diff options
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa.h')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa.h | 89 |
1 files changed, 48 insertions, 41 deletions
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index 5bb932ae15..cf74343657 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h | |||
| @@ -74,25 +74,6 @@ | |||
| 74 | #error RSA is disabled. | 74 | #error RSA is disabled. |
| 75 | #endif | 75 | #endif |
| 76 | 76 | ||
| 77 | /* If this flag is set the RSA method is FIPS compliant and can be used | ||
| 78 | * in FIPS mode. This is set in the validated module method. If an | ||
| 79 | * application sets this flag in its own methods it is its reposibility | ||
| 80 | * to ensure the result is compliant. | ||
| 81 | */ | ||
| 82 | |||
| 83 | #define RSA_FLAG_FIPS_METHOD 0x0400 | ||
| 84 | |||
| 85 | /* If this flag is set the operations normally disabled in FIPS mode are | ||
| 86 | * permitted it is then the applications responsibility to ensure that the | ||
| 87 | * usage is compliant. | ||
| 88 | */ | ||
| 89 | |||
| 90 | #define RSA_FLAG_NON_FIPS_ALLOW 0x0400 | ||
| 91 | |||
| 92 | #ifdef OPENSSL_FIPS | ||
| 93 | #define FIPS_RSA_SIZE_T int | ||
| 94 | #endif | ||
| 95 | |||
| 96 | #ifdef __cplusplus | 77 | #ifdef __cplusplus |
| 97 | extern "C" { | 78 | extern "C" { |
| 98 | #endif | 79 | #endif |
| @@ -136,7 +117,8 @@ struct rsa_meth_st | |||
| 136 | unsigned char *sigret, unsigned int *siglen, const RSA *rsa); | 117 | unsigned char *sigret, unsigned int *siglen, const RSA *rsa); |
| 137 | int (*rsa_verify)(int dtype, | 118 | int (*rsa_verify)(int dtype, |
| 138 | const unsigned char *m, unsigned int m_length, | 119 | const unsigned char *m, unsigned int m_length, |
| 139 | unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); | 120 | const unsigned char *sigbuf, unsigned int siglen, |
| 121 | const RSA *rsa); | ||
| 140 | /* If this callback is NULL, the builtin software RSA key-gen will be used. This | 122 | /* If this callback is NULL, the builtin software RSA key-gen will be used. This |
| 141 | * is for behavioural compatibility whilst the code gets rewired, but one day | 123 | * is for behavioural compatibility whilst the code gets rewired, but one day |
| 142 | * it would be nice to assume there are no such things as "builtin software" | 124 | * it would be nice to assume there are no such things as "builtin software" |
| @@ -182,8 +164,6 @@ struct rsa_st | |||
| 182 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 | 164 | # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 |
| 183 | #endif | 165 | #endif |
| 184 | 166 | ||
| 185 | #define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 | ||
| 186 | |||
| 187 | #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS | 167 | #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS |
| 188 | # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 | 168 | # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 |
| 189 | #endif | 169 | #endif |
| @@ -238,11 +218,37 @@ struct rsa_st | |||
| 238 | #endif | 218 | #endif |
| 239 | 219 | ||
| 240 | 220 | ||
| 221 | #define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ | ||
| 222 | EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ | ||
| 223 | pad, NULL) | ||
| 224 | |||
| 225 | #define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ | ||
| 226 | EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ | ||
| 227 | (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ | ||
| 228 | EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ | ||
| 229 | len, NULL) | ||
| 230 | |||
| 231 | #define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ | ||
| 232 | EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ | ||
| 233 | EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) | ||
| 234 | |||
| 235 | #define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ | ||
| 236 | EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ | ||
| 237 | EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) | ||
| 238 | |||
| 239 | #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) | ||
