rsa.h revision 194206
1204076Spjd/* crypto/rsa/rsa.h */ 2204076Spjd/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3204076Spjd * All rights reserved. 4204076Spjd * 5204076Spjd * This package is an SSL implementation written 6204076Spjd * by Eric Young (eay@cryptsoft.com). 7204076Spjd * The implementation was written so as to conform with Netscapes SSL. 8204076Spjd * 9204076Spjd * This library is free for commercial and non-commercial use as long as 10204076Spjd * the following conditions are aheared to. The following conditions 11204076Spjd * apply to all code found in this distribution, be it the RC4, RSA, 12204076Spjd * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13204076Spjd * included with this distribution is covered by the same copyright terms 14204076Spjd * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15204076Spjd * 16204076Spjd * Copyright remains Eric Young's, and as such any Copyright notices in 17204076Spjd * the code are not to be removed. 18204076Spjd * If this package is used in a product, Eric Young should be given attribution 19204076Spjd * as the author of the parts of the library used. 20204076Spjd * This can be in the form of a textual message at program startup or 21204076Spjd * in documentation (online or textual) provided with the package. 22204076Spjd * 23204076Spjd * Redistribution and use in source and binary forms, with or without 24204076Spjd * modification, are permitted provided that the following conditions 25204076Spjd * are met: 26204076Spjd * 1. Redistributions of source code must retain the copyright 27204076Spjd * notice, this list of conditions and the following disclaimer. 28204076Spjd * 2. Redistributions in binary form must reproduce the above copyright 29204076Spjd * notice, this list of conditions and the following disclaimer in the 30204076Spjd * documentation and/or other materials provided with the distribution. 31204076Spjd * 3. All advertising materials mentioning features or use of this software 32204076Spjd * must display the following acknowledgement: 33204076Spjd * "This product includes cryptographic software written by 34204076Spjd * Eric Young (eay@cryptsoft.com)" 35204076Spjd * The word 'cryptographic' can be left out if the rouines from the library 36204076Spjd * being used are not cryptographic related :-). 37204076Spjd * 4. If you include any Windows specific code (or a derivative thereof) from 38204076Spjd * the apps directory (application code) you must include an acknowledgement: 39204076Spjd * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40204076Spjd * 41204076Spjd * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42204076Spjd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43204076Spjd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44204076Spjd * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45204076Spjd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46204076Spjd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47204076Spjd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48204076Spjd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49204076Spjd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50204076Spjd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51211882Spjd * SUCH DAMAGE. 52211882Spjd * 53211882Spjd * The licence and distribution terms for any publically available version or 54211882Spjd * derivative of this code cannot be changed. i.e. this code cannot simply be 55211882Spjd * copied and put under another distribution licence 56211882Spjd * [including the GNU Public Licence.] 57204076Spjd */ 58204076Spjd/* $FreeBSD: head/crypto/openssl/crypto/rsa/rsa.h 194206 2009-06-14 19:45:16Z simon $ */ 59204076Spjd 60204076Spjd#ifndef HEADER_RSA_H 61204076Spjd#define HEADER_RSA_H 62204076Spjd 63204076Spjd#include <openssl/asn1.h> 64204076Spjd 65204076Spjd#ifndef OPENSSL_NO_BIO 66204076Spjd#include <openssl/bio.h> 67204076Spjd#endif 68204076Spjd#include <openssl/crypto.h> 69204076Spjd#include <openssl/ossl_typ.h> 70204076Spjd#ifndef OPENSSL_NO_DEPRECATED 71204076Spjd#include <openssl/bn.h> 72204076Spjd#endif 73204076Spjd 74204076Spjd#ifdef OPENSSL_NO_RSA 75204076Spjd#error RSA is disabled. 