Add PWCT for RSA and ECDSA for FIPS 140-2.
Since only the consumers knows whether an EC key will be used for
ECDSA or ECDHE, it is part of the FIPS policy for the consumer to
check the validity of the generated key before signing with it.
Change-Id: Ie250f655c8fcb6a59cc7210def1e87eb958e9349
Reviewed-on: https://boringssl-review.googlesource.com/14745
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 7f5e4c5..ee1bdde 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -292,14 +292,14 @@
* |rsa| into it. It returns the fresh |RSA| object, or NULL on error. */
OPENSSL_EXPORT RSA *RSAPrivateKey_dup(const RSA *rsa);
-/* RSA_check_key performs basic validatity tests on |rsa|. It returns one if
+/* RSA_check_key performs basic validity tests on |rsa|. It returns one if
* they pass and zero otherwise. Opaque keys and public keys always pass. If it
* returns zero then a more detailed error is available on the error queue. */
OPENSSL_EXPORT int RSA_check_key(const RSA *rsa);
-/* RSA_check_fips performs public key validatity tests on |key|. It returns one
+/* RSA_check_fips performs public key validity tests on |key|. It returns one
* if they pass and zero otherwise. Opaque keys always fail. */
-OPENSSL_EXPORT int RSA_check_fips(const RSA *key);
+OPENSSL_EXPORT int RSA_check_fips(RSA *key);
/* RSA_recover_crt_params uses |rsa->n|, |rsa->d| and |rsa->e| in order to
* calculate the two primes used and thus the precomputed, CRT values. These
