summaryrefslogtreecommitdiffstats
path: root/src/include/openssl/rsa.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/include/openssl/rsa.h')
-rw-r--r--src/include/openssl/rsa.h180
1 files changed, 59 insertions, 121 deletions
diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h
index 2be50dc..9b415d7 100644
--- a/src/include/openssl/rsa.h
+++ b/src/include/openssl/rsa.h
@@ -59,7 +59,6 @@
#include <openssl/base.h>
-#include <openssl/asn1.h>
#include <openssl/engine.h>
#include <openssl/ex_data.h>
#include <openssl/thread.h>
@@ -101,12 +100,6 @@ OPENSSL_EXPORT int RSA_up_ref(RSA *rsa);
OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
BN_GENCB *cb);
-/* RSA_generate_multi_prime_key acts like |RSA_generate_key_ex| but can
- * generate an RSA private key with more than two primes. */
-OPENSSL_EXPORT int RSA_generate_multi_prime_key(RSA *rsa, int bits,
- int num_primes, BIGNUM *e,
- BN_GENCB *cb);
-
/* Encryption / Decryption */
@@ -247,7 +240,7 @@ OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
OPENSSL_EXPORT int RSA_private_encrypt(int flen, const uint8_t *from,
uint8_t *to, RSA *rsa, int padding);
-/* RSA_public_decrypt verifies |flen| bytes of signature from |from| using the
+/* RSA_private_encrypt verifies |flen| bytes of signature from |from| using the
* public key in |rsa| and writes the plaintext to |to|. The |to| buffer must
* have at least |RSA_size| bytes of space. It returns the number of bytes
* written, or -1 on error. The |padding| argument must be one of the
@@ -273,7 +266,7 @@ OPENSSL_EXPORT int RSA_is_opaque(const RSA *rsa);
* of type |md|. Otherwise it returns zero. */
OPENSSL_EXPORT int RSA_supports_digest(const RSA *rsa, const EVP_MD *md);
-/* RSAPublicKey_dup allocates a fresh |RSA| and copies the public key from
+/* RSAPublicKey_dup allocates a fresh |RSA| and copies the private key from
* |rsa| into it. It returns the fresh |RSA| object, or NULL on error. */
OPENSSL_EXPORT RSA *RSAPublicKey_dup(const RSA *rsa);
@@ -322,63 +315,36 @@ OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM,
const EVP_MD *mgf1Hash,
int sLen);
-/* RSA_add_pkcs1_prefix builds a version of |msg| prefixed with the DigestInfo
- * header for the given hash function and sets |out_msg| to point to it. On
- * successful return, |*out_msg| may be allocated memory and, if so,
- * |*is_alloced| will be 1. */
-OPENSSL_EXPORT int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
- int *is_alloced, int hash_nid,
- const uint8_t *msg, size_t msg_len);
-
/* ASN.1 functions. */
-/* RSA_parse_public_key parses a DER-encoded RSAPublicKey structure (RFC 3447)
- * from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on
- * error. */
-OPENSSL_EXPORT RSA *RSA_parse_public_key(CBS *cbs);
-
-/* RSA_parse_public_key_buggy behaves like |RSA_parse_public_key|, but it
- * tolerates some invalid encodings. Do not use this function. */
-OPENSSL_EXPORT RSA *RSA_parse_public_key_buggy(CBS *cbs);
-
-/* RSA_public_key_from_bytes parses |in| as a DER-encoded RSAPublicKey structure
- * (RFC 3447). It returns a newly-allocated |RSA| or NULL on error. */
-OPENSSL_EXPORT RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len);
-
-/* RSA_marshal_public_key marshals |rsa| as a DER-encoded RSAPublicKey structure
- * (RFC 3447) and appends the result to |cbb|. It returns one on success and
- * zero on failure. */
-OPENSSL_EXPORT int RSA_marshal_public_key(CBB *cbb, const RSA *rsa);
-
-/* RSA_public_key_to_bytes marshals |rsa| as a DER-encoded RSAPublicKey
- * structure (RFC 3447) and, on success, sets |*out_bytes| to a newly allocated
- * buffer containing the result and returns one. Otherwise, it returns zero. The
- * result should be freed with |OPENSSL_free|. */
-OPENSSL_EXPORT int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len,
- const RSA *rsa);
-
-/* RSA_parse_private_key parses a DER-encoded RSAPrivateKey structure (RFC 3447)
