From c7efff3e254b868e292d5726e03e83b957c0dd15 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Sat, 8 Jun 2019 09:53:15 +0000 Subject: In rsa.h rev. 1.40, gilles@ provided several new RSA_METHOD accessors. Update the documentation. OK tb@ jmc@ --- src/lib/libcrypto/man/RSA_generate_key.3 | 5 +- src/lib/libcrypto/man/RSA_meth_new.3 | 454 +++++++++++++++++++++++++++++-- src/lib/libcrypto/man/RSA_new.3 | 14 +- src/lib/libcrypto/man/RSA_set_method.3 | 67 +++-- src/lib/libcrypto/man/RSA_sign.3 | 5 +- 5 files changed, 499 insertions(+), 46 deletions(-) diff --git a/src/lib/libcrypto/man/RSA_generate_key.3 b/src/lib/libcrypto/man/RSA_generate_key.3 index 3ac3885f13..80bae6824c 100644 --- a/src/lib/libcrypto/man/RSA_generate_key.3 +++ b/src/lib/libcrypto/man/RSA_generate_key.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_generate_key.3,v 1.11 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: RSA_generate_key.3,v 1.12 2019/06/08 09:53:15 schwarze Exp $ .\" OpenSSL RSA_generate_key.pod bb6c5e7f Feb 5 10:29:22 2017 -0500 .\" .\" This file was written by Ulf Moeller . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: June 8 2019 $ .Dt RSA_GENERATE_KEY 3 .Os .Sh NAME @@ -144,6 +144,7 @@ The error codes can be obtained by .Xr BN_generate_prime 3 , .Xr ERR_get_error 3 , .Xr RSA_get0_key 3 , +.Xr RSA_meth_set_keygen 3 , .Xr RSA_new 3 .Sh HISTORY .Fn RSA_generate_key diff --git a/src/lib/libcrypto/man/RSA_meth_new.3 b/src/lib/libcrypto/man/RSA_meth_new.3 index 137e0cad87..8faab9490d 100644 --- a/src/lib/libcrypto/man/RSA_meth_new.3 +++ b/src/lib/libcrypto/man/RSA_meth_new.3 @@ -1,10 +1,11 @@ -.\" $OpenBSD: RSA_meth_new.3,v 1.3 2018/09/12 15:09:22 jmc Exp $ -.\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 +.\" $OpenBSD: RSA_meth_new.3,v 1.4 2019/06/08 09:53:15 schwarze Exp $ +.\" full merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 +.\" selective merge up to: OpenSSL 24907560 Sep 17 07:47:42 2018 +1000 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2018 Ingo Schwarze +.\" Copyright (c) 2018, 2019 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,18 +66,41 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 12 2018 $ +.Dd $Mdocdate: June 8 2019 $ .Dt RSA_METH_NEW 3 .Os .Sh NAME .Nm RSA_meth_new , .Nm RSA_meth_dup , .Nm RSA_meth_free , -.Nm RSA_meth_get_finish , +.Nm RSA_meth_get0_name , .Nm RSA_meth_set1_name , +.Nm RSA_meth_get_flags , +.Nm RSA_meth_set_flags , +.Nm RSA_meth_get0_app_data , +.Nm RSA_meth_set0_app_data , +.Nm RSA_meth_get_init , +.Nm RSA_meth_set_init , +.Nm RSA_meth_get_finish , .Nm RSA_meth_set_finish , +.Nm RSA_meth_get_pub_enc , +.Nm RSA_meth_set_pub_enc , +.Nm RSA_meth_get_pub_dec , +.Nm RSA_meth_set_pub_dec , +.Nm RSA_meth_get_priv_enc , .Nm RSA_meth_set_priv_enc , -.Nm RSA_meth_set_priv_dec +.Nm RSA_meth_get_priv_dec , +.Nm RSA_meth_set_priv_dec , +.Nm RSA_meth_get_sign , +.Nm RSA_meth_set_sign , +.Nm RSA_meth_get_verify , +.Nm RSA_meth_set_verify , +.Nm RSA_meth_get_mod_exp , +.Nm RSA_meth_set_mod_exp , +.Nm RSA_meth_get_bn_mod_exp , +.Nm RSA_meth_set_bn_mod_exp , +.Nm RSA_meth_get_keygen , +.Nm RSA_meth_set_keygen .Nd build up RSA methods .Sh SYNOPSIS .In openssl/rsa.h @@ -93,30 +117,177 @@ .Fo RSA_meth_free .Fa "RSA_METHOD *meth" .Fc +.Ft const char * +.Fo RSA_meth_get0_name +.Fa "const RSA_METHOD *meth" +.Fc .Ft int .Fo RSA_meth_set1_name .Fa "RSA_METHOD *meth" .Fa "const char *name" .Fc .Ft int -.Fn "(*RSA_meth_get_finish(const