summaryrefslogtreecommitdiffstats
path: root/crypto/rsa/rsa.h
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/rsa/rsa.h')
-rw-r--r--crypto/rsa/rsa.h39
1 files changed, 39 insertions, 0 deletions
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index 3699afa..5bb932a 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -74,6 +74,25 @@
#error RSA is disabled.
#endif
+/* If this flag is set the RSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define RSA_FLAG_FIPS_METHOD 0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define RSA_FLAG_NON_FIPS_ALLOW 0x0400
+
+#ifdef OPENSSL_FIPS
+#define FIPS_RSA_SIZE_T int
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -163,6 +182,8 @@ struct rsa_st
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
#endif
+#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+
#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
#endif
@@ -240,6 +261,11 @@ RSA * RSA_generate_key(int bits, unsigned long e,void
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+ const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+ const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+ const BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
int RSA_check_key(const RSA *);
/* next 4 return -1 on error */
@@ -257,6 +283,11 @@ int RSA_up_ref(RSA *r);
int RSA_flags(const RSA *r);
+#ifdef OPENSSL_FIPS
+RSA *FIPS_rsa_new(void);
+void FIPS_rsa_free(RSA *r);
+#endif
+
void RSA_set_default_method(const RSA_METHOD *meth);
const RSA_METHOD *RSA_get_default_method(void);
const RSA_METHOD *RSA_get_method(const RSA *rsa);
@@ -370,6 +401,8 @@ void ERR_load_RSA_strings(void);
/* Error codes for the RSA functions. */
/* Function codes. */
+#define RSA_F_FIPS_RSA_SIGN 140
+#define RSA_F_FIPS_RSA_VERIFY 141
#define RSA_F_MEMORY_LOCK 100
#define RSA_F_RSA_BUILTIN_KEYGEN 129
#define RSA_F_RSA_CHECK_KEY 123
@@ -401,7 +434,11 @@ void ERR_load_RSA_strings(void);
#define RSA_F_RSA_PADDING_CHECK_X931 128
#define RSA_F_RSA_PRINT 115
#define RSA_F_RSA_PRINT_FP 116
+#define RSA_F_RSA_PRIVATE_ENCRYPT 137
+#define RSA_F_RSA_PUBLIC_DECRYPT 138
#define RSA_F_RSA_SETUP_BLINDING 136
+#define RSA_F_RSA_SET_DEFAULT_METHOD 139
+#define RSA_F_RSA_SET_METHOD 142
#define RSA_F_RSA_SIGN 117
#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
#define RSA_F_RSA_VERIFY 119
@@ -435,10 +472,12 @@ void ERR_load_RSA_strings(void);
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_LAST_OCTET_INVALID 134
#define RSA_R_MODULUS_TOO_LARGE 105
+#define RSA_R_NON_FIPS_METHOD 141
#define RSA_R_NO_PUBLIC_EXPONENT 140
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
OpenPOWER on IntegriCloud