diff options
| author | jwalch <jeremy.walch@gmail.com> | 2020-09-24 11:43:06 -0400 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-09-26 07:31:59 +1000 |
| commit | 3786d74868fe440250f902ce1a78974136ca9304 (patch) | |
| tree | 14b99e0d58685d1a46482f6f80558113f5b5fa11 /include | |
| parent | fa9e541d49b812549d56c03852290a86aa1645ff (diff) | |
en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management
Fixes #12635
As discussed in the issue, supporting the set0-like semantics long-term is not necessarily desirable, although necessary for short-term compatibility concerns. So I've deprecated the original method and added an equivalent that is explicitly labelled as set1.
I tried to audit existing usages of the (now-deprecated) API and update them to use set1 if that appeared to align with their expectations.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12917)
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/evp.h | 7 | ||||
| -rw-r--r-- | include/openssl/rsa.h | 4 |
2 files changed, 10 insertions, 1 deletions
diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 835224a7aa..23990f651c 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -95,6 +95,13 @@ struct evp_pkey_ctx_st { void *data; /* Indicator if digest_custom needs to be called */ unsigned int flag_call_digest_custom:1; + /* + * Used to support taking custody of memory in the case of a provider being + * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This + * member should NOT be used for any other purpose and should be removed + * when said deprecated API is excised completely. + */ + BIGNUM *rsa_pubexp; } /* EVP_PKEY_CTX */ ; #define EVP_PKEY_FLAG_DYNAMIC 1 diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 140c0d4412..24b2a7eb55 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -132,7 +132,9 @@ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits); -int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +DEPRECATEDIN_3_0(int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, + BIGNUM *pubexp)) +int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen); |