generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add flags for DH FIPS method.

Browse Source 
Update/fix prototypes in fips.h
This commit is contained in:
Dr. Stephen Henson 2011-06-08 15:53:08 +00:00
parent 6b6abd627c
commit 4960411e1f
3 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/dh/dh.h
View File

@ -88,6 +88,21 @@
* be used for all exponents. * be used for all exponents.
*/ */
/* If this flag is set the DH method is FIPS compliant and can be used
* in FIPS mode. This is set in the validated module method. If an
* application sets this flag in its own methods it is its reposibility
* to ensure the result is compliant.
*/
#define DH_FLAG_FIPS_METHOD 0x0400
/* If this flag is set the operations normally disabled in FIPS mode are
* permitted it is then the applications responsibility to ensure that the
* usage is compliant.
*/
#define DH_FLAG_NON_FIPS_ALLOW 0x0400
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif

2
crypto/dh/dh_key.c
View File

@ -108,7 +108,7 @@ compute_key,
dh_bn_mod_exp, dh_bn_mod_exp,
dh_init, dh_init,
dh_finish, dh_finish,
0, DH_FLAG_FIPS_METHOD,
NULL, NULL,
NULL NULL
}; };

15
fips/fips.h
View File

@ -74,6 +74,7 @@ struct evp_cipher_st;
struct evp_cipher_ctx_st; struct evp_cipher_ctx_st;
struct ec_method_st; struct ec_method_st;
struct ecdsa_method; struct ecdsa_method;
struct dh_method;
int FIPS_module_mode_set(int onoff); int FIPS_module_mode_set(int onoff);
int FIPS_module_mode(void); int FIPS_module_mode(void);
@ -275,16 +276,18 @@ const EVP_MD *FIPS_evp_ecdsa(void);
const RSA_METHOD *FIPS_rsa_pkcs1_ssleay(void); const RSA_METHOD *FIPS_rsa_pkcs1_ssleay(void);
int FIPS_rsa_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); int FIPS_rsa_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
struct ec_method_st *fips_ec_gf2m_simple_method(void); const struct ec_method_st *fips_ec_gf2m_simple_method(void);
struct ec_method_st *fips_ec_gfp_simple_method(void); const struct ec_method_st *fips_ec_gfp_simple_method(void);
struct ec_method_st *fips_ec_gfp_mont_method(void); const struct ec_method_st *fips_ec_gfp_mont_method(void);
struct ec_method_st *fips_ec_gfp_nist_method(void); const struct ec_method_st *fips_ec_gfp_nist_method(void);
struct ecdsa_method *FIPS_ecdsa_openssl(void); const struct ecdsa_method *FIPS_ecdsa_openssl(void);
struct ecdh_method *FIPS_ecdh_openssl(void); const struct ecdh_method *FIPS_ecdh_openssl(void);
int FIPS_ec_key_generate_key(struct ec_key_st *key); int FIPS_ec_key_generate_key(struct ec_key_st *key);
const struct dh_method *FIPS_dh_openssl(void);
#endif #endif
/* Where necessary redirect standard OpenSSL APIs to FIPS versions */ /* Where necessary redirect standard OpenSSL APIs to FIPS versions */