mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
3dbf824380
There was recently an instance where a user was confused by the deprecation warnings in the docs. They believed the warning applied to the immediately preceding function declarations, when it fact it applied to the following function declarations. https://mta.openssl.org/pipermail/openssl-users/2021-December/014665.html We clarify the wording to make it clear that the warning applies to the following functions. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17180)
271 lines
12 KiB
Plaintext
271 lines
12 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
RSA_meth_get0_app_data, RSA_meth_set0_app_data,
|
|
RSA_meth_new, RSA_meth_free, RSA_meth_dup, RSA_meth_get0_name,
|
|
RSA_meth_set1_name, RSA_meth_get_flags, RSA_meth_set_flags,
|
|
RSA_meth_get_pub_enc,
|
|
RSA_meth_set_pub_enc, RSA_meth_get_pub_dec, RSA_meth_set_pub_dec,
|
|
RSA_meth_get_priv_enc, RSA_meth_set_priv_enc, RSA_meth_get_priv_dec,
|
|
RSA_meth_set_priv_dec, RSA_meth_get_mod_exp, RSA_meth_set_mod_exp,
|
|
RSA_meth_get_bn_mod_exp, RSA_meth_set_bn_mod_exp, RSA_meth_get_init,
|
|
RSA_meth_set_init, RSA_meth_get_finish, RSA_meth_set_finish,
|
|
RSA_meth_get_sign, RSA_meth_set_sign, RSA_meth_get_verify,
|
|
RSA_meth_set_verify, RSA_meth_get_keygen, RSA_meth_set_keygen,
|
|
RSA_meth_get_multi_prime_keygen, RSA_meth_set_multi_prime_keygen
|
|
- Routines to build up RSA methods
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/rsa.h>
|
|
|
|
The following functions have been deprecated since OpenSSL 3.0, and can be
|
|
hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
|
|
see L<openssl_user_macros(7)>:
|
|
|
|
RSA_METHOD *RSA_meth_new(const char *name, int flags);
|
|
void RSA_meth_free(RSA_METHOD *meth);
|
|
|
|
RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
|
|
|
|
const char *RSA_meth_get0_name(const RSA_METHOD *meth);
|
|
int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
|
|
|
|
int RSA_meth_get_flags(const RSA_METHOD *meth);
|
|
int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
|
|
|
|
void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
|
|
int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
|
|
|
|
int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa, int padding);
|
|
int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
|
|
int (*pub_enc)(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa,
|
|
int padding));
|
|
|
|
int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
|
|
(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa, int padding);
|
|
int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
|
|
int (*pub_dec)(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa,
|
|
int padding));
|
|
|
|
int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa,
|
|
int padding);
|
|
int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
|
|
int (*priv_enc)(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa, int padding));
|
|
|
|
int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa,
|
|
int padding);
|
|
int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
|
|
int (*priv_dec)(int flen, const unsigned char *from,
|
|
unsigned char *to, RSA *rsa, int padding));
|
|
|
|
/* Can be null */
|
|
int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
|
|
RSA *rsa, BN_CTX *ctx);
|
|
int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
|
|
int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
|
|
BN_CTX *ctx));
|
|
|
|
/* Can be null */
|
|
int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, const BIGNUM *a,
|
|
const BIGNUM *p, const BIGNUM *m,
|
|
BN_CTX *ctx, BN_MONT_CTX *m_ctx);
|
|
int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
|
|
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a,
|
|
const BIGNUM *p, const BIGNUM *m,
|
|
BN_CTX *ctx, BN_MONT_CTX *m_ctx));
|
|
|
|
/* called at new */
|
|
int (*RSA_meth_get_init(const RSA_METHOD *meth) (RSA *rsa);
|
|
int RSA_meth_set_init(RSA_METHOD *rsa, int (*init (RSA *rsa));
|
|
|
|
/* called at free */