RSA_METHOD *meth))" "RSA *rsa" +.Fo RSA_meth_get_flags +.Fa "const RSA_METHOD *meth" +.Fc +.Ft int +.Fo RSA_meth_set_flags +.Fa "RSA_METHOD *meth" +.Fa "int flags" +.Fc +.Ft void * +.Fo RSA_meth_get0_app_data +.Fa "const RSA_METHOD *meth" +.Fc +.Ft int +.Fo RSA_meth_set0_app_data +.Fa "RSA_METHOD *meth" +.Fa "void *app_data" +.Fc +.Ft int +.Fo "(*RSA_meth_get_init(const RSA_METHOD *meth))" +.Fa "RSA *rsa" +.Fc +.Ft int +.Fo "RSA_meth_set_init" +.Fa "RSA_METHOD *meth" +.Fa "int (*init)(RSA *rsa)" +.Fc +.Ft int +.Fo "(*RSA_meth_get_finish(const RSA_METHOD *meth))" +.Fa "RSA *rsa" +.Fc .Ft int .Fo RSA_meth_set_finish .Fa "RSA_METHOD *meth" .Fa "int (*finish)(RSA *rsa)" .Fc .Ft int +.Fo "(*RSA_meth_get_pub_enc(const RSA_METHOD *meth))" +.Fa "int flen" +.Fa "const unsigned char *from" +.Fa "unsigned char *to" +.Fa "RSA *rsa" +.Fa "int padding" +.Fc +.Ft int +.Fo RSA_meth_set_pub_enc +.Fa "RSA_METHOD *meth" +.Fa "int (*pub_enc)(int flen, const unsigned char *from,\ + unsigned char *to, RSA *rsa, int padding)" +.Fc +.Ft int +.Fo "(*RSA_meth_get_pub_dec(const RSA_METHOD *meth))" +.Fa "int flen" +.Fa "const unsigned char *from" +.Fa "unsigned char *to" +.Fa "RSA *rsa" +.Fa "int padding" +.Fc +.Ft int +.Fo RSA_meth_set_pub_dec +.Fa "RSA_METHOD *meth" +.Fa "int (*pub_dec)(int flen, const unsigned char *from,\ + unsigned char *to, RSA *rsa, int padding)" +.Fc +.Ft int +.Fo "(*RSA_meth_get_priv_enc(const RSA_METHOD *meth))" +.Fa "int flen" +.Fa "const unsigned char *from" +.Fa "unsigned char *to" +.Fa "RSA *rsa" +.Fa "int padding" +.Fc +.Ft int .Fo RSA_meth_set_priv_enc .Fa "RSA_METHOD *meth" .Fa "int (*priv_enc)(int flen, const unsigned char *from,\ unsigned char *to, RSA *rsa, int padding)" .Fc .Ft int +.Fo "(*RSA_meth_get_priv_dec(const RSA_METHOD *meth))" +.Fa "int flen" +.Fa "const unsigned char *from" +.Fa "unsigned char *to" +.Fa "RSA *rsa" +.Fa "int padding" +.Fc +.Ft int .Fo RSA_meth_set_priv_dec .Fa "RSA_METHOD *meth" .Fa "int (*priv_dec)(int flen, const unsigned char *from,\ unsigned char *to, RSA *rsa, int padding)" .Fc +.Ft int +.Fo "(*RSA_meth_get_sign(const RSA_METHOD *meth))" +.Fa "int type" +.Fa "const unsigned char *m" +.Fa "unsigned int m_length" +.Fa "unsigned char *sigret" +.Fa "unsigned int *siglen" +.Fa "const RSA *rsa" +.Fc +.Ft int +.Fo RSA_meth_set_sign +.Fa "RSA_METHOD *rsa" +.Fa "int (*sign)(int type, const unsigned char *m, unsigned int m_length,\ + unsigned char *sigret, unsigned int *siglen, const RSA *rsa)" +.Fc +.Ft int +.Fo "(*RSA_meth_get_verify(const RSA_METHOD *meth))" +.Fa "int dtype" +.Fa "const unsigned char *m" +.Fa "unsigned int m_length" +.Fa "const unsigned char *sigbuf" +.Fa "unsigned int siglen" +.Fa "const RSA *rsa" +.Fc +.Ft int +.Fo RSA_meth_set_verify +.Fa "RSA_METHOD *rsa" +.Fa "int (*verify)(int dtype, const unsigned char *m,\ + unsigned int m_length, const unsigned char *sigbuf,\ + unsigned int siglen, const RSA *rsa)" +.Fc +.Ft int +.Fo "(*RSA_meth_get_mod_exp(const RSA_METHOD *meth))" +.Fa "BIGNUM *r0" +.Fa "const BIGNUM *i" +.Fa "RSA *rsa" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo RSA_meth_set_mod_exp +.Fa "RSA_METHOD *meth" +.Fa "int (*mod_exp)(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)" +.Fc +.Ft int +.Fo "(*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))" +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *p" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fa "BN_MONT_CTX *m_ctx" +.Fc +.Ft int +.Fo