Add RSA_flags and RSA_METHOD_FLAG_NO_CHECK.
RSA_METHOD_FLAG_NO_CHECK is the same as our RSA_FLAG_OPAQUE. cURL uses
this to determine if it should call SSL_CTX_check_private_key.
Change-Id: Ie2953632346a31de346a4452f4eaad8435cf76e8
Reviewed-on: https://boringssl-review.googlesource.com/24245
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/rsa/rsa.c b/crypto/fipsmodule/rsa/rsa.c
index 4a84314..ffe2cd0 100644
--- a/crypto/fipsmodule/rsa/rsa.c
+++ b/crypto/fipsmodule/rsa/rsa.c
@@ -852,6 +852,8 @@
return rsa_default_private_transform(rsa, out, in, len);
}
+int RSA_flags(const RSA *rsa) { return rsa->flags; }
+
int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) {
return 1;
}
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 1a0b74b..1731f14 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -509,6 +509,12 @@
// Deprecated functions.
+#define RSA_METHOD_FLAG_NO_CHECK RSA_FLAG_OPAQUE
+
+// RSA_flags returns the flags for |rsa|. These are a bitwise OR of |RSA_FLAG_*|
+// constants.
+OPENSSL_EXPORT int RSA_flags(const RSA *rsa);
+
// RSA_blinding_on returns one.
OPENSSL_EXPORT int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