| 240 | #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) | ||
| 241 | |||
| 242 | #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) | ||
| 243 | #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) | ||
| 244 | |||
| 241 | #define RSA_PKCS1_PADDING 1 | 245 | #define RSA_PKCS1_PADDING 1 |
| 242 | #define RSA_SSLV23_PADDING 2 | 246 | #define RSA_SSLV23_PADDING 2 |
| 243 | #define RSA_NO_PADDING 3 | 247 | #define RSA_NO_PADDING 3 |
| 244 | #define RSA_PKCS1_OAEP_PADDING 4 | 248 | #define RSA_PKCS1_OAEP_PADDING 4 |
| 245 | #define RSA_X931_PADDING 5 | 249 | #define RSA_X931_PADDING 5 |
| 250 | /* EVP_PKEY_ only */ | ||
| 251 | #define RSA_PKCS1_PSS_PADDING 6 | ||
| 246 | 252 | ||
| 247 | #define RSA_PKCS1_PADDING_SIZE 11 | 253 | #define RSA_PKCS1_PADDING_SIZE 11 |
| 248 | 254 | ||
| @@ -261,11 +267,6 @@ RSA * RSA_generate_key(int bits, unsigned long e,void | |||
| 261 | 267 | ||
| 262 | /* New version */ | 268 | /* New version */ |
| 263 | int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); | 269 | int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); |
| 264 | int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, | ||
| 265 | const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, | ||
| 266 | const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, | ||
| 267 | const BIGNUM *e, BN_GENCB *cb); | ||
| 268 | int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); | ||
| 269 | 270 | ||
| 270 | int RSA_check_key(const RSA *); | 271 | int RSA_check_key(const RSA *); |
| 271 | /* next 4 return -1 on error */ | 272 | /* next 4 return -1 on error */ |
| @@ -283,11 +284,6 @@ int RSA_up_ref(RSA *r); | |||
| 283 | 284 | ||
| 284 | int RSA_flags(const RSA *r); | 285 | int RSA_flags(const RSA *r); |
| 285 | 286 | ||
| 286 | #ifdef OPENSSL_FIPS | ||
| 287 | RSA *FIPS_rsa_new(void); | ||
| 288 | void FIPS_rsa_free(RSA *r); | ||
| 289 | #endif | ||
| 290 | |||
| 291 | void RSA_set_default_method(const RSA_METHOD *meth); | 287 | void RSA_set_default_method(const RSA_METHOD *meth); |
| 292 | const RSA_METHOD *RSA_get_default_method(void); | 288 | const RSA_METHOD *RSA_get_default_method(void); |
| 293 | const RSA_METHOD *RSA_get_method(const RSA *rsa); | 289 | const RSA_METHOD *RSA_get_method(const RSA *rsa); |
| @@ -333,7 +329,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, | |||
| 333 | int RSA_sign(int type, const unsigned char *m, unsigned int m_length, | 329 | int RSA_sign(int type, const unsigned char *m, unsigned int m_length, |
| 334 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | 330 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); |
| 335 | int RSA_verify(int type, const unsigned char *m, unsigned int m_length, | 331 | int RSA_verify(int type, const unsigned char *m, unsigned int m_length, |
| 336 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | 332 | const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); |
| 337 | 333 | ||
| 338 | /* The following 2 function sign and verify a ASN1_OCTET_STRING | 334 | /* The following 2 function sign and verify a ASN1_OCTET_STRING |
| 339 | * object inside PKCS#1 padded RSA encryption */ | 335 | * object inside PKCS#1 padded RSA encryption */ |
| @@ -401,9 +397,15 @@ void ERR_load_RSA_strings(void); | |||
| 401 | /* Error codes for the RSA functions. */ | 397 | /* Error codes for the RSA functions. */ |
| 402 | 398 | ||
| 403 | /* Function codes. */ | 399 | /* Function codes. */ |
| 404 | #define RSA_F_FIPS_RSA_SIGN 140 | 400 | #define RSA_F_CHECK_PADDING_MD 140 |
| 405 | #define RSA_F_FIPS_RSA_VERIFY 141 | 401 | #define RSA_F_DO_RSA_PRINT 146 |
| 402 | #define RSA_F_INT_RSA_VERIFY 145 | ||
| 406 | #define RSA_F_MEMORY_LOCK 100 | 403 | #define RSA_F_MEMORY_LOCK 100 |
| 404 | #define RSA_F_OLD_RSA_PRIV_DECODE 147 | ||
| 405 | #define RSA_F_PKEY_RSA_CTRL 143 | ||
| 406 | #define RSA_F_PKEY_RSA_CTRL_STR 144 | ||
| 407 | #define RSA_F_PKEY_RSA_SIGN 142 | ||
| 408 | #define RSA_F_PKEY_RSA_VERIFYRECOVER 141 | ||
| 407 | #define RSA_F_RSA_BUILTIN_KEYGEN 129 | 409 | #define RSA_F_RSA_BUILTIN_KEYGEN 129 |
| 408 | #define RSA_F_RSA_CHECK_KEY 123 | 410 | #define RSA_F_RSA_CHECK_KEY 123 |
