diff options
| author | Pauli <paul.dale@oracle.com> | 2020-02-12 15:03:51 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-02-20 18:58:40 +1000 |
| commit | c5f8713443c8d606ff149b12c478cd6162f2a7ac (patch) | |
| tree | 536ea6ba3fdf7e0f4e80ef2b50f8f979cfb730a2 /ssl | |
| parent | b9f733c2846329ca6ee6b906b2291e31c0c14183 (diff) | |
Deprecate the low level RSA functions.
Use of the low level RSA functions has been informally discouraged for a
long time. We now formally deprecate them.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11063)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/t1_lib.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index aedb521015..923cf5b5cd 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -919,16 +919,16 @@ int tls1_lookup_md(SSL_CTX *ctx, const SIGALG_LOOKUP *lu, const EVP_MD **pmd) * with a 128 byte (1024 bit) key. */ #define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2) -static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const RSA *rsa, +static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey, const SIGALG_LOOKUP *lu) { const EVP_MD *md; - if (rsa == NULL) + if (pkey == NULL) return 0; if (!tls1_lookup_md(ctx, lu, &md) || md == NULL) return 0; - if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md)) + if (EVP_PKEY_size(pkey) < RSA_PSS_MINIMUM_KEY_SIZE(md)) return 0; return 1; } @@ -2823,7 +2823,7 @@ static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey) #endif } else if (lu->sig == EVP_PKEY_RSA_PSS) { /* validate that key is large enough for the signature algorithm */ - if (!rsa_pss_check_min_key_size(s->ctx, EVP_PKEY_get0(tmppkey), lu)) + if (!rsa_pss_check_min_key_size(s->ctx, tmppkey, lu)) continue; } break; @@ -2909,9 +2909,7 @@ int tls_choose_sigalg(SSL *s, int fatalerrs) /* validate that key is large enough for the signature algorithm */ EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey; - if (!rsa_pss_check_min_key_size(s->ctx, - EVP_PKEY_get0(pkey), - lu)) + if (!rsa_pss_check_min_key_size(s->ctx, pkey, lu)) continue; } #ifndef OPENSSL_NO_EC |