Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.

[openssl.git] / crypto / dh / dh.h

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 084dc08c786dcf07221ec077443e9fbeb4cb7efa..2929ebe21f701e0cec2d9695a9ffa6d0770870a4 100644 (file)
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -88,6 +88,21 @@
                                        * be used for all exponents.
                                        */
 
+/* If this flag is set the DH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DH_FLAG_FIPS_METHOD                    0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DH_FLAG_NON_FIPS_ALLOW                 0x0400
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -202,6 +217,7 @@ int DH_check(const DH *dh,int *codes);
 int    DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
 int    DH_generate_key(DH *dh);
 int    DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+int    DH_compute_key_padded(unsigned char *key,const BIGNUM *pub_key,DH *dh);
 DH *   d2i_DHparams(DH **a,const unsigned char **pp, long length);
 int    i2d_DHparams(const DH *a,unsigned char **pp);
 #ifndef OPENSSL_NO_FP_API
@@ -213,6 +229,11 @@ int        DHparams_print(BIO *bp, const DH *x);
 int    DHparams_print(char *bp, const DH *x);
 #endif
 
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
 #define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)