diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa.h | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index 3699afaaaf..5bb932ae15 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h | |||
| @@ -74,6 +74,25 @@ | |||
| 74 | #error RSA is disabled. | 74 | #error RSA is disabled. |
| 75 | #endif | 75 | #endif |
| 76 | 76 | ||
| 77 | /* If this flag is set the RSA method is FIPS compliant and can be used | ||
| 78 | * in FIPS mode. This is set in the validated module method. If an | ||
| 79 | * application sets this flag in its own methods it is its reposibility | ||
| 80 | * to ensure the result is compliant. | ||
| 81 | */ | ||
| 82 | |||
| 83 | #define RSA_FLAG_FIPS_METHOD 0x0400 | ||
| 84 | |||
| 85 | /* If this flag is set the operations normally disabled in FIPS mode are | ||
| 86 | * permitted it is then the applications responsibility to ensure that the | ||
| 87 | * usage is compliant. | ||
| 88 | */ | ||
| 89 | |||
| 90 | #define RSA_FLAG_NON_FIPS_ALLOW 0x0400 | ||
| 91 | |||
| 92 | #ifdef OPENSSL_FIPS | ||
| 93 | #define FIPS_RSA_SIZE_T int | ||
| 94 | #endif | ||
| 95 | |||
| 77 | #ifdef __cplusplus | 96 | #ifdef __cplusplus |
| 78 | extern "C" { | 97 | extern "C" { |
| 79 | #endif | 98 | #endif |
| @@ -163,6 +182,8 @@ struct rsa_st | |||
| 163 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | 182 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 |
| 164 | #endif | 183 | #endif |
| 165 | 184 | ||
| 185 | #define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 | ||
| 186 | |||
| 166 | #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS | 187 | #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS |
| 167 | # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 | 188 | # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 |
| 168 | #endif | 189 | #endif |
| @@ -240,6 +261,11 @@ RSA * RSA_generate_key(int bits, unsigned long e,void | |||
| 240 | 261 | ||
| 241 | /* New version */ | 262 | /* New version */ |
| 242 | int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); | 263 | int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); |
| 264 | int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, | ||
| 265 | const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, | ||
| 266 | const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, | ||
| 267 | const BIGNUM *e, BN_GENCB *cb); | ||
| 268 | int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); | ||
| 243 | 269 | ||
| 244 | int RSA_check_key(const RSA *); | 270 | int RSA_check_key(const RSA *); |
| 245 | /* next 4 return -1 on error */ | 271 | /* next 4 return -1 on error */ |
| @@ -257,6 +283,11 @@ int RSA_up_ref(RSA *r); | |||
| 257 | 283 | ||
| 258 | int RSA_flags(const RSA *r); | 284 | int RSA_flags(const RSA *r); |
| 259 | 285 | ||
| 286 | #ifdef OPENSSL_FIPS | ||
| 287 | RSA *FIPS_rsa_new(void); | ||
| 288 | void FIPS_rsa_free(RSA *r); | ||
| 289 | #endif | ||
| 290 | |||
| 260 | void RSA_set_default_method(const RSA_METHOD *meth); | 291 | void RSA_set_default_method(const RSA_METHOD *meth); |
| 261 | const RSA_METHOD *RSA_get_default_method(void); | 292 | const RSA_METHOD *RSA_get_default_method(void); |
| 262 | const RSA_METHOD *RSA_get_method(const RSA *rsa); | 293 | const RSA_METHOD *RSA_get_method(const RSA *rsa); |
| @@ -370,6 +401,8 @@ void ERR_load_RSA_strings(void); | |||
| 370 | /* Error codes for the RSA functions. */ | 401 | /* Error codes for the RSA functions. */ |
| 371 | 402 | ||
| 372 | /* Function codes. */ | 403 | /* Function codes. */ |
| 404 | #define RSA_F_FIPS_RSA_SIGN 140 | ||
| 405 | #define RSA_F_FIPS_RSA_VERIFY 141 | ||
| 373 | #define RSA_F_MEMORY_LOCK 100 | 406 | #define RSA_F_MEMORY_LOCK 100 |
| 374 | #define RSA_F_RSA_BUILTIN_KEYGEN 129 | 407 | #define RSA_F_RSA_BUILTIN_KEYGEN 129 |
| 375 | #define RSA_F_RSA_CHECK_KEY 123 | 408 | #define RSA_F_RSA_CHECK_KEY 123 |
| @@ -401,7 +434,11 @@ void ERR_load_RSA_strings(void); | |||
| 401 | #define RSA_F_RSA_PADDING_CHECK_X931 128 | 434 | #define RSA_F_RSA_PADDING_CHECK_X931 128 |
| 402 | #define RSA_F_RSA_PRINT 115 | 435 | #define RSA_F_RSA_PRINT 115 |
| 403 | #define RSA_F_RSA_PRINT_FP 116 | 436 | #define RSA_F_RSA_PRINT_FP 116 |
| 437 | #define RSA_F_RSA_PRIVATE_ENCRYPT 137 | ||
| 438 | #define RSA_F_RSA_PUBLIC_DECRYPT 138 | ||
| 404 | #define RSA_F_RSA_SETUP_BLINDING 136 | 439 | #define RSA_F_RSA_SETUP_BLINDING 136 |
| 440 | #define RSA_F_RSA_SET_DEFAULT_METHOD 139 | ||
| 441 | #define RSA_F_RSA_SET_METHOD 142 | ||
| 405 | #define RSA_F_RSA_SIGN 117 | 442 | #define RSA_F_RSA_SIGN 117 |
| 406 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 | 443 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 |
| 407 | #define RSA_F_RSA_VERIFY 119 | 444 | #define RSA_F_RSA_VERIFY 119 |
| @@ -435,10 +472,12 @@ void ERR_load_RSA_strings(void); | |||
| 435 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 | 472 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 |
| 436 | #define RSA_R_LAST_OCTET_INVALID 134 | 473 | #define RSA_R_LAST_OCTET_INVALID 134 |
| 437 | #define RSA_R_MODULUS_TOO_LARGE 105 | 474 | #define RSA_R_MODULUS_TOO_LARGE 105 |
| 475 | #define RSA_R_NON_FIPS_METHOD 141 | ||
| 438 | #define RSA_R_NO_PUBLIC_EXPONENT 140 | 476 | #define RSA_R_NO_PUBLIC_EXPONENT 140 |
| 439 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 | 477 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 |
| 440 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 | 478 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 |
| 441 | #define RSA_R_OAEP_DECODING_ERROR 121 | 479 | #define RSA_R_OAEP_DECODING_ERROR 121 |
| 480 | #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 | ||
| 442 | #define RSA_R_PADDING_CHECK_FAILED 114 | 481 | #define RSA_R_PADDING_CHECK_FAILED 114 |
| 443 | #define RSA_R_P_NOT_PRIME 128 | 482 | #define RSA_R_P_NOT_PRIME 128 |
| 444 | #define RSA_R_Q_NOT_PRIME 129 | 483 | #define RSA_R_Q_NOT_PRIME 129 |