-/*
- * For DH key agreement refer to SP800-56A
- * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf
- * "Section 5.5.1.1FFC Domain Parameter Selection/Generation" and
- * "Appendix D" FFC Safe-prime Groups
- */
-static int dh_check_key(const DH *dh)
-{
-#ifdef FIPS_MODULE
- size_t L, N;
- const BIGNUM *p, *q;
-
- if (dh == NULL)
- return 0;
-
- p = DH_get0_p(dh);
- q = DH_get0_q(dh);
- if (p == NULL || q == NULL)
- return 0;
-
- L = BN_num_bits(p);
- if (L < 2048)
- return 0;
-
- /* If it is a safe prime group then it is ok */
- if (DH_get_nid(dh))
- return 1;
-
- /* If not then it must be FFC, which only allows certain sizes. */
- N = BN_num_bits(q);
-
- return (L == 2048 && (N == 224 || N == 256));
-#else
- return 1;
-#endif
-}
-