RSA_meth_set_bn_mod_exp +.Fa "RSA_METHOD *meth" +.Fa "int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,\ + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)" +.Fc +.Ft int +.Fo "(*RSA_meth_get_keygen(const RSA_METHOD *meth))" +.Fa "RSA *rsa" +.Fa "int bits" +.Fa "BIGNUM *e" +.Fa "BN_GENCB *cb" +.Fc +.Ft int +.Fo RSA_meth_set_keygen +.Fa "RSA_METHOD *meth" +.Fa "int (*keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)" +.Fc .Sh DESCRIPTION The .Vt RSA_METHOD @@ -137,11 +308,15 @@ object constructed from this .Vt RSA_METHOD will have the given .Fa flags -set by default. +set by default, as if they were set with +.Xr RSA_set_flags 3 . .Pp .Fn RSA_meth_dup creates a deep copy of -.Fa meth . +.Fa meth , +except that a pointer stored into it with +.Fn RSA_meth_set0_app_data +is copied as a pointer without creating a copy of its content. This might be useful for creating a new .Vt RSA_METHOD based on an existing one, but with some differences. @@ -149,15 +324,80 @@ based on an existing one, but with some differences. .Fn RSA_meth_free destroys .Fa meth -and frees any memory associated with it. +and frees any memory associated with it, +except that memory pointed to by a pointer set with +.Fn RSA_meth_set0_app_data +is not freed. +If +.Fa meth +is +.Dv NULL , +no action occurs. .Pp +.Fn RSA_meth_get0_name +returns an internal pointer to the name of +.Fa meth . .Fn RSA_meth_set1_name -Stores a copy of the NUL-terminated +stores a copy of the NUL-terminated .Fa name in the .Vt RSA_METHOD -object after freeing the previously stored -.Fa name . +object after freeing the previously stored name. +Method names are ignored by the default RSA implementation +but can be used by alternative implementations +and by the application program. +.Pp +.Fn RSA_meth_get_flags +retrieves the flags from +.Fa meth . +Flags are documented in +.Xr RSA_test_flags 3 . +.Fn RSA_meth_set_flags +overwrites all flags in +.Fa meth . +Unlike +.Xr RSA_set_flags 3 , +it does not preserve any flags that were set before the call. +.Pp +.Fn RSA_meth_get0_app_data +and +.Fn RSA_meth_set0_app_data +get and set a pointer to implementation-specific data. +The function +.Fn RSA_meth_free +does not +.Xr free 3 +the memory pointed to by +.Fa app_data . +The default RSA implementation does not use +.Fa app_data . +.Pp +.Fn RSA_meth_get_init +and +.Fn RSA_meth_set_init +get and set an optional function used when creating a new +.Vt RSA +object. +Unless +.Fa init +is +.Dv NULL , +it will be called at the end of +.Xr RSA_new 3 , +.Xr RSA_new_method 3 , +and +.Xr RSA_set_method 3 , +passing a pointer to the newly allocated or reset +.Vt RSA +object as an argument. +The default RSA implementation, +.Xr RSA_PKCS1_SSLeay 3 , +contains an +.Fa init +function equivalent to calling +.Xr RSA_set_flags 3 +with an argument of +.Dv RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE . .Pp .Fn RSA_meth_get_finish and @@ -170,24 +410,125 @@ Unless is .Dv NULL , it will be called from +.Xr RSA_set_method 3 +and from .Xr RSA_free 3 . -It takes the same argument +It takes the same argument as +.Xr RSA_free 3 and is intended to do RSA implementation specific cleanup. The memory used by the .Vt RSA object itself should not be freed by the .Fa finish function. +The default RSA implementation contains a +.Fa finish +function freeing the memory used by the +.Dv RSA_FLAG_CACHE_PUBLIC +and +.Dv RSA_FLAG_CACHE_PRIVATE +caches. .Pp -.Fn