Make RSA, RSA_PSS_PARAMS and RSA_METHOD opaque

Move the struct internals to rsa_locl.h and provide a missing typedef in ossl_typ.h. ok inoguchi jsing
author: tb <> 2022-01-14 08:34:39 +0000
committer: tb <> 2022-01-14 08:34:39 +0000
commit: 385790bbe258a0de5b6842a60a07a834e590fe1a (patch)
tree: d1055b55981f9ad17a7c3eba698619cd0ce84aed /src/lib/libcrypto/rsa/rsa.h
parent: 57442b0028fb09287793f279ee57ebb38e9ab954 (diff)
download: openbsd-385790bbe258a0de5b6842a60a07a834e590fe1a.tar.gz
openbsd-385790bbe258a0de5b6842a60a07a834e590fe1a.tar.bz2
openbsd-385790bbe258a0de5b6842a60a07a834e590fe1a.zip
1 files changed, 3 insertions, 81 deletions
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index e01e6ba553..d59fd03f76 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.54 2022/01/14 08:12:31 tb Exp $ */
+/* $OpenBSD: rsa.h,v 1.55 2022/01/14 08:34:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -80,11 +80,7 @@
 extern "C" {
 #endif
-/* Declared already in ossl_typ.h */
+struct rsa_pss_params_st {
-/* typedef struct rsa_st RSA; */
-/* typedef struct rsa_meth_st RSA_METHOD; */
-typedef struct rsa_pss_params_st {
        X509_ALGOR *hashAlgorithm;
        X509_ALGOR *maskGenAlgorithm;
        ASN1_INTEGER *saltLength;
@@ -92,7 +88,7 @@ typedef struct rsa_pss_params_st {
        /* Hash algorithm decoded from maskGenAlgorithm. */
        X509_ALGOR *maskHash;
-} RSA_PSS_PARAMS;
+} /* RSA_PSS_PARAMS */;
 typedef struct rsa_oaep_params_st {
        X509_ALGOR *hashFunc;
@@ -103,80 +99,6 @@ typedef struct rsa_oaep_params_st {
        X509_ALGOR *maskHash;
 } RSA_OAEP_PARAMS;
-struct rsa_meth_st {
-        const char *name;
-        int (*rsa_pub_enc)(int flen, const unsigned char *from,
-            unsigned char *to, RSA *rsa, int padding);
-        int (*rsa_pub_dec)(int flen, const unsigned char *from,
-            unsigned char *to, RSA *rsa, int padding);
-        int (*rsa_priv_enc)(int flen, const unsigned char *from,
-            unsigned char *to, RSA *rsa, int padding);
-        int (*rsa_priv_dec)(int flen, const unsigned char *from,
-            unsigned char *to, RSA *rsa, int padding);
-        int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
-            BN_CTX *ctx); /* Can be null */
-        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-            const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */
-        int (*init)(RSA *rsa);          /* called at new */
-        int (*finish)(RSA *rsa);        /* called at free */
-        int flags;                      /* RSA_METHOD_FLAG_* things */
-        char *app_data;                 /* may be needed! */
-/* New sign and verify functions: some libraries don't allow arbitrary data
- * to be signed/verified: this allows them to be used. Note: for this to work
- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
- * option is set in 'flags'.
- */
-        int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length,
-            unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-        int (*rsa_verify)(int dtype, const unsigned char *m,
-            unsigned int m_length, const unsigned char *sigbuf,
-            unsigned int siglen, const RSA *rsa);
-/* If this callback is NULL, the builtin software RSA key-gen will be used. This
- * is for behavioural compatibility whilst the code gets rewired, but one day
- * it would be nice to assume there are no such things as "builtin software"
- * implementations. */
-        int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-};
-struct rsa_st {
-        /* The first parameter is used to pickup errors where
-         * this is passed instead of aEVP_PKEY, it is set to 0 */
-        int pad;
-        long version;
-        const RSA_METHOD *meth;
-        /* functional reference if 'meth' is ENGINE-provided */
-        ENGINE *engine;
-        BIGNUM *n;
-        BIGNUM *e;
-        BIGNUM *d;
-        BIGNUM *p;
-        BIGNUM *q;
-        BIGNUM *dmp1;
-        BIGNUM *dmq1;
-        BIGNUM *iqmp;
-        /* Parameter restrictions for PSS only keys. */
-        RSA_PSS_PARAMS *pss;
-        /* be careful using this if the RSA structure is shared */
-        CRYPTO_EX_DATA ex_data;
-        int references;
-        int flags;
-        /* Used to cache montgomery values */
-        BN_MONT_CTX *_method_mod_n;
-        BN_MONT_CTX *_method_mod_p;
-        BN_MONT_CTX *_method_mod_q;
-        /* all BIGNUM values are actually in the following data, if it is not
-         * NULL */
-        BN_BLINDING *blinding;
-        BN_BLINDING *mt_blinding;
-};
 #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
 # define OPENSSL_RSA_MAX_MODULUS_BITS   16384
 #endif
author	tb <>	2022-01-14 08:34:39 +0000
committer	tb <>	2022-01-14 08:34:39 +0000