|
|
int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
|
|
int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish)(RSA *rsa));
|
|
|
|
int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, const unsigned char *m,
|
|
unsigned int m_length,
|
|
unsigned char *sigret,
|
|
unsigned int *siglen, const RSA *rsa);
|
|
int RSA_meth_set_sign(RSA_METHOD *rsa,
|
|
int (*sign)(int type, const unsigned char *m,
|
|
unsigned int m_length, unsigned char *sigret,
|
|
unsigned int *siglen, const RSA *rsa));
|
|
|
|
int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, const unsigned char *m,
|
|
unsigned int m_length,
|
|
const unsigned char *sigbuf,
|
|
unsigned int siglen, const RSA *rsa);
|
|
int RSA_meth_set_verify(RSA_METHOD *rsa,
|
|
int (*verify)(int dtype, const unsigned char *m,
|
|
unsigned int m_length,
|
|
const unsigned char *sigbuf,
|
|
unsigned int siglen, const RSA *rsa));
|
|
|
|
int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
|
|
BN_GENCB *cb);
|
|
int RSA_meth_set_keygen(RSA_METHOD *rsa,
|
|
int (*keygen)(RSA *rsa, int bits, BIGNUM *e,
|
|
BN_GENCB *cb));
|
|
|
|
int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits,
|
|
int primes, BIGNUM *e,
|
|
BN_GENCB *cb);
|
|
|
|
int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
|
|
int (*keygen) (RSA *rsa, int bits,
|
|
int primes, BIGNUM *e,
|
|
BN_GENCB *cb));
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
All of the functions described on this page are deprecated.
|
|
Applications should instead use the OSSL_PROVIDER APIs.
|
|
|
|
The B<RSA_METHOD> type is a structure used for the provision of custom
|
|
RSA implementations. It provides a set of functions used by OpenSSL
|
|
for the implementation of the various RSA capabilities.
|
|
|
|
RSA_meth_new() creates a new B<RSA_METHOD> structure. It should be
|
|
given a unique B<name> and a set of B<flags>. The B<name> should be a
|
|
NULL terminated string, which will be duplicated and stored in the
|
|
B<RSA_METHOD> object. It is the callers responsibility to free the
|
|
original string. The flags will be used during the construction of a
|
|
new B<RSA> object based on this B<RSA_METHOD>. Any new B<RSA> object
|
|
will have those flags set by default.
|
|
|
|
RSA_meth_dup() creates a duplicate copy of the B<RSA_METHOD> object
|
|
passed as a parameter. This might be useful for creating a new
|
|
B<RSA_METHOD> based on an existing one, but with some differences.
|
|
|
|
RSA_meth_free() destroys an B<RSA_METHOD> structure and frees up any
|
|
memory associated with it.
|
|
|
|
RSA_meth_get0_name() will return a pointer to the name of this
|
|
RSA_METHOD. This is a pointer to the internal name string and so
|
|
should not be freed by the caller. RSA_meth_set1_name() sets the name
|
|
of the RSA_METHOD to B<name>. The string is duplicated and the copy is
|
|
stored in the RSA_METHOD structure, so the caller remains responsible
|
|
for freeing the memory associated with the name.
|
|
|
|
RSA_meth_get_flags() returns the current value of the flags associated
|
|
with this RSA_METHOD. RSA_meth_set_flags() provides the ability to set
|
|
these flags.
|
|
|
|
The functions RSA_meth_get0_app_data() and RSA_meth_set0_app_data()
|
|
provide the ability to associate implementation specific data with the
|
|
RSA_METHOD. It is the application's responsibility to free this data
|
|
before the RSA_METHOD is freed via a call to RSA_meth_free().
|
|
|
|
RSA_meth_get_sign() and RSA_meth_set_sign() get and set the function
|
|
used for creating an RSA signature respectively. This function will be
|
|
called in response to the application calling RSA_sign(). The
|
|
parameters for the function have the same meaning as for RSA_sign().
|
|
|
|
RSA_meth_get_verify() and RSA_meth_set_verify() get and set the
|
|
function used for verifying an RSA signature respectively. This
|
|
function will be called in response to the application calling
|
|
RSA_verify(). The parameters for the function have the same meaning as
|
|
for RSA_verify().