RSA_meth_set_priv_enc +.Fn RSA_meth_get_pub_enc , +.Fn RSA_meth_set_pub_enc , +.Fn RSA_meth_get_pub_dec , +.Fn RSA_meth_set_pub_dec , +.Fn RSA_meth_get_priv_enc , +.Fn RSA_meth_set_priv_enc , +.Fn RSA_meth_get_priv_dec , and .Fn RSA_meth_set_priv_dec -set the functions used for private key encryption and decryption. +get and set the mandatory functions +used for public and private key encryption and decryption. These functions will be called from +.Xr RSA_public_encrypt 3 , +.Xr RSA_public_decrypt 3 , +.Xr RSA_private_encrypt 3 , +and +.Xr RSA_private_decrypt 3 , +respectively, and take the same parameters as those. +.Pp +.Fn RSA_meth_get_sign , +.Fn RSA_meth_set_sign , +.Fn RSA_meth_get_verify , +and +.Fn RSA_meth_set_verify +get and set the optional functions +used for creating and verifying an RSA signature. +If the flag +.Dv RSA_FLAG_SIGN_VER +is set on the +.Vt RSA +object in question and +.Fa sign +or +.Fa verify +is not +.Dv NULL , +it will be called from +.Xr RSA_sign 3 +or +.Xr RSA_verify 3 , +respectively, and take the same parameters as those. +Otherwise, +.Xr RSA_private_encrypt 3 +or +.Xr RSA_public_decrypt 3 +will be used instead. +.Pp +.Fn RSA_meth_get_mod_exp +and +.Fn RSA_meth_set_mod_exp +get and set the function used for CRT computations involving the +.Fa p , +.Fa q , +.Fa dmp1 , +.Fa dmq1 , +and +.Fa iqmp +fields of an +.Vt RSA +object. +It is used by the default RSA implementation during +.Xr RSA_private_encrypt 3 +and .Xr RSA_private_decrypt 3 +when the required components of the private key are available +or when the +.Dv RSA_FLAG_EXT_PKEY +flag is set. +.Pp +.Fn RSA_meth_get_bn_mod_exp +and +.Fn RSA_meth_set_bn_mod_exp +get and set the function used for CRT computations, +specifically the value r = +.Fa a +\(ha +.Fa p +mod +.Fa m . +It is used by the default RSA implementation during +.Xr RSA_public_encrypt 3 and +.Xr RSA_public_decrypt 3 +and as a fallback during .Xr RSA_private_encrypt 3 -and take the same parameters as those. +and +.Xr RSA_private_decrypt 3 . +.Pp +.Fn RSA_meth_get_keygen +and +.Fn RSA_meth_set_keygen +get and set the optional function used for generating a new RSA key pair. +Unless +.Fa keygen +is +.Dv NULL , +it will be called from +.Xr RSA_generate_key_ex 3 +and takes the same parameters. +Otherwise, a builtin default implementation is used. .Sh RETURN VALUES .Fn RSA_meth_new and @@ -198,20 +539,87 @@ object or .Dv NULL on failure. .Pp +.Fn RSA_meth_get0_name +returns an internal pointer which must not be freed by the caller. +.Pp +.Fn RSA_meth_get_flags +returns zero or more +.Dv RSA_FLAG_* +constants OR'ed together, or 0 if no flags are set in +.Fa meth . +.Pp +.Fn RSA_meth_get0_app_data +returns the pointer that was earlier passed to +.Fn RSA_meth_set0_app_data +or +.Dv NULL +otherwise. +.Pp +All other +.Fn RSA_meth_get_* +functions return the appropriate function pointer that has been set +with the corresponding +.Fn RSA_meth_set_* +function, or +.Dv NULL +if no such pointer has been set in +.Fa meth . +.Pp All .Fn RSA_meth_set* functions return 1 on success or 0 on failure. +In the current implementation, only +.Fn RSA_meth_set1_name +can actually fail. .Sh SEE ALSO +.Xr RSA_generate_key_ex 3 , .Xr RSA_new 3 , -.Xr RSA_private_decrypt 3 , .Xr RSA_private_encrypt 3 , -.Xr RSA_set_method 3 +.Xr RSA_public_encrypt 3 , +.Xr RSA_set_flags 3 , +.Xr RSA_set_method 3 , +.Xr RSA_sign 3 .Sh HISTORY These functions first appeared in OpenSSL 1.1.0. -.Fn