commit	385790bbe258a0de5b6842a60a07a834e590fe1a (patch)
tree	d1055b55981f9ad17a7c3eba698619cd0ce84aed /src/lib/libcrypto/rsa/rsa.h
parent	57442b0028fb09287793f279ee57ebb38e9ab954 (diff)
download	openbsd-385790bbe258a0de5b6842a60a07a834e590fe1a.tar.gz openbsd-385790bbe258a0de5b6842a60a07a834e590fe1a.tar.bz2 openbsd-385790bbe258a0de5b6842a60a07a834e590fe1a.zip

diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index e01e6ba553..d59fd03f76 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa.h,v 1.54 2022/01/14 08:12:31 tb Exp $ */	1	/* $OpenBSD: rsa.h,v 1.55 2022/01/14 08:34:39 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -80,11 +80,7 @@
80	extern "C" {	80	extern "C" {
81	#endif	81	#endif
82		82
83	/* Declared already in ossl_typ.h */	83	struct rsa_pss_params_st {
84	/* typedef struct rsa_st RSA; */
85	/* typedef struct rsa_meth_st RSA_METHOD; */
86
87	typedef struct rsa_pss_params_st {
88	X509_ALGOR *hashAlgorithm;	84	X509_ALGOR *hashAlgorithm;
89	X509_ALGOR *maskGenAlgorithm;	85	X509_ALGOR *maskGenAlgorithm;
90	ASN1_INTEGER *saltLength;	86	ASN1_INTEGER *saltLength;
@@ -92,7 +88,7 @@ typedef struct rsa_pss_params_st {
92		88
93	/* Hash algorithm decoded from maskGenAlgorithm. */	89	/* Hash algorithm decoded from maskGenAlgorithm. */
94	X509_ALGOR *maskHash;	90	X509_ALGOR *maskHash;
95	} RSA_PSS_PARAMS;	91	} /* RSA_PSS_PARAMS */;
96		92
97	typedef struct rsa_oaep_params_st {	93	typedef struct rsa_oaep_params_st {
98	X509_ALGOR *hashFunc;	94	X509_ALGOR *hashFunc;
@@ -103,80 +99,6 @@ typedef struct rsa_oaep_params_st {
103	X509_ALGOR *maskHash;	99	X509_ALGOR *maskHash;
104	} RSA_OAEP_PARAMS;	100	} RSA_OAEP_PARAMS;
105		101
106	struct rsa_meth_st {
107	const char *name;
108	int (rsa_pub_enc)(int flen, const unsigned char from,
109	unsigned char to, RSA rsa, int padding);
110	int (rsa_pub_dec)(int flen, const unsigned char from,
111	unsigned char to, RSA rsa, int padding);
112	int (rsa_priv_enc)(int flen, const unsigned char from,
113	unsigned char to, RSA rsa, int padding);
114	int (rsa_priv_dec)(int flen, const unsigned char from,
115	unsigned char to, RSA rsa, int padding);
116	int (rsa_mod_exp)(BIGNUM r0, const BIGNUM I, RSA rsa,
117	BN_CTX ctx); / Can be null */
118	int (bn_mod_exp)(BIGNUM r, const BIGNUM a, const BIGNUM p,
119	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX m_ctx); / Can be null */
120	int (init)(RSA rsa); /* called at new */
121	int (finish)(RSA rsa); /* called at free */
122	int flags; /* RSA_METHOD_FLAG_* things */
123	char app_data; / may be needed! */
124	/* New sign and verify functions: some libraries don't allow arbitrary data
125	* to be signed/verified: this allows them to be used. Note: for this to work
126	* the RSA_public_decrypt() and RSA_private_encrypt() should NOT be used
127	* RSA_sign(), RSA_verify() should be used instead. Note: for backwards
128	* compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
129	* option is set in 'flags'.
130	*/
131	int (rsa_sign)(int type, const unsigned char m, unsigned int m_length,
132	unsigned char sigret, unsigned int siglen, const RSA *rsa);
133	int (rsa_verify)(int dtype, const unsigned char m,
134	unsigned int m_length, const unsigned char *sigbuf,
135	unsigned int siglen, const RSA *rsa);
136	/* If this callback is NULL, the builtin software RSA key-gen will be used. This
137	* is for behavioural compatibility whilst the code gets rewired, but one day
138	* it would be nice to assume there are no such things as "builtin software"
139	* implementations. */
140	int (rsa_keygen)(RSA rsa, int bits, BIGNUM e, BN_GENCB cb);
141	};
142
143	struct rsa_st {
144	/* The first parameter is used to pickup errors where
145	* this is passed instead of aEVP_PKEY, it is set to 0 */
146	int pad;
147	long version;
148	const RSA_METHOD *meth;
149
150	/* functional reference if 'meth' is ENGINE-provided */
151	ENGINE *engine;
152	BIGNUM *n;
153	BIGNUM *e;
154	BIGNUM *d;
155	BIGNUM *p;
156	BIGNUM *q;
157	BIGNUM *dmp1;
158	BIGNUM *dmq1;
159	BIGNUM *iqmp;
160
161	/* Parameter restrictions for PSS only keys. */
162	RSA_PSS_PARAMS *pss;
163
164	/* be careful using this if the RSA structure is shared */
165	CRYPTO_EX_DATA ex_data;
166	int references;
167	int flags;
168
169	/* Used to cache montgomery values */
170	BN_MONT_CTX *_method_mod_n;
171	BN_MONT_CTX *_method_mod_p;
172	BN_MONT_CTX *_method_mod_q;
173
174	/* all BIGNUM values are actually in the following data, if it is not
175	* NULL */
176	BN_BLINDING *blinding;
177	BN_BLINDING *mt_blinding;
178	};
179
180	#ifndef OPENSSL_RSA_MAX_MODULUS_BITS	102	#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
181	# define OPENSSL_RSA_MAX_MODULUS_BITS 16384	103	# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
182	#endif	104	#endif