Merge branch 'develop'

author: Parménides GV <parmegv@sdf.org> 2014-06-13 13:24:13 +0200
committer: Parménides GV <parmegv@sdf.org> 2014-06-13 13:24:13 +0200
commit: 69b10487fcd63dfe1e94fa97c9f3fd9b035646b4 (patch)
tree: d4960893a4444634d404c7fbe4fa3e8778d30179 /app/openssl/crypto/dsa/dsa.h
parent: 9f6cfff38ae87922adc022300e1e2fd1c0d4c3e4 (diff)
parent: e45929e220fe49e30235a1d4d36c1a413547f8bf (diff)
1 files changed, 28 insertions, 2 deletions
diff --git a/app/openssl/crypto/dsa/dsa.h b/app/openssl/crypto/dsa/dsa.h
index ac50a5c8..7531c653 100644
--- a/app/openssl/crypto/dsa/dsa.h
+++ b/app/openssl/crypto/dsa/dsa.h
@@ -96,6 +96,25 @@
                                               * faster variable sliding window method to
                                               * be used for all exponents.
                                               */
+#define DSA_FLAG_NONCE_FROM_HASH	0x04 /* Causes the DSA nonce to be calculated
+						from SHA512(private_key + H(message) +
+						random). This strengthens DSA against a
+						weak PRNG. */
+
+/* If this flag is set the DSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DSA_FLAG_FIPS_METHOD			0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DSA_FLAG_NON_FIPS_ALLOW			0x0400
 
 #ifdef  __cplusplus
 extern "C" {
@@ -115,8 +134,9 @@ struct dsa_method
 	{
 	const char *name;
 	DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
-	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
-								BIGNUM **rp);
+	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in,
+			      BIGNUM **kinvp, BIGNUM **rp,
+			      const unsigned char *dgst, int dlen);
 	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
 			     DSA_SIG *sig, DSA *dsa);
 	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
@@ -272,6 +292,8 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSAPARAMS_PRINT_FP			 101
 #define DSA_F_DSA_DO_SIGN				 112
 #define DSA_F_DSA_DO_VERIFY				 113
+#define DSA_F_DSA_GENERATE_KEY				 124
+#define DSA_F_DSA_GENERATE_PARAMETERS_EX		 123
 #define DSA_F_DSA_NEW_METHOD				 103
 #define DSA_F_DSA_PARAM_DECODE				 119
 #define DSA_F_DSA_PRINT_FP				 105
@@ -282,6 +304,7 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSA_SIGN					 106
 #define DSA_F_DSA_SIGN_SETUP				 107
 #define DSA_F_DSA_SIG_NEW				 109
+#define DSA_F_DSA_SIG_PRINT				 125
 #define DSA_F_DSA_VERIFY				 108
 #define DSA_F_I2D_DSA_SIG				 111
 #define DSA_F_OLD_DSA_PRIV_DECODE			 122
@@ -298,6 +321,9 @@ void ERR_load_DSA_strings(void);
 #define DSA_R_INVALID_DIGEST_TYPE			 106
 #define DSA_R_MISSING_PARAMETERS			 101
 #define DSA_R_MODULUS_TOO_LARGE				 103
+#define DSA_R_NEED_NEW_SETUP_VALUES			 110
+#define DSA_R_NONCE_CANNOT_BE_PRECOMPUTED		 112
+#define DSA_R_NON_FIPS_DSA_METHOD			 111
 #define DSA_R_NO_PARAMETERS_SET				 107
 #define DSA_R_PARAMETER_ENCODING_ERROR			 105
author	Parménides GV <parmegv@sdf.org>	2014-06-13 13:24:13 +0200
committer	Parménides GV <parmegv@sdf.org>	2014-06-13 13:24:13 +0200
commit	69b10487fcd63dfe1e94fa97c9f3fd9b035646b4 (patch)
tree	d4960893a4444634d404c7fbe4fa3e8778d30179 /app/openssl/crypto/dsa/dsa.h
parent	9f6cfff38ae87922adc022300e1e2fd1c0d4c3e4 (diff)
parent	e45929e220fe49e30235a1d4d36c1a413547f8bf (diff)