, const BIGNUM *Xq1,
const BIGNUM *Xq2, const BIGNUM *Xq,
const BIGNUM *e, BN_GENCB *cb))
DEPRECATEDIN_3_0(int RSA_X931_generate_key_ex(RSA *rsa, int bits,
const BIGNUM *e, BN_GENCB *cb))
DEPRECATEDIN_3_0(int RSA_check_key(const RSA *))
DEPRECATEDIN_3_0(int RSA_check_key_ex(const RSA *, BN_GENCB *cb))
/* next 4 return -1 on error */
int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
DEPRECATEDIN_3_0(int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
DEPRECATEDIN_3_0(int RSA_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
DEPRECATEDIN_3_0(int RSA_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
DEPRECATEDIN_3_0(int RSA_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,
int padding))
void RSA_free(RSA *r);
/* "up" the RSA object's reference count */
int RSA_up_ref(RSA *r);
/* TODO(3.0): deprecate this one ssl/ssl_rsa.c can be changed to avoid it */
int RSA_flags(const RSA *r);
void RSA_set_default_method(const RSA_METHOD *meth);
const RSA_METHOD *RSA_get_default_method(void);
const RSA_METHOD *RSA_null_method(void);
const RSA_METHOD *RSA_get_method(const RSA *rsa);
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
DEPRECATEDIN_3_0(void RSA_set_default_method(const RSA_METHOD *meth))
DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_default_method(void))
DEPRECATEDIN_3_0(const RSA_METHOD *RSA_null_method(void))
DEPRECATEDIN_3_0(const RSA_METHOD *RSA_get_method(const RSA *rsa))
DEPRECATEDIN_3_0(int RSA_set_method(RSA *rsa, const RSA_METHOD *meth))
/* these are the actual RSA functions */
const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
DEPRECATEDIN_3_0(const RSA_METHOD *RSA_PKCS1_OpenSSL(void))
int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
@ -304,101 +316,129 @@ typedef struct rsa_oaep_params_st {
DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
# ifndef OPENSSL_NO_STDIO
int RSA_print_fp(FILE *fp, const RSA *r, int offset);
DEPRECATEDIN_3_0(int RSA_print_fp(FILE *fp, const RSA *r, int offset))
# endif
int RSA_print(BIO *bp, const RSA *r, int offset);
DEPRECATEDIN_3_0(int RSA_print(BIO *bp, const RSA *r, int offset))
/*
* The following 2 functions sign and verify a X509_SIG ASN1 object inside
* PKCS#1 padded RSA encryption
*/
int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
DEPRECATEDIN_3_0(int RSA_sign(int type, const unsigned char *m,
unsigned int m_length, unsigned char *sigret,
unsigned int *siglen, RSA *rsa))
DEPRECATEDIN_3_0(int RSA_verify(int type, const unsigned char *m,
unsigned int m_length,
const unsigned char *sigbuf,
unsigned int siglen, RSA *rsa))
/*
* The following 2 function sign and verify a ASN1_OCTET_STRING object inside
* PKCS#1 padded RSA encryption
*/
int RSA_sign_ASN1_OCTET_STRING(int type,
const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen,
RSA *rsa);
int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
unsigned int m_length, unsigned char *sigbuf,
unsigned int siglen, RSA *rsa);
DEPRECATEDIN_3_0(int RSA_sign_ASN1_OCTET_STRING(int type,
const unsigned char *m,
unsigned int m_length,
unsigned char *sigret,
unsigned int *siglen, RSA *rsa))
DEPRECATEDIN_3_0(int RSA_verify_ASN1_OCTET_STRING(int type,
const unsigned char *m,
unsigned int m_length,
unsigned char *sigbuf,
unsigned int siglen,
RSA *rsa))
/* TODO(3.0): figure out how to deprecate these two */
int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
void RSA_blinding_off(RSA *rsa);
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len);
int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len);
int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
long seedlen, const EVP_MD *dgst);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl,
const unsigned char *p, int pl);
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len,
const unsigned char *p, int pl);
int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md);
int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *from, int flen,
int num, const unsigned char *param,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md);
int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
const unsigned char *f, int fl);
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len);
int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
int fl);
int RSA_padding_check_none(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len);
int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
int fl);
int RSA_padding_check_X931(unsigned char *to, int tlen,
const unsigned char *f, int fl, int rsa_len);
int RSA_X931_hash_id(int nid);
int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const unsigned char *EM,
int sLen);
int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
const unsigned char *mHash, const EVP_MD *Hash,
int sLen);
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
const unsigned char *EM, int sLen);
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
int sLen);
DEPRECATEDIN_3_0(BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx))
DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *f,
int fl))
DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *f,
int fl, int rsa_len))
DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *f,
int fl))
DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *f,
int fl, int rsa_len))
DEPRECATEDIN_3_0(int PKCS1_MGF1(unsigned char *mask, long len,
const unsigned char *seed, long seedlen,
const EVP_MD *dgst))
DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f, int fl,
const unsigned char *p, int pl))
DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *f,
int fl, int rsa_len,
const unsigned char *p,
int pl))
DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to,
int tlen,
const unsigned char *from,
int flen,
const unsigned char *param,
int plen,
const EVP_MD *md,
const EVP_MD *mgf1md))
DEPRECATEDIN_3_0(int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to,
int tlen,
const unsigned char *from,
int flen, int num,
const unsigned char *param,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md))
DEPRECATEDIN_3_0(int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
const unsigned char *f, int fl))
DEPRECATEDIN_3_0(int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len))
DEPRECATEDIN_3_0(int RSA_padding_add_none(unsigned char *to, int tlen,
const unsigned char *f, int fl))
DEPRECATEDIN_3_0(int RSA_padding_check_none(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len))
DEPRECATEDIN_3_0(int RSA_padding_add_X931(unsigned char *to, int tlen,
const unsigned char *f, int fl))
DEPRECATEDIN_3_0(int RSA_padding_check_X931(unsigned char *to, int tlen,
const unsigned char *f, int fl,
int rsa_len))
DEPRECATEDIN_3_0(int RSA_X931_hash_id(int nid))
DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash,
const unsigned char *EM, int sLen))
DEPRECATEDIN_3_0(int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, int sLen))
DEPRECATEDIN_3_0(int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa,
const unsigned char *mHash,
const EVP_MD *Hash,
const EVP_MD *mgf1Hash,