rsa: deprecate accidentally-exposed API.

briansmith · briansmith · commit 6af531f2c512 · 2025-03-09T10:34:07.000-07:00
diff --git a/src/rsa/keypair.rs b/src/rsa/keypair.rs
@@ -13,7 +13,8 @@
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 use super::{
-    padding::RsaEncoding, KeyPairComponents, PublicExponent, PublicKey, PublicKeyComponents, N,
+    padding::{self, RsaEncoding},
+    KeyPairComponents, PublicExponent, PublicKey, PublicKeyComponents, N,
 };
 
 /// RSA PKCS#1 1.5 signatures.
@@ -546,7 +547,13 @@ impl KeyPair {
 
         // Use the output buffer as the scratch space for the signature to
         // reduce the required stack space.
-        padding_alg.encode(m_hash, signature, self.public().inner().n().len_bits(), rng)?;
+        padding::encode(
+            padding_alg,
+            m_hash,
+            signature,
+            self.public().inner().n().len_bits(),
+            rng,
+        )?;
 
         // RFC 8017 Section 5.1.2: RSADP, using the Chinese Remainder Theorem
         // with Garner's algorithm.
diff --git a/src/rsa/padding.rs b/src/rsa/padding.rs
@@ -30,11 +30,23 @@ pub trait Padding: 'static + Sync + crate::sealed::Sealed + core::fmt::Debug {
     fn digest_alg(&self) -> &'static digest::Algorithm;
 }
 
+pub(super) fn encode(
+    encoding: &dyn RsaEncoding,
+    m_hash: digest::Digest,
+    m_out: &mut [u8],
+    mod_bits: bits::BitLength,
+    rng: &dyn rand::SecureRandom,
+) -> Result<(), error::Unspecified> {
+    #[allow(deprecated)]
+    encoding.encode(m_hash, m_out, mod_bits, rng)
+}
+
 /// An RSA signature encoding as described in [RFC 3447 Section 8].
 ///
 /// [RFC 3447 Section 8]: https://tools.ietf.org/html/rfc3447#section-8
 #[cfg(feature = "alloc")]
 pub trait RsaEncoding: Padding {
+    #[deprecated(note = "internal API that will be removed")]
     #[doc(hidden)]
     fn encode(
         &self,
@@ -153,6 +165,7 @@ mod test {
 
                 let mut m_out = vec![0u8; bit_len.as_usize_bytes_rounded_up()];
                 let digest = digest::digest(alg.digest_alg(), &msg);
+                #[allow(deprecated)]
                 alg.encode(digest, &mut m_out, bit_len, &rng).unwrap();
                 assert_eq!(m_out, encoded);
 
