From: Pauli <ppzgs1@gmail.com>
Date: Wed, 29 Jan 2025 00:44:02 +0000 (+1100)
Subject: rsa: expose pairwise consistency test API
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dc5cd6f70a0eeb30e272fe885a64f3e3d76b5e42;p=thirdparty%2Fopenssl.git

rsa: expose pairwise consistency test API

This is only used by the FIPS provider as part of importing keys.  At least
at the moment.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)
---

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index f76bb774836..32084a822ca 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -734,3 +734,18 @@ err:
 
     return ret;
 }
+
+#ifdef FIPS_MODULE
+int ossl_rsa_key_pairwise_test(RSA *rsa)
+{
+    OSSL_CALLBACK *stcb;
+    void *stcbarg;
+    int res;
+
+    OSSL_SELF_TEST_get_callback(rsa->libctx, &stcb, &stcbarg);
+    res = rsa_keygen_pairwise_test(rsa, stcb, stcbarg);
+    if (res <= 0)
+        ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
+    return res;
+}
+#endif  /* FIPS_MODULE */
diff --git a/include/crypto/rsa.h b/include/crypto/rsa.h
index dcb465cbcae..53a398f9bf9 100644
--- a/include/crypto/rsa.h
+++ b/include/crypto/rsa.h
@@ -124,6 +124,10 @@ ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx);
 int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
                         const X509_ALGOR *sigalg, EVP_PKEY *pkey);
 
+# ifdef FIPS_MODULE
+int ossl_rsa_key_pairwise_test(RSA *rsa);
+# endif /* FIPS_MODULE */
+
 # if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
 int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);
 void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst);