Add RFC5114 DH parameters to OpenSSL. Add test data to dhtest.

[openssl.git] / crypto / dh / dh.h

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 63db8c908b00c83d22735df4c340229e2c81db61..2929ebe21f701e0cec2d9695a9ffa6d0770870a4 100644 (file)
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -88,6 +88,21 @@
                                        * be used for all exponents.
                                        */
 
+/* If this flag is set the DH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DH_FLAG_FIPS_METHOD                    0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DH_FLAG_NON_FIPS_ALLOW                 0x0400
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -214,6 +229,11 @@ int        DHparams_print(BIO *bp, const DH *x);
 int    DHparams_print(char *bp, const DH *x);
 #endif
 
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
 #define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)