- * from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on
- * error. */
-OPENSSL_EXPORT RSA *RSA_parse_private_key(CBS *cbs);
-
-/* RSA_private_key_from_bytes parses |in| as a DER-encoded RSAPrivateKey
- * structure (RFC 3447). It returns a newly-allocated |RSA| or NULL on error. */
-OPENSSL_EXPORT RSA *RSA_private_key_from_bytes(const uint8_t *in,
- size_t in_len);
-
-/* RSA_marshal_private_key marshals |rsa| as a DER-encoded RSAPrivateKey
- * structure (RFC 3447) and appends the result to |cbb|. It returns one on
- * success and zero on failure. */
-OPENSSL_EXPORT int RSA_marshal_private_key(CBB *cbb, const RSA *rsa);
-
-/* RSA_private_key_to_bytes marshals |rsa| as a DER-encoded RSAPrivateKey
- * structure (RFC 3447) and, on success, sets |*out_bytes| to a newly allocated
- * buffer containing the result and returns one. Otherwise, it returns zero. The
- * result should be freed with |OPENSSL_free|. */
-OPENSSL_EXPORT int RSA_private_key_to_bytes(uint8_t **out_bytes,
- size_t *out_len, const RSA *rsa);
+/* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len|
+ * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
+ * is in |*out|. If |*out| is already non-NULL on entry then the result is
+ * written directly into |*out|, otherwise a fresh |RSA| is allocated. On
+ * successful exit, |*inp| is advanced past the DER structure. It returns the
+ * result or NULL on error. */
+OPENSSL_EXPORT RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len);
+
+/* i2d_RSAPublicKey marshals |in| to an ASN.1, DER structure. If |outp| is not
+ * NULL then the result is written to |*outp| and |*outp| is advanced just past
+ * the output. It returns the number of bytes in the result, whether written or
+ * not, or a negative value on error. */
+OPENSSL_EXPORT int i2d_RSAPublicKey(const RSA *in, uint8_t **outp);
+
+/* d2i_RSAPrivateKey parses an ASN.1, DER-encoded, RSA private key from |len|
+ * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
+ * is in |*out|. If |*out| is already non-NULL on entry then the result is
+ * written directly into |*out|, otherwise a fresh |RSA| is allocated. On
+ * successful exit, |*inp| is advanced past the DER structure. It returns the
+ * result or NULL on error. */
+OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
+
+/* i2d_RSAPrivateKey marshals |in| to an ASN.1, DER structure. If |outp| is not
+ * NULL then the result is written to |*outp| and |*outp| is advanced just past
+ * the output. It returns the number of bytes in the result, whether written or
+ * not, or a negative value on error. */
+OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp);
/* ex_data functions.
@@ -392,9 +358,6 @@ OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp,
OPENSSL_EXPORT int RSA_set_ex_data(RSA *r, int idx, void *arg);
OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *r, int idx);
-
-/* Flags. */
-
/* RSA_FLAG_OPAQUE specifies that this RSA_METHOD does not expose its key
* material. This may be set if, for instance, it is wrapping some other crypto
* API, like a platform key store. */
@@ -432,50 +395,6 @@ OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *r, int idx);
/* RSA_blinding_on returns one. */
OPENSSL_EXPORT int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-/* RSA_generate_key behaves like |RSA_generate_key_ex|, which is what you
- * should use instead. It returns NULL on error, or a newly-allocated |RSA| on
- * success. This function is provided for compatibility only. The |callback|
- * and |cb_arg| parameters must be NULL. */
-OPENSSL_EXPORT RSA *RSA_generate_key(int bits, unsigned long e, void *callback,
- void *cb_arg);
-
-/* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len|
- * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. If |*out| is already non-NULL on entry then the result is
- * written directly into |*out|, otherwise a fresh |RSA| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
