Drop support for custom |mod_exp| hooks in |RSA_METHOD|.
The documentation in |RSA_METHOD| says that the |ctx| parameter to
|mod_exp| can be NULL, however the default implementation doesn't
handle that case. That wouldn't matter since internally it is always
called with a non-NULL |ctx| and it is static, but an external
application could get a pointer to |mod_exp| by extracting it from
the default |RSA_METHOD|. That's unlikely, but making that impossible
reduces the chances that future refactorings will cause unexpected
trouble.
Change-Id: Ie0e35e9f107551a16b49c1eb91d0d3386604e594
Reviewed-on: https://boringssl-review.googlesource.com/7580
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 5dbc77a..2cbb1f8 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -408,9 +408,7 @@
/* RSA_FLAG_NO_BLINDING disables blinding of private operations. */
#define RSA_FLAG_NO_BLINDING 8
-/* RSA_FLAG_EXT_PKEY means that private key operations will be handled by
- * |mod_exp| and that they do not depend on the private key components being
- * present: for example a key stored in external hardware. */
+/* RSA_FLAG_EXT_PKEY is deprecated and ignored. */
#define RSA_FLAG_EXT_PKEY 0x20
/* RSA_FLAG_SIGN_VER causes the |sign| and |verify| functions of |rsa_meth_st|
@@ -521,8 +519,8 @@
int (*private_transform)(RSA *rsa, uint8_t *out, const uint8_t *in,
size_t len);
- int (*mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx); /* Can be null */
+ /* mod_exp is deprecated and ignored. Set it to NULL. */
+ int (*mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
/* bn_mod_exp is deprecated and ignored. Set it to NULL. */
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
