diff options
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa.h')
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa.h | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h index 3a8fe5b56b..702c50d6dc 100644 --- a/src/lib/libcrypto/dsa/dsa.h +++ b/src/lib/libcrypto/dsa/dsa.h | |||
| @@ -88,6 +88,8 @@ | |||
| 88 | # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 | 88 | # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 |
| 89 | #endif | 89 | #endif |
| 90 | 90 | ||
| 91 | #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 | ||
| 92 | |||
| 91 | #define DSA_FLAG_CACHE_MONT_P 0x01 | 93 | #define DSA_FLAG_CACHE_MONT_P 0x01 |
| 92 | #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA | 94 | #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA |
| 93 | * implementation now uses constant time | 95 | * implementation now uses constant time |
| @@ -97,6 +99,25 @@ | |||
| 97 | * be used for all exponents. | 99 | * be used for all exponents. |
| 98 | */ | 100 | */ |
| 99 | 101 | ||
| 102 | /* If this flag is set the DSA method is FIPS compliant and can be used | ||
| 103 | * in FIPS mode. This is set in the validated module method. If an | ||
| 104 | * application sets this flag in its own methods it is its reposibility | ||
| 105 | * to ensure the result is compliant. | ||
| 106 | */ | ||
| 107 | |||
| 108 | #define DSA_FLAG_FIPS_METHOD 0x0400 | ||
| 109 | |||
| 110 | /* If this flag is set the operations normally disabled in FIPS mode are | ||
| 111 | * permitted it is then the applications responsibility to ensure that the | ||
| 112 | * usage is compliant. | ||
| 113 | */ | ||
| 114 | |||
| 115 | #define DSA_FLAG_NON_FIPS_ALLOW 0x0400 | ||
| 116 | |||
| 117 | #ifdef OPENSSL_FIPS | ||
| 118 | #define FIPS_DSA_SIZE_T int | ||
| 119 | #endif | ||
| 120 | |||
| 100 | #ifdef __cplusplus | 121 | #ifdef __cplusplus |
| 101 | extern "C" { | 122 | extern "C" { |
| 102 | #endif | 123 | #endif |
| @@ -189,6 +210,11 @@ void DSA_set_default_method(const DSA_METHOD *); | |||
| 189 | const DSA_METHOD *DSA_get_default_method(void); | 210 | const DSA_METHOD *DSA_get_default_method(void); |
| 190 | int DSA_set_method(DSA *dsa, const DSA_METHOD *); | 211 | int DSA_set_method(DSA *dsa, const DSA_METHOD *); |
| 191 | 212 | ||
| 213 | #ifdef OPENSSL_FIPS | ||
| 214 | DSA * FIPS_dsa_new(void); | ||
| 215 | void FIPS_dsa_free (DSA *r); | ||
| 216 | #endif | ||
| 217 | |||
| 192 | DSA * DSA_new(void); | 218 | DSA * DSA_new(void); |
| 193 | DSA * DSA_new_method(ENGINE *engine); | 219 | DSA * DSA_new_method(ENGINE *engine); |
| 194 | void DSA_free (DSA *r); | 220 | void DSA_free (DSA *r); |
| @@ -249,6 +275,11 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off); | |||
| 249 | DH *DSA_dup_DH(const DSA *r); | 275 | DH *DSA_dup_DH(const DSA *r); |
| 250 | #endif | 276 | #endif |
| 251 | 277 | ||
| 278 | #ifdef OPENSSL_FIPS | ||
| 279 | int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); | ||
| 280 | int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); | ||
| 281 | #endif | ||
| 282 | |||
| 252 | /* BEGIN ERROR CODES */ | 283 | /* BEGIN ERROR CODES */ |
| 253 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 284 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 254 | * made after this point may be overwritten when the script is next run. | 285 | * made after this point may be overwritten when the script is next run. |
| @@ -261,11 +292,16 @@ void ERR_load_DSA_strings(void); | |||
| 261 | #define DSA_F_D2I_DSA_SIG 110 | 292 | #define DSA_F_D2I_DSA_SIG 110 |
| 262 | #define DSA_F_DSAPARAMS_PRINT 100 | 293 | #define DSA_F_DSAPARAMS_PRINT 100 |
| 263 | #define DSA_F_DSAPARAMS_PRINT_FP 101 | 294 | #define DSA_F_DSAPARAMS_PRINT_FP 101 |
| 295 | #define DSA_F_DSA_BUILTIN_KEYGEN 119 | ||
| 296 | #define DSA_F_DSA_BUILTIN_PARAMGEN 118 | ||
| 264 | #define DSA_F_DSA_DO_SIGN 112 | 297 | #define DSA_F_DSA_DO_SIGN 112 |
| 265 | #define DSA_F_DSA_DO_VERIFY 113 | 298 | #define DSA_F_DSA_DO_VERIFY 113 |
| 299 | #define DSA_F_DSA_GENERATE_PARAMETERS 117 | ||
| 266 | #define DSA_F_DSA_NEW_METHOD 103 | 300 | #define DSA_F_DSA_NEW_METHOD 103 |
| 267 | #define DSA_F_DSA_PRINT 104 | 301 | #define DSA_F_DSA_PRINT 104 |
| 268 | #define DSA_F_DSA_PRINT_FP 105 | 302 | #define DSA_F_DSA_PRINT_FP 105 |
| 303 | #define DSA_F_DSA_SET_DEFAULT_METHOD 115 | ||
| 304 | #define DSA_F_DSA_SET_METHOD 116 | ||
| 269 | #define DSA_F_DSA_SIGN 106 | 305 | #define DSA_F_DSA_SIGN 106 |
| 270 | #define DSA_F_DSA_SIGN_SETUP 107 | 306 | #define DSA_F_DSA_SIGN_SETUP 107 |
| 271 | #define DSA_F_DSA_SIG_NEW 109 | 307 | #define DSA_F_DSA_SIG_NEW 109 |
| @@ -276,8 +312,11 @@ void ERR_load_DSA_strings(void); | |||
| 276 | /* Reason codes. */ | 312 | /* Reason codes. */ |
| 277 | #define DSA_R_BAD_Q_VALUE 102 | 313 | #define DSA_R_BAD_Q_VALUE 102 |
| 278 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 | 314 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 |
| 315 | #define DSA_R_KEY_SIZE_TOO_SMALL 106 | ||
| 279 | #define DSA_R_MISSING_PARAMETERS 101 | 316 | #define DSA_R_MISSING_PARAMETERS 101 |
| 280 | #define DSA_R_MODULUS_TOO_LARGE 103 | 317 | #define DSA_R_MODULUS_TOO_LARGE 103 |
| 318 | #define DSA_R_NON_FIPS_METHOD 104 | ||
| 319 | #define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105 | ||
| 281 | 320 | ||
| 282 | #ifdef __cplusplus | 321 | #ifdef __cplusplus |
| 283 | } | 322 | } |