1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #ifndef OPENSSL_HEADER_RSA_INTERNAL_H 58 #define OPENSSL_HEADER_RSA_INTERNAL_H 59 60 #include <openssl/base.h> 61 62 #include <openssl/bn.h> 63 64 65 #if defined(__cplusplus) 66 extern "C" { 67 #endif 68 69 70 #define RSA_PKCS1_PADDING_SIZE 11 71 72 // Default implementations of RSA operations. 73 74 const RSA_METHOD *RSA_default_method(void); 75 76 size_t rsa_default_size(const RSA *rsa); 77 int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, 78 size_t max_out, const uint8_t *in, size_t in_len, 79 int padding); 80 int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, 81 size_t len); 82 83 84 BN_BLINDING *BN_BLINDING_new(void); 85 void BN_BLINDING_free(BN_BLINDING *b); 86 void BN_BLINDING_invalidate(BN_BLINDING *b); 87 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, const BIGNUM *e, 88 const BN_MONT_CTX *mont_ctx, BN_CTX *ctx); 89 int BN_BLINDING_invert(BIGNUM *n, const BN_BLINDING *b, BN_MONT_CTX *mont_ctx, 90 BN_CTX *ctx); 91 92 93 int PKCS1_MGF1(uint8_t *out, size_t len, const uint8_t *seed, size_t seed_len, 94 const EVP_MD *md); 95 int RSA_padding_add_PKCS1_type_1(uint8_t *to, size_t to_len, 96 const uint8_t *from, size_t from_len); 97 int RSA_padding_check_PKCS1_type_1(uint8_t *out, size_t *out_len, 98 size_t max_out, const uint8_t *from, 99 size_t from_len); 100 int RSA_padding_add_none(uint8_t *to, size_t to_len, const uint8_t *from, 101 size_t from_len); 102 103 // rsa_check_public_key checks that |rsa|'s public modulus and exponent are 104 // within DoS bounds. 105 int rsa_check_public_key(const RSA *rsa); 106 107 // rsa_private_transform_no_self_test calls either the method-specific 108 // |private_transform| function (if given) or the generic one. See the comment 109 // for |private_transform| in |rsa_meth_st|. 110 int rsa_private_transform_no_self_test(RSA *rsa, uint8_t *out, 111 const uint8_t *in, size_t len); 112 113 // rsa_private_transform acts the same as |rsa_private_transform_no_self_test| 114 // but, in FIPS mode, performs an RSA self test before calling the default RSA 115 // implementation. 116 int rsa_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in, 117 size_t len); 118 119 120 // This constant is exported for test purposes. 121 extern const BN_ULONG kBoringSSLRSASqrtTwo[]; 122 extern const size_t kBoringSSLRSASqrtTwoLen; 123 124 125 // Functions that avoid self-tests. 126 // 127 // Self-tests need to call functions that don't try and ensure that the 128 // self-tests have passed. These functions, in turn, need to limit themselves 129 // to such functions too. 130 // 131 // These functions are the same as their public versions, but skip the self-test 132 // check. 133 134 int rsa_verify_no_self_test(int hash_nid, const uint8_t *digest, 135 size_t digest_len, const uint8_t *sig, 136 size_t sig_len, RSA *rsa); 137 138 int rsa_verify_raw_no_self_test(RSA *rsa, size_t *out_len, uint8_t *out, 139 size_t max_out, const uint8_t *in, 140 size_t in_len, int padding); 141 142 int rsa_sign_no_self_test(int hash_nid, const uint8_t *digest, 143 size_t digest_len, uint8_t *out, unsigned *out_len, 144 RSA *rsa); 145 146 147 #if defined(__cplusplus) 148 } // extern C 149 #endif 150 151 #endif // OPENSSL_HEADER_RSA_INTERNAL_H 152