diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-01-26 15:47:19 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-01-26 15:47:19 +0000 |
commit | 83c3410b94ae3c845142fdfb55e245273846ecf0 (patch) | |
tree | 615ddefe67a58243808f0ae245c58eb39ec710fa /crypto/dh/dh.h | |
parent | 20818e00fd718d961ce861e384de768be1bca36f (diff) | |
download | openssl-83c3410b94ae3c845142fdfb55e245273846ecf0.zip openssl-83c3410b94ae3c845142fdfb55e245273846ecf0.tar.gz openssl-83c3410b94ae3c845142fdfb55e245273846ecf0.tar.bz2 |
FIPS DH changes: selftest checks and key range checks.
Diffstat (limited to 'crypto/dh/dh.h')
-rw-r--r-- | crypto/dh/dh.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 849309a..084dc08 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -77,6 +77,8 @@ # define OPENSSL_DH_MAX_MODULUS_BITS 10000 #endif +#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + #define DH_FLAG_CACHE_MONT_P 0x01 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH * implementation now uses constant time @@ -168,6 +170,11 @@ DH *DHparams_dup(DH *); const DH_METHOD *DH_OpenSSL(void); +#ifdef OPENSSL_FIPS +DH * FIPS_dh_new(void); +void FIPS_dh_free(DH *dh); +#endif + void DH_set_default_method(const DH_METHOD *meth); const DH_METHOD *DH_get_default_method(void); int DH_set_method(DH *dh, const DH_METHOD *meth); @@ -249,6 +256,7 @@ void ERR_load_DH_strings(void); #define DH_R_DECODE_ERROR 104 #define DH_R_INVALID_PUBKEY 102 #define DH_R_KEYS_NOT_SET 108 +#define DH_R_KEY_SIZE_TOO_SMALL 110 #define DH_R_MODULUS_TOO_LARGE 103 #define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 |