RSA_meth_get_finish +.Fn RSA_meth_new , +.Fn RSA_meth_dup , +.Fn RSA_meth_free , +.Fn RSA_meth_set_finish , +.Fn RSA_meth_set_priv_enc , and -.Fn RSA_meth_set1_name +.Fn RSA_meth_set_priv_dec have been available since +.Ox 6.3 , +.Fn RSA_meth_set1_name +and +.Fn RSA_meth_get_finish +since .Ox 6.4 , -all the other functions since -.Ox 6.3 . +and +.Fn RSA_meth_get0_name , +.Fn RSA_meth_get_flags , +.Fn RSA_meth_set_flags , +.Fn RSA_meth_get0_app_data , +.Fn RSA_meth_set0_app_data , +.Fn RSA_meth_get_init , +.Fn RSA_meth_set_init , +.Fn RSA_meth_set_finish , +.Fn RSA_meth_get_pub_enc , +.Fn RSA_meth_set_pub_enc , +.Fn RSA_meth_get_pub_dec , +.Fn RSA_meth_set_pub_dec , +.Fn RSA_meth_get_priv_enc , +.Fn RSA_meth_get_priv_dec , +.Fn RSA_meth_get_sign , +.Fn RSA_meth_set_sign , +.Fn RSA_meth_get_verify , +.Fn RSA_meth_set_verify , +.Fn RSA_meth_get_mod_exp , +.Fn RSA_meth_set_mod_exp , +.Fn RSA_meth_get_bn_mod_exp , +.Fn RSA_meth_set_bn_mod_exp , +.Fn RSA_meth_get_keygen , +and +.Fn RSA_meth_set_keygen +since +.Ox 6.6 . diff --git a/src/lib/libcrypto/man/RSA_new.3 b/src/lib/libcrypto/man/RSA_new.3 index 8f0e2c2a5e..7e40c11987 100644 --- a/src/lib/libcrypto/man/RSA_new.3 +++ b/src/lib/libcrypto/man/RSA_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_new.3,v 1.11 2019/06/06 01:06:59 schwarze Exp $ +.\" $OpenBSD: RSA_new.3,v 1.12 2019/06/08 09:53:15 schwarze Exp $ .\" OpenSSL doc/man3/RSA_new.pod 99d63d46 Oct 26 13:56:48 2016 -0400 .\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: June 6 2019 $ +.Dd $Mdocdate: June 8 2019 $ .Dt RSA_NEW 3 .Os .Sh NAME @@ -88,7 +88,15 @@ increments the reference count by 1. .Pp .Fn RSA_free decrements the reference count by 1. -If it reaches 0, it frees the +If it reaches 0, it calls the optional +.Fa finish +function set up with +.Xr RSA_meth_set_finish 3 , +calls +.Xr ENGINE_finish 3 +if +.Fa rsa +uses an engine, and frees the .Vt RSA structure and its components. The key is erased before the memory is returned to the system. diff --git a/src/lib/libcrypto/man/RSA_set_method.3 b/src/lib/libcrypto/man/RSA_set_method.3 index 524430b6f8..53d41f5516 100644 --- a/src/lib/libcrypto/man/RSA_set_method.3 +++ b/src/lib/libcrypto/man/RSA_set_method.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_set_method.3,v 1.13 2019/05/20 06:04:45 jmc Exp $ +.\" $OpenBSD: RSA_set_method.3,v 1.14 2019/06/08 09:53:15 schwarze Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Ulf Moeller @@ -50,7 +50,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 20 2019 $ +.Dd $Mdocdate: June 8 2019 $ .Dt RSA_SET_METHOD 3 .Os .Sh NAME @@ -121,12 +121,25 @@ selects .Fa meth to perform all operations using the key .Fa rsa . -This replaces the +This replaces the previous .Vt RSA_METHOD -used by the RSA key, and if the previous method was supplied by an +used by the RSA key, calling the +.Fa finish +function set up with +.Xr RSA_meth_set_finish 3 +if any, and if the previous method was supplied by an .Vt ENGINE , .Xr ENGINE_finish 3 is called on it. +If +.Fa meth +contains an +.Fa init +function set up with +.Xr RSA_meth_set_init 3 , +that function is called just before returning from +.Fn RSA_set_method . +.Pp It is possible to have RSA keys that only work with certain .Vt RSA_METHOD implementations (e.g. from an @@ -148,14 +161,19 @@ to be valid as long as the RSA key itself is valid and does not have its implementation changed by .Fn RSA_set_method . .Pp +The misleadingly