76204076Spjd#endif 77204076Spjd 78204076Spjd/* If this flag is set the RSA method is FIPS compliant and can be used 79204076Spjd * in FIPS mode. This is set in the validated module method. If an 80204076Spjd * application sets this flag in its own methods it is its reposibility 81204076Spjd * to ensure the result is compliant. 82211882Spjd */ 83204076Spjd 84207371Spjd#define RSA_FLAG_FIPS_METHOD 0x0400 85204076Spjd 86204076Spjd/* If this flag is set the operations normally disabled in FIPS mode are 87204076Spjd * permitted it is then the applications responsibility to ensure that the 88204076Spjd * usage is compliant. 89204076Spjd */ 90204076Spjd 91204076Spjd#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 92204076Spjd 93204076Spjd#ifdef OPENSSL_FIPS 94204076Spjd#define FIPS_RSA_SIZE_T int 95204076Spjd#endif 96204076Spjd 97204076Spjd#ifdef __cplusplus 98204076Spjdextern "C" { 99204076Spjd#endif 100204076Spjd 101204076Spjd/* Declared already in ossl_typ.h */ 102204076Spjd/* typedef struct rsa_st RSA; */ 103204076Spjd/* typedef struct rsa_meth_st RSA_METHOD; */ 104204076Spjd 105204076Spjdstruct rsa_meth_st 106204076Spjd { 107204076Spjd const char *name; 108204076Spjd int (*rsa_pub_enc)(int flen,const unsigned char *from, 109204076Spjd unsigned char *to, 110204076Spjd RSA *rsa,int padding); 111204076Spjd int (*rsa_pub_dec)(int flen,const unsigned char *from, 112204076Spjd unsigned char *to, 113204076Spjd RSA *rsa,int padding); 114204076Spjd int (*rsa_priv_enc)(int flen,const unsigned char *from, 115204076Spjd unsigned char *to, 116204076Spjd RSA *rsa,int padding); 117204076Spjd int (*rsa_priv_dec)(int flen,const unsigned char *from, 118204076Spjd unsigned char *to, 119204076Spjd RSA *rsa,int padding); 120204076Spjd int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */ 121204076Spjd int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 122204076Spjd const BIGNUM *m, BN_CTX *ctx, 123204076Spjd BN_MONT_CTX *m_ctx); /* Can be null */ 124204076Spjd int (*init)(RSA *rsa); /* called at new */ 125204076Spjd int (*finish)(RSA *rsa); /* called at free */ 126204076Spjd int flags; /* RSA_METHOD_FLAG_* things */ 127204076Spjd char *app_data; /* may be needed! */ 128204076Spjd/* New sign and verify functions: some libraries don't allow arbitrary data 129204076Spjd * to be signed/verified: this allows them to be used. Note: for this to work 130211886Spjd * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used 131211886Spjd * RSA_sign(), RSA_verify() should be used instead. Note: for backwards 132204076Spjd * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER 133204076Spjd * option is set in 'flags'. 134204076Spjd */ 135204076Spjd int (*rsa_sign)(int type, 136204076Spjd const unsigned char *m, unsigned int m_length, 137204076Spjd unsigned char *sigret, unsigned int *siglen, const RSA *rsa); 138204076Spjd int (*rsa_verify)(int dtype, 139204076Spjd const unsigned char *m, unsigned int m_length, 140204076Spjd unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); 141204076Spjd/* If this callback is NULL, the builtin software RSA key-gen will be used. This 142204076Spjd * is for behavioural compatibility whilst the code gets rewired, but one day 143204076Spjd * it would be nice to assume there are no such things as "builtin software" 144204076Spjd * implementations. */ 145204076Spjd int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); 146204076Spjd }; 147204076Spjd 148204076Spjdstruct rsa_st 149204076Spjd { 150204076Spjd /* The first parameter is used to pickup errors where 151204076Spjd * this is passed instead of aEVP_PKEY, it is set to 0 */ 152204076Spjd int pad; 153204076Spjd long version; 154204076Spjd const RSA_METHOD *meth; 155204076Spjd /* functional reference if 'meth' is ENGINE-provided */ 156204076Spjd ENGINE *engine; 157204076Spjd BIGNUM *n; 158204076Spjd BIGNUM *e; 159204076Spjd BIGNUM *d; 160207371Spjd BIGNUM *p; 161207371Spjd BIGNUM *q; 162204076Spjd BIGNUM *dmp1; 163204076Spjd BIGNUM *dmq1; 164204076Spjd BIGNUM *iqmp; 165204076Spjd /* be careful using this if the RSA structure is shared */ 166204076Spjd CRYPTO_EX_DATA ex_data; 167204076Spjd int references; 168204076Spjd int flags; 169204076Spjd 170204076Spjd /* Used to cache montgomery values */ 171204076Spjd BN_MONT_CTX *_method_mod_n; 172204076Spjd BN_MONT_CTX *_method_mod_p; 173204076Spjd BN_MONT_CTX *_method_mod_q; 174204076Spjd 175204076Spjd /* all BIGNUM values are actually in the following data, if it is not 176204076Spjd * NULL */ 