-OPENSSL_EXPORT RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len);
-
-/* i2d_RSAPublicKey marshals |in| to an ASN.1, DER structure. If |outp| is not
- * NULL then the result is written to |*outp| and |*outp| is advanced just past
- * the output. It returns the number of bytes in the result, whether written or
- * not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_RSAPublicKey(const RSA *in, uint8_t **outp);
-
-/* d2i_RSAPrivateKey parses an ASN.1, DER-encoded, RSA private key from |len|
- * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. If |*out| is already non-NULL on entry then the result is
- * written directly into |*out|, otherwise a fresh |RSA| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
-OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
-
-/* i2d_RSAPrivateKey marshals |in| to an ASN.1, DER structure. If |outp| is not
- * NULL then the result is written to |*outp| and |*outp| is advanced just past
- * the output. It returns the number of bytes in the result, whether written or
- * not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp);
-
-typedef struct rsa_pss_params_st {
- X509_ALGOR *hashAlgorithm;
- X509_ALGOR *maskGenAlgorithm;
- ASN1_INTEGER *saltLength;
- ASN1_INTEGER *trailerField;
-} RSA_PSS_PARAMS;
-
-DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
-
struct rsa_meth_st {
struct openssl_method_common_st common;
@@ -531,9 +450,6 @@ struct rsa_meth_st {
int (*keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
- int (*multi_prime_keygen)(RSA *rsa, int bits, int num_primes, BIGNUM *e,
- BN_GENCB *cb);
-
/* supports_digest returns one if |rsa| supports digests of type
* |md|. If null, it is assumed that all digests are supported. */
int (*supports_digest)(const RSA *rsa, const EVP_MD *md);
@@ -545,6 +461,8 @@ struct rsa_meth_st {
typedef struct bn_blinding_st BN_BLINDING;
struct rsa_st {
+ /* version is only used during ASN.1 (de)serialisation. */
+ long version;
RSA_METHOD *meth;
BIGNUM *n;
@@ -555,9 +473,6 @@ struct rsa_st {
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
-
- STACK_OF(RSA_additional_prime) *additional_primes;
-
/* be careful using this if the RSA structure is shared */
CRYPTO_EX_DATA ex_data;
CRYPTO_refcount_t references;
@@ -587,6 +502,34 @@ struct rsa_st {
} /* extern C */
#endif
+#define RSA_F_BN_BLINDING_convert_ex 100
+#define RSA_F_BN_BLINDING_create_param 101
+#define RSA_F_BN_BLINDING_invert_ex 102
+#define RSA_F_BN_BLINDING_new 103
+#define RSA_F_BN_BLINDING_update 104
+#define RSA_F_RSA_check_key 105
+#define RSA_F_RSA_new_method 106
+#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 107
+#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 108
+#define RSA_F_RSA_padding_add_PKCS1_type_1 109
+#define RSA_F_RSA_padding_add_PKCS1_type_2 110
+#define RSA_F_RSA_padding_add_none 111
+#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 112
+#define RSA_F_RSA_padding_check_PKCS1_type_1 113
+#define RSA_F_RSA_padding_check_PKCS1_type_2 114
+#define RSA_F_RSA_padding_check_none 115
+#define RSA_F_RSA_recover_crt_params 116
+#define RSA_F_RSA_sign 117
+#define RSA_F_RSA_verify 118
+#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 119
+#define RSA_F_decrypt 120
+#define RSA_F_encrypt 121
+#define RSA_F_keygen 122
+#define RSA_F_pkcs1_prefixed_msg 123
+#define RSA_F_private_transform 124
+#define RSA_F_rsa_setup_blinding 125
+#define RSA_F_sign_raw 126
+#define RSA_F_verify_raw 127
#define RSA_R_BAD_E_VALUE 100
#define RSA_R_BAD_FIXED_HEADER_DECRYPT 101
#define RSA_R_BAD_PAD_BYTE_COUNT 102
@@ -628,10 +571,5 @@ struct rsa_st {
#define RSA_R_UNKNOWN_PADDING_TYPE 138
#define RSA_R_VALUE_MISSING 139
#define RSA_R_WRONG_SIGNATURE_LENGTH 140
-#define RSA_R_MUST_HAVE_AT_LEAST_TWO_PRIMES 141
-#define RSA_R_CANNOT_RECOVER_MULTI_PRIME_KEY 142
-#define RSA_R_BAD_ENCODING 143
-#define RSA_R_ENCODE_ERROR 144
-#define RSA_R_BAD_VERSION 145
#endif /* OPENSSL_HEADER_RSA_H */