resolve conflicts, fix local changes

author: djm <> 2010-10-01 22:59:01 +0000
committer: djm <> 2010-10-01 22:59:01 +0000
commit: fe047d8b632246cb2db3234a0a4f32e5c318857b (patch)
tree: 939b752540947d33507b3acc48d76a8bfb7c3dc3 /src/lib/libcrypto/rsa/rsa.h
parent: 2ea67f4aa254b09ded62e6e14fc893bbe6381579 (diff)
download: openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.gz
openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.bz2
openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.zip
1 files changed, 48 insertions, 41 deletions
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 5bb932ae15..cf74343657 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -74,25 +74,6 @@
 #error RSA is disabled.
 #endif
-/* If this flag is set the RSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-#define RSA_FLAG_FIPS_METHOD                    0x0400
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-#define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
-#ifdef OPENSSL_FIPS
-#define FIPS_RSA_SIZE_T int
-#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -136,7 +117,8 @@ struct rsa_meth_st
                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
        int (*rsa_verify)(int dtype,
                const unsigned char *m, unsigned int m_length,
-                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+                const unsigned char *sigbuf, unsigned int siglen,
+                                                                const RSA *rsa);
 /* If this callback is NULL, the builtin software RSA key-gen will be used. This
 * is for behavioural compatibility whilst the code gets rewired, but one day
 * it would be nice to assume there are no such things as "builtin software"
@@ -182,8 +164,6 @@ struct rsa_st
 # define OPENSSL_RSA_MAX_MODULUS_BITS   16384
 #endif
-#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
 #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
 # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
 #endif
@@ -238,11 +218,37 @@ struct rsa_st
 #endif
+#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
+                                pad, NULL)
+#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                                EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
+                                len, NULL)
+#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
+#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
+#define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
+#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
+#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
 #define RSA_PKCS1_PADDING       1
 #define RSA_SSLV23_PADDING      2
 #define RSA_NO_PADDING          3
 #define RSA_PKCS1_OAEP_PADDING  4
 #define RSA_X931_PADDING        5
+/* EVP_PKEY_ only */
+#define RSA_PKCS1_PSS_PADDING   6
 #define RSA_PKCS1_PADDING_SIZE  11
@@ -261,11 +267,6 @@ RSA *	RSA_generate_key(int bits, unsigned long e,void
 /* New version */
 int     RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
-                        const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
-                        const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
-                        const BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
 int     RSA_check_key(const RSA *);
        /* next 4 return -1 on error */
@@ -283,11 +284,6 @@ int	RSA_up_ref(RSA *r);
 int     RSA_flags(const RSA *r);
-#ifdef OPENSSL_FIPS
-RSA *FIPS_rsa_new(void);
-void FIPS_rsa_free(RSA *r);
-#endif
 void RSA_set_default_method(const RSA_METHOD *meth);
 const RSA_METHOD *RSA_get_default_method(void);
 const RSA_METHOD *RSA_get_method(const RSA *rsa);
@@ -333,7 +329,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
 int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
        unsigned char *sigret, unsigned int *siglen, RSA *rsa);
 int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
-        unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+        const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
 * object inside PKCS#1 padded RSA encryption */
@@ -401,9 +397,15 @@ void ERR_load_RSA_strings(void);
 /* Error codes for the RSA functions. */
 /* Function codes. */
-#define RSA_F_FIPS_RSA_SIGN                              140
+#define RSA_F_CHECK_PADDING_MD                           140
-#define RSA_F_FIPS_RSA_VERIFY                            141
+#define RSA_F_DO_RSA_PRINT                               146
+#define RSA_F_INT_RSA_VERIFY                             145
 #define RSA_F_MEMORY_LOCK                                100
+#define RSA_F_OLD_RSA_PRIV_DECODE                        147
+#define RSA_F_PKEY_RSA_CTRL                              143
+#define RSA_F_PKEY_RSA_CTRL_STR                          144
+#define RSA_F_PKEY_RSA_SIGN                              142
+#define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
 #define RSA_F_RSA_BUILTIN_KEYGEN                         129
 #define RSA_F_RSA_CHECK_KEY                              123
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
@@ -434,11 +436,10 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_CHECK_X931                     128
 #define RSA_F_RSA_PRINT                                  115
 #define RSA_F_RSA_PRINT_FP                               116
-#define RSA_F_RSA_PRIVATE_ENCRYPT                        137
+#define RSA_F_RSA_PRIV_DECODE                            137
-#define RSA_F_RSA_PUBLIC_DECRYPT                         138
+#define RSA_F_RSA_PRIV_ENCODE                            138
+#define RSA_F_RSA_PUB_DECODE                             139
 #define RSA_F_RSA_SETUP_BLINDING                         136
-#define RSA_F_RSA_SET_DEFAULT_METHOD                     139
-#define RSA_F_RSA_SET_METHOD                             142
 #define RSA_F_RSA_SIGN                                   117
 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
 #define RSA_F_RSA_VERIFY                                 119
@@ -464,20 +465,25 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
 #define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
 #define RSA_R_FIRST_OCTET_INVALID                        133
+#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
+#define RSA_R_INVALID_DIGEST_LENGTH                      143
 #define RSA_R_INVALID_HEADER                             137
+#define RSA_R_INVALID_KEYBITS                            145
 #define RSA_R_INVALID_MESSAGE_LENGTH                     131
 #define RSA_R_INVALID_PADDING                            138
+#define RSA_R_INVALID_PADDING_MODE                       141
+#define RSA_R_INVALID_PSS_SALTLEN                        146
 #define RSA_R_INVALID_TRAILER                            139
+#define RSA_R_INVALID_X931_DIGEST                        142
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
 #define RSA_R_KEY_SIZE_TOO_SMALL                         120
 #define RSA_R_LAST_OCTET_INVALID                         134
 #define RSA_R_MODULUS_TOO_LARGE                          105
-#define RSA_R_NON_FIPS_METHOD                            141
 #define RSA_R_NO_PUBLIC_EXPONENT                         140
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
 #define RSA_R_OAEP_DECODING_ERROR                        121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE         142
+#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
 #define RSA_R_PADDING_CHECK_FAILED                       114
 #define RSA_R_P_NOT_PRIME                                128
 #define RSA_R_Q_NOT_PRIME                                129
@@ -488,6 +494,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
 #define RSA_R_UNKNOWN_PADDING_TYPE                       118
+#define RSA_R_VALUE_MISSING                              147
 #define RSA_R_WRONG_SIGNATURE_LENGTH                     119
 #ifdef  __cplusplus
author	djm <>	2010-10-01 22:59:01 +0000
committer	djm <>	2010-10-01 22:59:01 +0000
commit	fe047d8b632246cb2db3234a0a4f32e5c318857b (patch)
tree	939b752540947d33507b3acc48d76a8bfb7c3dc3 /src/lib/libcrypto/rsa/rsa.h
parent	2ea67f4aa254b09ded62e6e14fc893bbe6381579 (diff)
download	openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.gz openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.tar.bz2 openbsd-fe047d8b632246cb2db3234a0a4f32e5c318857b.zip