177204076Spjd char *bignum_data; 178204076Spjd BN_BLINDING *blinding; 179204076Spjd BN_BLINDING *mt_blinding; 180204076Spjd }; 181204076Spjd 182204076Spjd#ifndef OPENSSL_RSA_MAX_MODULUS_BITS 183204076Spjd# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 184212038Spjd#endif 185212038Spjd 186204076Spjd#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 187204076Spjd 188204076Spjd#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS 189204076Spjd# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 190204076Spjd#endif 191204076Spjd#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS 192204076Spjd# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ 193204076Spjd#endif 194204076Spjd 195204076Spjd#define RSA_3 0x3L 196210883Spjd#define RSA_F4 0x10001L 197204076Spjd 198204076Spjd#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */ 199204076Spjd 200204076Spjd#define RSA_FLAG_CACHE_PUBLIC 0x0002 201204076Spjd#define RSA_FLAG_CACHE_PRIVATE 0x0004 202204076Spjd#define RSA_FLAG_BLINDING 0x0008 203204076Spjd#define RSA_FLAG_THREAD_SAFE 0x0010 204/* This flag means the private key operations will be handled by rsa_mod_exp 205 * and that they do not depend on the private key components being present: 206 * for example a key stored in external hardware. Without this flag bn_mod_exp 207 * gets called when private key components are absent. 208 */ 209#define RSA_FLAG_EXT_PKEY 0x0020 210 211/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. 212 */ 213#define RSA_FLAG_SIGN_VER 0x0040 214 215#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in 216 * RSA implementation now uses blinding by 217 * default (ignoring RSA_FLAG_BLINDING), 218 * but other engines might not need it 219 */ 220#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA 221 * implementation now uses constant time 222 * operations by default in private key operations, 223 * e.g., constant time modular exponentiation, 224 * modular inverse without leaking branches, 225 * division without leaking branches. This 226 * flag disables these constant time 227 * operations and results in faster RSA 228 * private key operations. 229 */ 230#ifndef OPENSSL_NO_DEPRECATED 231#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/ 232 /* new with 0.9.7h; the built-in RSA 233 * implementation now uses constant time 234 * modular exponentiation for secret exponents 235 * by default. This flag causes the 236 * faster variable sliding window method to 237 * be used for all exponents. 238 */ 239#endif 240 241 242#define RSA_PKCS1_PADDING 1 243#define RSA_SSLV23_PADDING 2 244#define RSA_NO_PADDING 3 245#define RSA_PKCS1_OAEP_PADDING 4 246#define RSA_X931_PADDING 5 247 248#define RSA_PKCS1_PADDING_SIZE 11 249 250#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) 251#define RSA_get_app_data(s) RSA_get_ex_data(s,0) 252 253RSA * RSA_new(void); 254RSA * RSA_new_method(ENGINE *engine); 255int RSA_size(const RSA *); 256 257/* Deprecated version */ 258#ifndef OPENSSL_NO_DEPRECATED 259RSA * RSA_generate_key(int bits, unsigned long e,void 260 (*callback)(int,int,void *),void *cb_arg); 261#endif /* !defined(OPENSSL_NO_DEPRECATED) */ 262 263/* New version */ 264int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); 265int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, 266 const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, 267 const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, 268 const BIGNUM *e, BN_GENCB *cb); 269int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb); 270 271int RSA_check_key(const RSA *); 272 /* next 4 return -1 on error */ 273int RSA_public_encrypt(int flen, const unsigned char *from, 274 unsigned char *to, RSA *rsa,int padding); 275int RSA_private_encrypt(int flen, const unsigned char *from, 276 unsigned char *to, RSA *rsa,int padding); 277int RSA_public_decrypt(int flen, const unsigned char *from, 278 unsigned char *to, RSA *rsa,int padding); 279int RSA_private_decrypt(int flen, const unsigned char *from, 280 unsigned char *to, RSA *rsa,int padding); 281void RSA_free (RSA *r); 282/* "up" the RSA object's reference count */ 283int RSA_up_ref(RSA *r); 284 285int RSA_flags(const RSA *r); 286 287#ifdef OPENSSL_FIPS 288RSA *FIPS_rsa_new(void); 289void FIPS_rsa_free(RSA *r); 290#endif 291 292void RSA_set_default_method(const RSA_METHOD *meth); 293const RSA_METHOD *RSA_get_default_method(void); 294const RSA_METHOD *RSA_get_method(const RSA *rsa); 295int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); 296 297/* This function needs the memory locking malloc callbacks to be installed */ 298int RSA_memory_lock(RSA *r); 299 300/* these are the actual SSLeay RSA functions */ 301const RSA_METHOD *RSA_PKCS1_SSLeay(void); 302 303const RSA_METHOD *RSA_null_method(void); 304 305DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) 306DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) 307 308#ifndef OPENSSL_NO_FP_API 309int RSA_print_fp(FILE *fp, const RSA *r,int offset); 310#endif 311 312#ifndef OPENSSL_NO_BIO 313int RSA_print(BIO *bp, const RSA *r,int offset); 314#endif 315 316#ifndef OPENSSL_NO_RC4 317int i2d_RSA_NET(const RSA *a, unsigned char **pp, 318 int (*cb)(char *buf, int len, const char *prompt, int verify), 319 int sgckey); 320RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, 321 int (*cb)(char *buf, int len, const char *prompt, int verify), 322 int sgckey); 323 324int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, 325 int (*cb)(char *buf, int len, const char *prompt, 326 int verify)); 327RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, 328 int (*cb)(char *buf, int len, const char *prompt, 329 int verify)); 330#endif 331 332/* The following 2 functions sign and verify a X509_SIG ASN1 object 333 * inside PKCS#1 padded RSA encryption */ 334int RSA_sign(int type, const unsigned char *m, unsigned int m_length, 335 unsigned char *sigret, unsigned int *siglen, RSA *rsa); 336int RSA_verify(int type, const unsigned char *m, unsigned int m_length, 337 unsigned char *sigbuf, unsigned int siglen, RSA *rsa); 338 339/* The following 2 function sign and verify a ASN1_OCTET_STRING 340 * object inside PKCS#1 padded RSA encryption */ 341int RSA_sign_ASN1_OCTET_STRING(int type, 342 const unsigned char *m, unsigned int m_length, 343 unsigned char *sigret, unsigned int *siglen, RSA *rsa); 344int RSA_verify_ASN1_OCTET_STRING(int type, 345 const unsigned char *m, unsigned int m_length, 346 unsigned char *sigbuf, unsigned int siglen, RSA *rsa); 347 348int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); 349void RSA_blinding_off(RSA *rsa); 350BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); 351 352int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, 353 const unsigned char *f,int fl); 354int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, 355 const unsigned char *f,int fl,int rsa_len); 356int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, 357 const unsigned char *f,int fl); 358int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, 359 const unsigned char *f,int fl,int rsa_len); 360int PKCS1_MGF1(unsigned char *mask, long len, 361 const unsigned char *seed, long seedlen, const EVP_MD *dgst); 362int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, 363 const unsigned char *f,int fl, 364 const unsigned char *p,int pl); 365int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, 366 const unsigned char *f,int fl,int rsa_len, 367 const unsigned char *p,int pl); 368int RSA_padding_add_SSLv23(unsigned char *to,int tlen, 369 const unsigned char *f,int fl); 370int RSA_padding_check_SSLv23(unsigned char *to,int tlen, 371 const unsigned char *f,int fl,int rsa_len); 372int RSA_padding_add_none(unsigned char *to,int tlen, 373 const unsigned char *f,int fl); 374int RSA_padding_check_none(unsigned char *to,int tlen, 375 const unsigned char *f,int fl,int rsa_len); 376int RSA_padding_add_X931(unsigned char *to,int tlen, 377 const unsigned char *f,int fl); 378int RSA_padding_check_X931(unsigned char *to,int tlen, 379 const unsigned char *f,int fl,int rsa_len); 380int RSA_X931_hash_id(int nid); 381 382int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, 383 const EVP_MD *Hash, const unsigned char *EM, int sLen); 384int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, 385 const unsigned char *mHash, 386 const EVP_MD *Hash, int sLen); 387 388int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 389 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 390int RSA_set_ex_data(RSA *r,int idx,void *arg); 391void *RSA_get_ex_data(const RSA *r, int idx); 392 393RSA *RSAPublicKey_dup(RSA *rsa); 394RSA *RSAPrivateKey_dup(RSA *rsa); 395 396/* BEGIN ERROR CODES */ 397/* The following lines are auto generated