diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-08 15:53:08 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-08 15:53:08 +0000 |
commit | 4960411e1fb081f48560cbe4d6037b5835138075 (patch) | |
tree | 9b7f171184c561e0dabc3c63235be98d19bf6dc2 /crypto/dh | |
parent | 6b6abd627c08eef55bcc39042ffe12090b044f7b (diff) | |
download | openssl-4960411e1fb081f48560cbe4d6037b5835138075.tar.gz |
Add flags for DH FIPS method.
Update/fix prototypes in fips.h
Diffstat (limited to 'crypto/dh')
-rw-r--r-- | crypto/dh/dh.h | 15 | ||||
-rw-r--r-- | crypto/dh/dh_key.c | 2 |
2 files changed, 16 insertions, 1 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 63db8c908b..e9f9a540b2 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -88,6 +88,21 @@ * be used for all exponents. */ +/* If this flag is set the DH method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DH_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DH_FLAG_NON_FIPS_ALLOW 0x0400 + #ifdef __cplusplus extern "C" { #endif diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index ca2435e75f..e296f453bb 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -108,7 +108,7 @@ compute_key, dh_bn_mod_exp, dh_init, dh_finish, -0, +DH_FLAG_FIPS_METHOD, NULL, NULL }; |