|
|
|
|
RSA_meth_get_mod_exp() and RSA_meth_set_mod_exp() get and set the
|
|
function used for CRT computations.
|
|
|
|
RSA_meth_get_bn_mod_exp() and RSA_meth_set_bn_mod_exp() get and set
|
|
the function used for CRT computations, specifically the following
|
|
value:
|
|
|
|
r = a ^ p mod m
|
|
|
|
Both the mod_exp() and bn_mod_exp() functions are called by the
|
|
default OpenSSL method during encryption, decryption, signing and
|
|
verification.
|
|
|
|
RSA_meth_get_init() and RSA_meth_set_init() get and set the function
|
|
used for creating a new RSA instance respectively. This function will
|
|
be called in response to the application calling RSA_new() (if the
|
|
current default RSA_METHOD is this one) or RSA_new_method(). The
|
|
RSA_new() and RSA_new_method() functions will allocate the memory for
|
|
the new RSA object, and a pointer to this newly allocated structure
|
|
will be passed as a parameter to the function. This function may be
|
|
NULL.
|
|
|
|
RSA_meth_get_finish() and RSA_meth_set_finish() get and set the
|
|
function used for destroying an instance of an RSA object respectively.
|
|
This function will be called in response to the application calling
|
|
RSA_free(). A pointer to the RSA to be destroyed is passed as a
|
|
parameter. The destroy function should be used for RSA implementation
|
|
specific clean up. The memory for the RSA itself should not be freed
|
|
by this function. This function may be NULL.
|
|
|
|
RSA_meth_get_keygen() and RSA_meth_set_keygen() get and set the
|
|
function used for generating a new RSA key pair respectively. This
|
|
function will be called in response to the application calling
|
|
RSA_generate_key_ex(). The parameter for the function has the same
|
|
meaning as for RSA_generate_key_ex().
|
|
|
|
RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() get
|
|
and set the function used for generating a new multi-prime RSA key pair
|
|
respectively. This function will be called in response to the application calling
|
|
RSA_generate_multi_prime_key(). The parameter for the function has the same
|
|
meaning as for RSA_generate_multi_prime_key().
|
|
|
|
RSA_meth_get_pub_enc(), RSA_meth_set_pub_enc(),
|
|
RSA_meth_get_pub_dec(), RSA_meth_set_pub_dec(),
|
|
RSA_meth_get_priv_enc(), RSA_meth_set_priv_enc(),
|
|
RSA_meth_get_priv_dec(), RSA_meth_set_priv_dec() get and set the
|
|
functions used for public and private key encryption and decryption.
|
|
These functions will be called in response to the application calling
|
|
RSA_public_encrypt(), RSA_private_decrypt(), RSA_private_encrypt() and
|
|
RSA_public_decrypt() and take the same parameters as those.
|
|
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
RSA_meth_new() and RSA_meth_dup() return the newly allocated
|
|
RSA_METHOD object or NULL on failure.
|
|
|
|
RSA_meth_get0_name() and RSA_meth_get_flags() return the name and
|
|
flags associated with the RSA_METHOD respectively.
|
|
|
|
All other RSA_meth_get_*() functions return the appropriate function
|
|
pointer that has been set in the RSA_METHOD, or NULL if no such
|
|
pointer has yet been set.
|
|
|
|
RSA_meth_set1_name and all RSA_meth_set_*() functions return 1 on
|
|
success or 0 on failure.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<RSA_new(3)>, L<RSA_generate_key_ex(3)>, L<RSA_sign(3)>,
|
|
L<RSA_set_method(3)>, L<RSA_size(3)>, L<RSA_get0_key(3)>,
|
|
L<RSA_generate_multi_prime_key(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
All of these functions were deprecated in OpenSSL 3.0.
|
|
|
|
RSA_meth_get_multi_prime_keygen() and RSA_meth_set_multi_prime_keygen() were
|
|
added in OpenSSL 1.1.1.
|
|
|
|
Other functions described here were added in OpenSSL 1.1.0.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|