by the script mkerr.pl. Any changes 398 * made after this point may be overwritten when the script is next run. 399 */ 400void ERR_load_RSA_strings(void); 401 402/* Error codes for the RSA functions. */ 403 404/* Function codes. */ 405#define RSA_F_FIPS_RSA_SIGN 140 406#define RSA_F_FIPS_RSA_VERIFY 141 407#define RSA_F_MEMORY_LOCK 100 408#define RSA_F_RSA_BUILTIN_KEYGEN 129 409#define RSA_F_RSA_CHECK_KEY 123 410#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 411#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 412#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 413#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 414#define RSA_F_RSA_GENERATE_KEY 105 415#define RSA_F_RSA_MEMORY_LOCK 130 416#define RSA_F_RSA_NEW_METHOD 106 417#define RSA_F_RSA_NULL 124 418#define RSA_F_RSA_NULL_MOD_EXP 131 419#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 420#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 421#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 422#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 423#define RSA_F_RSA_PADDING_ADD_NONE 107 424#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 425#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 426#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 427#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 428#define RSA_F_RSA_PADDING_ADD_SSLV23 110 429#define RSA_F_RSA_PADDING_ADD_X931 127 430#define RSA_F_RSA_PADDING_CHECK_NONE 111 431#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 432#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 433#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 434#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 435#define RSA_F_RSA_PADDING_CHECK_X931 128 436#define RSA_F_RSA_PRINT 115 437#define RSA_F_RSA_PRINT_FP 116 438#define RSA_F_RSA_PRIVATE_ENCRYPT 137 439#define RSA_F_RSA_PUBLIC_DECRYPT 138 440#define RSA_F_RSA_SETUP_BLINDING 136 441#define RSA_F_RSA_SET_DEFAULT_METHOD 139 442#define RSA_F_RSA_SET_METHOD 142 443#define RSA_F_RSA_SIGN 117 444#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 445#define RSA_F_RSA_VERIFY 119 446#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 447#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 448 449/* Reason codes. */ 450#define RSA_R_ALGORITHM_MISMATCH 100 451#define RSA_R_BAD_E_VALUE 101 452#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 453#define RSA_R_BAD_PAD_BYTE_COUNT 103 454#define RSA_R_BAD_SIGNATURE 104 455#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 456#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 457#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 458#define RSA_R_DATA_TOO_LARGE 109 459#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 460#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 461#define RSA_R_DATA_TOO_SMALL 111 462#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 463#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 464#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 465#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 466#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 467#define RSA_R_FIRST_OCTET_INVALID 133 468#define RSA_R_INVALID_HEADER 137 469#define RSA_R_INVALID_MESSAGE_LENGTH 131 470#define RSA_R_INVALID_PADDING 138 471#define RSA_R_INVALID_TRAILER 139 472#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 473#define RSA_R_KEY_SIZE_TOO_SMALL 120 474#define RSA_R_LAST_OCTET_INVALID 134 475#define RSA_R_MODULUS_TOO_LARGE 105 476#define RSA_R_NON_FIPS_METHOD 141 477#define RSA_R_NO_PUBLIC_EXPONENT 140 478#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 479#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 480#define RSA_R_OAEP_DECODING_ERROR 121 481#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 482#define RSA_R_PADDING_CHECK_FAILED 114 483#define RSA_R_P_NOT_PRIME 128 484#define RSA_R_Q_NOT_PRIME 129 485#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 486#define RSA_R_SLEN_CHECK_FAILED 136 487#define RSA_R_SLEN_RECOVERY_FAILED 135 488#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 489#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 490#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 491#define RSA_R_UNKNOWN_PADDING_TYPE 118 492#define RSA_R_WRONG_SIGNATURE_LENGTH 119 493 494#ifdef __cplusplus 495} 496#endif 497#endif 498