#ifndef OPENSSL_NO_BIO
#include <openssl/bio.h>
#endif
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/bn.h>
+#endif
-#define DH_FLAG_CACHE_MONT_P 0x01
+#ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+#endif
+
+#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+#define DH_FLAG_CACHE_MONT_P 0x01
+#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+
+/* If this flag is set the DH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DH_FLAG_FIPS_METHOD 0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DH_FLAG_NON_FIPS_ALLOW 0x0400
#ifdef __cplusplus
extern "C" {
#endif
-typedef struct dh_st DH;
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
-typedef struct dh_method {
+struct dh_method
+ {
const char *name;
/* Methods here */
int (*generate_key)(DH *dh);
char *app_data;
/* If this is non-NULL, it will be used to generate parameters */
int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
-} DH_METHOD;
+ };
struct dh_st
{
BIGNUM *priv_key; /* x */
int flags;
- char *method_mont_p;
+ BN_MONT_CTX *method_mont_p;
/* Place holders if we want to do X9.42 DH */
BIGNUM *q;
BIGNUM *j;
#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
#define DH_NOT_SUITABLE_GENERATOR 0x08
+/* DH_check_pub_key error codes */
+#define DH_CHECK_PUBKEY_TOO_SMALL 0x01
+#define DH_CHECK_PUBKEY_TOO_LARGE 0x02
+
/* primes p where (p-1)/2 is prime too are called "safe"; we define
this for backward compatibility: */
#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
-#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
- (char *(*)())d2i_DHparams,(char *)(x))
#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
(char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
(unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
- (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
-#ifdef __cplusplus
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
- (unsigned char *)(x))
-#else
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
- (unsigned char *)(x))
-#endif
+#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+
+DH *DHparams_dup(DH *);
const DH_METHOD *DH_OpenSSL(void);
+#ifdef OPENSSL_FIPS
+DH * FIPS_dh_new(void);
+void FIPS_dh_free(DH *dh);
+#endif
+
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
int DH_set_method(DH *dh, const DH_METHOD *meth);
int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
int DH_check(const DH *dh,int *codes);
+int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
int DH_generate_key(DH *dh);
int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+int DH_compute_key_padded(unsigned char *key,const BIGNUM *pub_key,DH *dh);
DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
int i2d_DHparams(const DH *a,unsigned char **pp);
#ifndef OPENSSL_NO_FP_API
int DHparams_print(char *bp, const DH *x);
#endif
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
+#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+
+#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+ EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+
+#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2)
+
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
/* Error codes for the DH functions. */
/* Function codes. */
-#define DH_F_DHPARAMS_PRINT 100
+#define DH_F_COMPUTE_KEY 102
#define DH_F_DHPARAMS_PRINT_FP 101
-#define DH_F_DH_COMPUTE_KEY 102
-#define DH_F_DH_GENERATE_KEY 103
-#define DH_F_DH_GENERATE_PARAMETERS 104
+#define DH_F_DH_BUILTIN_GENPARAMS 106
#define DH_F_DH_NEW_METHOD 105
+#define DH_F_DH_PARAM_DECODE 107
+#define DH_F_DH_PRIV_DECODE 110
+#define DH_F_DH_PRIV_ENCODE 111
+#define DH_F_DH_PUB_DECODE 108
+#define DH_F_DH_PUB_ENCODE 109
+#define DH_F_DO_DH_PRINT 100
+#define DH_F_GENERATE_KEY 103
+#define DH_F_GENERATE_PARAMETERS 104
+#define DH_F_PKEY_DH_DERIVE 112
+#define DH_F_PKEY_DH_KEYGEN 113
/* Reason codes. */
#define DH_R_BAD_GENERATOR 101
+#define DH_R_BN_DECODE_ERROR 109
+#define DH_R_BN_ERROR 106
+#define DH_R_DECODE_ERROR 104
+#define DH_R_INVALID_PUBKEY 102
+#define DH_R_KEYS_NOT_SET 108
+#define DH_R_KEY_SIZE_TOO_SMALL 110
+#define DH_R_MODULUS_TOO_LARGE 103
+#define DH_R_NO_PARAMETERS_SET 107
#define DH_R_NO_PRIVATE_VALUE 100
+#define DH_R_PARAMETER_ENCODING_ERROR 105
#ifdef __cplusplus
}