From 3786d74868fe440250f902ce1a78974136ca9304 Mon Sep 17 00:00:00 2001 From: jwalch Date: Thu, 24 Sep 2020 11:43:06 -0400 Subject: en EVP_PKEY_CTX_set_rsa_keygen_pubexp() BIGNUM management Fixes #12635 As discussed in the issue, supporting the set0-like semantics long-term is not necessarily desirable, although necessary for short-term compatibility concerns. So I've deprecated the original method and added an equivalent that is explicitly labelled as set1. I tried to audit existing usages of the (now-deprecated) API and update them to use set1 if that appeared to align with their expectations. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/12917) --- include/crypto/evp.h | 7 +++++++ include/openssl/rsa.h | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 835224a7aa..23990f651c 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -95,6 +95,13 @@ struct evp_pkey_ctx_st { void *data; /* Indicator if digest_custom needs to be called */ unsigned int flag_call_digest_custom:1; + /* + * Used to support taking custody of memory in the case of a provider being + * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This + * member should NOT be used for any other purpose and should be removed + * when said deprecated API is excised completely. + */ + BIGNUM *rsa_pubexp; } /* EVP_PKEY_CTX */ ; #define EVP_PKEY_FLAG_DYNAMIC 1 diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h index 140c0d4412..24b2a7eb55 100644 --- a/include/openssl/rsa.h +++ b/include/openssl/rsa.h @@ -132,7 +132,9 @@ int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen); int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen); int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits); -int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); +DEPRECATEDIN_3_0(int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, + BIGNUM *pubexp)) +int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp); int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes); int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen); -- cgit v1.2.3