named function .Fn RSA_flags returns the flags that are set for the current .Vt RSA_METHOD of .Fa rsa . +The flags used by +.Fa rsa +itself can instead be tested with +.Xr RSA_test_flags 3 . See the .Sx BUGS -section. +section for more details. .Pp .Fn RSA_new_method allocates and initializes an @@ -175,6 +193,18 @@ the default method controlled by .Fn RSA_set_default_method is used. .Pp +The initial +.Fa flags +are copied from the +.Vt RSA_METHOD +object used and will not be affected by later changes to that object, +but may be modified by the optional +.Fa init +function which may have been set up with +.Xr RSA_meth_set_init 3 +and which is called just before returning from +.Fn RSA_new_method . +.Pp The .Dv RSA_METHOD structure is defined as follows: @@ -185,27 +215,28 @@ typedef struct rsa_meth_st const char *name; /* encrypt */ - int (*rsa_pub_enc)(int flen, unsigned char *from, + int (*rsa_pub_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); /* verify arbitrary data */ - int (*rsa_pub_dec)(int flen, unsigned char *from, + int (*rsa_pub_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); /* sign arbitrary data */ - int (*rsa_priv_enc)(int flen, unsigned char *from, + int (*rsa_priv_enc)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); /* decrypt */ - int (*rsa_priv_dec)(int flen, unsigned char *from, + int (*rsa_priv_dec)(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some implementations) */ - int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); + int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx); /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* called at RSA_new */ @@ -218,7 +249,6 @@ typedef struct rsa_meth_st * operations, even if p,q,dmp1,dmq1,iqmp * are NULL * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify - * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match */ int flags; @@ -227,14 +257,19 @@ typedef struct rsa_meth_st /* sign. For backward compatibility, this is used only * if (flags & RSA_FLAG_SIGN_VER) */ - int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); + int (*rsa_sign)(int type, const unsigned char *m, + unsigned int m_len, unsigned char *sigret, + unsigned int *siglen, const RSA *rsa); /* verify. For backward compatibility, this is used only * if (flags & RSA_FLAG_SIGN_VER) */ - int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + int (*rsa_verify)(int type, const unsigned char *m, + unsigned int m_len, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); + + /* called at RSA_generate_key_ex; may be NULL */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); } RSA_METHOD; .Ed diff --git a/src/lib/libcrypto/man/RSA_sign.3 b/src/lib/libcrypto/man/RSA_sign.3 index 80e0b0e957..166f2310a5 100644 --- a/src/lib/libcrypto/man/RSA_sign.3 +++ b/src/lib/libcrypto/man/RSA_sign.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: RSA_sign.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" $OpenBSD: RSA_sign.3,v 1.7 2019/06/08 09:53:15 schwarze Exp $ .\" OpenSSL aa90ca11 Aug 20 15:48:56 2016 -0400 .\" .\" This file was written by Ulf Moeller . @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 27 2018 $ +.Dd $Mdocdate: June 8 2019 $ .Dt RSA_SIGN 3 .Os .Sh NAME @@ -133,6 +133,7 @@ The error codes can be obtained by .Xr ERR_get_error 3 . .Sh SEE ALSO .Xr ERR_get_error 3 , +.Xr RSA_meth_set_sign 3 , .Xr RSA_new 3 , .Xr RSA_private_encrypt 3 , .Xr RSA_public_decrypt 3 -- cgit v1.2.3-55-g6feb