*/
#include <openssl/opensslconf.h>
+#include <stdarg.h>
#ifndef OPENSSL_FIPS
#error FIPS is disabled.
extern "C" {
#endif
+#ifndef OPENSSL_FIPSCANISTER
+#define OPENSSL_FIPSCAPABLE
+#endif
+
struct dsa_st;
struct ec_key_st;
struct rsa_st;
struct env_md_ctx_st;
struct evp_cipher_st;
struct evp_cipher_ctx_st;
+struct ec_method_st;
+struct ecdsa_method;
+struct dh_method;
+struct CMAC_CTX_st;
+struct hmac_ctx_st;
int FIPS_module_mode_set(int onoff);
int FIPS_module_mode(void);
int (*add_cb)(int *pointer, int amount,
int type, const char *file, int line));
+void FIPS_set_error_callbacks(
+ void (*put_cb)(int lib, int func,int reason,const char *file,int line),
+ void (*add_cb)(int num, va_list args) );
+
void FIPS_set_malloc_callbacks(
void *(*malloc_cb)(int num, const char *file, int line),
void (*free_cb)(void *));
int FIPS_rsa_verify_ctx(struct rsa_st *rsa, struct env_md_ctx_st *ctx,
int rsa_pad_mode, int saltlen,
const struct env_md_st *mgf1Hash,
- unsigned char *sigbuf, unsigned int siglen);
+ const unsigned char *sigbuf, unsigned int siglen);
int FIPS_rsa_verify_digest(struct rsa_st *rsa,
const unsigned char *dig, int diglen,
const struct env_md_st *mhash,
int rsa_pad_mode, int saltlen,
const struct env_md_st *mgf1Hash,
- unsigned char *sigbuf, unsigned int siglen);
+ const unsigned char *sigbuf, unsigned int siglen);
-#ifndef OPENSSL_FIPSCANISTER
+#ifdef OPENSSL_FIPSCAPABLE
int FIPS_digestinit(EVP_MD_CTX *ctx, const EVP_MD *type);
int FIPS_digestupdate(EVP_MD_CTX *ctx, const void *data, size_t count);
const EVP_MD *FIPS_evp_ecdsa(void);
const RSA_METHOD *FIPS_rsa_pkcs1_ssleay(void);
+int FIPS_rsa_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+
+const struct dsa_method *FIPS_dsa_openssl(void);
+int FIPS_dsa_generate_key(DSA *dsa);
+int FIPS_dsa_generate_parameters_ex(DSA *dsa, int bits,
+ const unsigned char *seed,int seed_len,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
+int fips_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+ const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+ unsigned char *seed_out,
+ int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+
+const struct ec_method_st *fips_ec_gf2m_simple_method(void);
+const struct ec_method_st *fips_ec_gfp_simple_method(void);
+const struct ec_method_st *fips_ec_gfp_mont_method(void);
+const struct ec_method_st *fips_ec_gfp_nist_method(void);
+
+const struct ecdsa_method *FIPS_ecdsa_openssl(void);
+const struct ecdh_method *FIPS_ecdh_openssl(void);
+
+int FIPS_ec_key_generate_key(struct ec_key_st *key);
+
+const struct dh_method *FIPS_dh_openssl(void);
+int FIPS_dh_generate_parameters_ex(DH *dh, int prime_len,
+ int generator, BN_GENCB *cb);
+
+int FIPS_cmac_init(struct CMAC_CTX_st *ctx, const void *key, size_t keylen,
+ const EVP_CIPHER *cipher, ENGINE *impl);
+int FIPS_cmac_update(struct CMAC_CTX_st *ctx, const void *in, size_t dlen);
+int FIPS_cmac_final(struct CMAC_CTX_st *ctx, unsigned char *out,
+ size_t *poutlen);
+void FIPS_cmac_ctx_cleanup(struct CMAC_CTX_st *ctx);
+
+void FIPS_hmac_ctx_cleanup(struct hmac_ctx_st *ctx);
+int FIPS_hmac_init_ex(struct hmac_ctx_st *ctx, const void *key, int len,
+ const EVP_MD *md, ENGINE *impl);
+int FIPS_hmac_update(struct hmac_ctx_st *ctx,
+ const unsigned char *data, size_t len);
+int FIPS_hmac_final(struct hmac_ctx_st *ctx,
+ unsigned char *md, unsigned int *len);
#endif