Add flags for DH FIPS method.

Update/fix prototypes in fips.h
author: Dr. Stephen Henson <steve@openssl.org> 2011-06-08 15:53:08 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-08 15:53:08 +0000
commit: 4960411e1fb081f48560cbe4d6037b5835138075 (patch)
tree: 9b7f171184c561e0dabc3c63235be98d19bf6dc2 /crypto/dh
parent: 6b6abd627c08eef55bcc39042ffe12090b044f7b (diff)
2 files changed, 16 insertions, 1 deletions
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 63db8c908b..e9f9a540b2 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -88,6 +88,21 @@
                                        * be used for all exponents.
                                        */
 
+/* If this flag is set the DH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DH_FLAG_FIPS_METHOD			0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DH_FLAG_NON_FIPS_ALLOW			0x0400
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index ca2435e75f..e296f453bb 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -108,7 +108,7 @@ compute_key,
 dh_bn_mod_exp,
 dh_init,
 dh_finish,
-0,
+DH_FLAG_FIPS_METHOD,
 NULL,
 NULL
 };
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-08 15:53:08 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-08 15:53:08 +0000
commit	4960411e1fb081f48560cbe4d6037b5835138075 (patch)
tree	9b7f171184c561e0dabc3c63235be98d19bf6dc2 /crypto/dh
parent	6b6abd627c08eef55bcc39042ffe12090b044f7b (diff)