rsa: expose pairwise consistency test API

This is only used by the FIPS provider as part of importing keys.  At least
at the moment.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index f76bb7748369fdebb8cbc67f6f8d0308e5761248..32084a822cac4e676e6fb4ff71b1e43ca806e352 100644 (file)
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -734,3 +734,18 @@ err:
 
     return ret;
 }
+
+#ifdef FIPS_MODULE
+int ossl_rsa_key_pairwise_test(RSA *rsa)
+{
+    OSSL_CALLBACK *stcb;
+    void *stcbarg;
+    int res;
+
+    OSSL_SELF_TEST_get_callback(rsa->libctx, &stcb, &stcbarg);
+    res = rsa_keygen_pairwise_test(rsa, stcb, stcbarg);
+    if (res <= 0)
+        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
+    return res;
+}
+#endif  /* FIPS_MODULE */

diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index dcb465cbcae07bc8f9e66f9b2998a9f26bd3b053..53a398f9bf9b6454acf28ccf61aa124b75551e5a 100644 (file)
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -124,6 +124,10 @@ ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx);
 int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
                         const X509_ALGOR *sigalg, EVP_PKEY *pkey);
 
+# ifdef FIPS_MODULE
+int ossl_rsa_key_pairwise_test(RSA *rsa);
+# endif /* FIPS_MODULE */
+
 # if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
 int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);
 void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst);