#endif
#include <openssl/crypto.h>
#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
+#ifdef OPENSSL_USE_DEPRECATED
#include <openssl/bn.h>
#endif
int (*rsa_priv_dec)(int flen,const unsigned char *from,
unsigned char *to,
RSA *rsa,int padding);
- int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */
+ /* Can be null */
+ int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx);
+ /* Can be null */
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx); /* Can be null */
- int (*init)(RSA *rsa); /* called at new */
- int (*finish)(RSA *rsa); /* called at free */
- int flags; /* RSA_METHOD_FLAG_* things */
- char *app_data; /* may be needed! */
+ BN_MONT_CTX *m_ctx);
+ /* called at new */
+ int (*init)(RSA *rsa);
+ /* called at free */
+ int (*finish)(RSA *rsa);
+ /* RSA_METHOD_FLAG_* things */
+ int flags;
+ /* may be needed! */
+ char *app_data;
/* New sign and verify functions: some libraries don't allow arbitrary data
* to be signed/verified: this allows them to be used. Note: for this to work
* the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
#endif
#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
+
+/* exponent limit enforced for "large" modulus only */
+# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
#endif
#define RSA_3 0x3L
*/
#define RSA_FLAG_SIGN_VER 0x0040
-#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
- * RSA implementation now uses blinding by
- * default (ignoring RSA_FLAG_BLINDING),
- * but other engines might not need it
- */
-#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA
- * implementation now uses constant time
- * operations by default in private key operations,
- * e.g., constant time modular exponentiation,
- * modular inverse without leaking branches,
- * division without leaking branches. This
- * flag disables these constant time
- * operations and results in faster RSA
- * private key operations.
- */
-#ifndef OPENSSL_NO_DEPRECATED
-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
- /* new with 0.9.7h; the built-in RSA
- * implementation now uses constant time
- * modular exponentiation for secret exponents
- * by default. This flag causes the
- * faster variable sliding window method to
- * be used for all exponents.
- */
+/*
+ * new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+#define RSA_FLAG_NO_BLINDING 0x0080
+/*
+ * new with 0.9.8f; the built-in RSA
+ * implementation now uses constant time
+ * operations by default in private key operations,
+ * e.g., constant time modular exponentiation,
+ * modular inverse without leaking branches,
+ * division without leaking branches. This
+ * flag disables these constant time
+ * operations and results in faster RSA
+ * private key operations.
+ */
+#define RSA_FLAG_NO_CONSTTIME 0x0100
+#ifdef OPENSSL_USE_DEPRECATED
+/* deprecated name for the flag*/
+/*
+ * new with 0.9.7h; the built-in RSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
#endif
EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
#define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+ EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
+#define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
+ EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)md)
+
#define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
- EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+ EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
+#define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
+ EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)pmd)
+
+#define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
+ EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)l)
+
+#define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
+ EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)l)
+
#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
+#define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
+#define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
+
+#define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11)
+#define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
+
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3
RSA * RSA_new(void);
RSA * RSA_new_method(ENGINE *engine);
-int RSA_size(const RSA *);
+int RSA_size(const RSA *rsa);
+int RSA_security_bits(const RSA *rsa);
/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-RSA * RSA_generate_key(int bits, unsigned long e,void
- (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
+#ifdef OPENSSL_USE_DEPRECATED
+DECLARE_DEPRECATED(RSA * RSA_generate_key(int bits, unsigned long e,void
+ (*callback)(int,int,void *),void *cb_arg));
+#endif /* defined(OPENSSL_USE_DEPRECATED) */
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
int RSA_check_key(const RSA *);
+int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
/* next 4 return -1 on error */
int RSA_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
-#ifndef OPENSSL_NO_FP_API
+typedef struct rsa_oaep_params_st
+ {
+ X509_ALGOR *hashFunc;
+ X509_ALGOR *maskGenFunc;
+ X509_ALGOR *pSourceFunc;
+ } RSA_OAEP_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
+
+#ifndef OPENSSL_NO_STDIO
int RSA_print_fp(FILE *fp, const RSA *r,int offset);
#endif
int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
const unsigned char *f,int fl,int rsa_len,
const unsigned char *p,int pl);
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ const unsigned char *param, int plen,
+ const EVP_MD *md, const EVP_MD *mgf1md);
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+ const unsigned char *from, int flen, int num,
+ const unsigned char *param, int plen,
+ const EVP_MD *md, const EVP_MD *mgf1md);
int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
const unsigned char *f,int fl);
int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
#define RSA_F_PKEY_RSA_CTRL_STR 144
#define RSA_F_PKEY_RSA_SIGN 142
#define RSA_F_PKEY_RSA_VERIFYRECOVER 141
+#define RSA_F_RSA_ALGOR_TO_MD 156
#define RSA_F_RSA_BUILTIN_KEYGEN 129
#define RSA_F_RSA_CHECK_KEY 123
+#define RSA_F_RSA_CHECK_KEY_EX 160
+#define RSA_F_RSA_CMS_DECRYPT 159
#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
#define RSA_F_RSA_GENERATE_KEY 105
#define RSA_F_RSA_ITEM_VERIFY 148
#define RSA_F_RSA_MEMORY_LOCK 130
+#define RSA_F_RSA_MGF1_TO_MD 157
#define RSA_F_RSA_NEW_METHOD 106
#define RSA_F_RSA_NULL 124
#define RSA_F_RSA_NULL_MOD_EXP 131
#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133
#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134
#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135
+#define RSA_F_RSA_OAEP_TO_CTX 158
#define RSA_F_RSA_PADDING_ADD_NONE 107
#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
+#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154
#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
#define RSA_F_RSA_PADDING_ADD_X931 127
#define RSA_F_RSA_PADDING_CHECK_NONE 111
#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
#define RSA_F_RSA_PRINT_FP 116
#define RSA_F_RSA_PRIV_DECODE 137
#define RSA_F_RSA_PRIV_ENCODE 138
+#define RSA_F_RSA_PSS_TO_CTX 155
#define RSA_F_RSA_PUB_DECODE 139
#define RSA_F_RSA_SETUP_BLINDING 136
#define RSA_F_RSA_SIGN 117
#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132
#define RSA_R_DATA_TOO_SMALL 111
#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
+#define RSA_R_DIGEST_DOES_NOT_MATCH 158
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
#define RSA_R_FIRST_OCTET_INVALID 133
#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144
+#define RSA_R_INVALID_DIGEST 157
#define RSA_R_INVALID_DIGEST_LENGTH 143
#define RSA_R_INVALID_HEADER 137
#define RSA_R_INVALID_KEYBITS 145
+#define RSA_R_INVALID_LABEL 160
#define RSA_R_INVALID_MESSAGE_LENGTH 131
#define RSA_R_INVALID_MGF1_MD 156
+#define RSA_R_INVALID_OAEP_PARAMETERS 161
#define RSA_R_INVALID_PADDING 138
#define RSA_R_INVALID_PADDING_MODE 141
#define RSA_R_INVALID_PSS_PARAMETERS 149
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
#define RSA_R_PADDING_CHECK_FAILED 114
+#define RSA_R_PKCS_DECODING_ERROR 159
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
+#define RSA_R_UNKNOWN_DIGEST 166
#define RSA_R_UNKNOWN_MASK_DIGEST 151
#define RSA_R_UNKNOWN_PADDING_TYPE 118
#define RSA_R_UNKNOWN_PSS_DIGEST 152
+#define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162
+#define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
#define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
#define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155