| 409 | #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 | 411 | #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 |
| @@ -434,11 +436,10 @@ void ERR_load_RSA_strings(void); | |||
| 434 | #define RSA_F_RSA_PADDING_CHECK_X931 128 | 436 | #define RSA_F_RSA_PADDING_CHECK_X931 128 |
| 435 | #define RSA_F_RSA_PRINT 115 | 437 | #define RSA_F_RSA_PRINT 115 |
| 436 | #define RSA_F_RSA_PRINT_FP 116 | 438 | #define RSA_F_RSA_PRINT_FP 116 |
| 437 | #define RSA_F_RSA_PRIVATE_ENCRYPT 137 | 439 | #define RSA_F_RSA_PRIV_DECODE 137 |
| 438 | #define RSA_F_RSA_PUBLIC_DECRYPT 138 | 440 | #define RSA_F_RSA_PRIV_ENCODE 138 |
| 441 | #define RSA_F_RSA_PUB_DECODE 139 | ||
| 439 | #define RSA_F_RSA_SETUP_BLINDING 136 | 442 | #define RSA_F_RSA_SETUP_BLINDING 136 |
| 440 | #define RSA_F_RSA_SET_DEFAULT_METHOD 139 | ||
| 441 | #define RSA_F_RSA_SET_METHOD 142 | ||
| 442 | #define RSA_F_RSA_SIGN 117 | 443 | #define RSA_F_RSA_SIGN 117 |
| 443 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 | 444 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 |
| 444 | #define RSA_F_RSA_VERIFY 119 | 445 | #define RSA_F_RSA_VERIFY 119 |
| @@ -464,20 +465,25 @@ void ERR_load_RSA_strings(void); | |||
| 464 | #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 | 465 | #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 |
| 465 | #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 | 466 | #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 |
| 466 | #define RSA_R_FIRST_OCTET_INVALID 133 | 467 | #define RSA_R_FIRST_OCTET_INVALID 133 |
| 468 | #define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 | ||
| 469 | #define RSA_R_INVALID_DIGEST_LENGTH 143 | ||
| 467 | #define RSA_R_INVALID_HEADER 137 | 470 | #define RSA_R_INVALID_HEADER 137 |
| 471 | #define RSA_R_INVALID_KEYBITS 145 | ||
| 468 | #define RSA_R_INVALID_MESSAGE_LENGTH 131 | 472 | #define RSA_R_INVALID_MESSAGE_LENGTH 131 |
| 469 | #define RSA_R_INVALID_PADDING 138 | 473 | #define RSA_R_INVALID_PADDING 138 |
| 474 | #define RSA_R_INVALID_PADDING_MODE 141 | ||
| 475 | #define RSA_R_INVALID_PSS_SALTLEN 146 | ||
| 470 | #define RSA_R_INVALID_TRAILER 139 | 476 | #define RSA_R_INVALID_TRAILER 139 |
| 477 | #define RSA_R_INVALID_X931_DIGEST 142 | ||
| 471 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 | 478 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 |
| 472 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 | 479 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 |
| 473 | #define RSA_R_LAST_OCTET_INVALID 134 | 480 | #define RSA_R_LAST_OCTET_INVALID 134 |
| 474 | #define RSA_R_MODULUS_TOO_LARGE 105 | 481 | #define RSA_R_MODULUS_TOO_LARGE 105 |
| 475 | #define RSA_R_NON_FIPS_METHOD 141 | ||
| 476 | #define RSA_R_NO_PUBLIC_EXPONENT 140 | 482 | #define RSA_R_NO_PUBLIC_EXPONENT 140 |
| 477 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 | 483 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 |
| 478 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 | 484 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 |
| 479 | #define RSA_R_OAEP_DECODING_ERROR 121 | 485 | #define RSA_R_OAEP_DECODING_ERROR 121 |
| 480 | #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 | 486 | #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 |
| 481 | #define RSA_R_PADDING_CHECK_FAILED 114 | 487 | #define RSA_R_PADDING_CHECK_FAILED 114 |
| 482 | #define RSA_R_P_NOT_PRIME 128 | 488 | #define RSA_R_P_NOT_PRIME 128 |
| 483 | #define RSA_R_Q_NOT_PRIME 129 | 489 | #define RSA_R_Q_NOT_PRIME 129 |
| @@ -488,6 +494,7 @@ void ERR_load_RSA_strings(void); | |||
| 488 | #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 | 494 | #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 |
| 489 | #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 | 495 | #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 |
| 490 | #define RSA_R_UNKNOWN_PADDING_TYPE 118 | 496 | #define RSA_R_UNKNOWN_PADDING_TYPE 118 |
| 497 | #define RSA_R_VALUE_MISSING 147 | ||
| 491 | #define RSA_R_WRONG_SIGNATURE_LENGTH 119 | 498 | #define RSA_R_WRONG_SIGNATURE_LENGTH 119 |
| 492 | 499 | ||
| 493 | #ifdef __cplusplus | 500 | #ifdef __cplusplus |