summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dh
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/dh/Makefile18
-rw-r--r--src/lib/libcrypto/dh/dh.h11
-rw-r--r--src/lib/libcrypto/dh/dh_asn1.c2
-rw-r--r--src/lib/libcrypto/dh/dh_check.c4
-rw-r--r--src/lib/libcrypto/dh/dh_err.c6
-rw-r--r--src/lib/libcrypto/dh/dh_gen.c4
-rw-r--r--src/lib/libcrypto/dh/dh_key.c4
7 files changed, 38 insertions, 11 deletions
diff --git a/src/lib/libcrypto/dh/Makefile b/src/lib/libcrypto/dh/Makefile
index 950cad9c5b..d01fa960eb 100644
--- a/src/lib/libcrypto/dh/Makefile
+++ b/src/lib/libcrypto/dh/Makefile
@@ -33,7 +33,7 @@ top:
33all: lib 33all: lib
34 34
35lib: $(LIBOBJ) 35lib: $(LIBOBJ)
36 $(AR) $(LIB) $(LIBOBJ) 36 $(ARX) $(LIB) $(LIBOBJ)
37 $(RANLIB) $(LIB) || echo Never mind. 37 $(RANLIB) $(LIB) || echo Never mind.
38 @touch lib 38 @touch lib
39 39
@@ -129,11 +129,11 @@ dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
129dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h 129dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
130dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h 130dh_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
131dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h 131dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
132dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 132dh_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
133dh_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 133dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
134dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 134dh_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
135dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h 135dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
136dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h 136dh_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
137dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 137dh_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
138dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h 138dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
139dh_lib.o: ../cryptlib.h dh_lib.c 139dh_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h dh_lib.c
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index 0afabc7dd3..0a39742773 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -77,6 +77,8 @@
77# define OPENSSL_DH_MAX_MODULUS_BITS 10000 77# define OPENSSL_DH_MAX_MODULUS_BITS 10000
78#endif 78#endif
79 79
80#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
81
80#define DH_FLAG_CACHE_MONT_P 0x01 82#define DH_FLAG_CACHE_MONT_P 0x01
81#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH 83#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
82 * implementation now uses constant time 84 * implementation now uses constant time
@@ -167,6 +169,11 @@ struct dh_st
167 169
168const DH_METHOD *DH_OpenSSL(void); 170const DH_METHOD *DH_OpenSSL(void);
169 171
172#ifdef OPENSSL_FIPS
173DH * FIPS_dh_new(void);
174void FIPS_dh_free(DH *dh);
175#endif
176
170void DH_set_default_method(const DH_METHOD *meth); 177void DH_set_default_method(const DH_METHOD *meth);
171const DH_METHOD *DH_get_default_method(void); 178const DH_METHOD *DH_get_default_method(void);
172int DH_set_method(DH *dh, const DH_METHOD *meth); 179int DH_set_method(DH *dh, const DH_METHOD *meth);
@@ -218,6 +225,9 @@ void ERR_load_DH_strings(void);
218#define DH_F_DHPARAMS_PRINT 100 225#define DH_F_DHPARAMS_PRINT 100
219#define DH_F_DHPARAMS_PRINT_FP 101 226#define DH_F_DHPARAMS_PRINT_FP 101
220#define DH_F_DH_BUILTIN_GENPARAMS 106 227#define DH_F_DH_BUILTIN_GENPARAMS 106
228#define DH_F_DH_COMPUTE_KEY 107
229#define DH_F_DH_GENERATE_KEY 108
230#define DH_F_DH_GENERATE_PARAMETERS 109
221#define DH_F_DH_NEW_METHOD 105 231#define DH_F_DH_NEW_METHOD 105
222#define DH_F_GENERATE_KEY 103 232#define DH_F_GENERATE_KEY 103
223#define DH_F_GENERATE_PARAMETERS 104 233#define DH_F_GENERATE_PARAMETERS 104
@@ -225,6 +235,7 @@ void ERR_load_DH_strings(void);
225/* Reason codes. */ 235/* Reason codes. */
226#define DH_R_BAD_GENERATOR 101 236#define DH_R_BAD_GENERATOR 101
227#define DH_R_INVALID_PUBKEY 102 237#define DH_R_INVALID_PUBKEY 102
238#define DH_R_KEY_SIZE_TOO_SMALL 104
228#define DH_R_MODULUS_TOO_LARGE 103 239#define DH_R_MODULUS_TOO_LARGE 103
229#define DH_R_NO_PRIVATE_VALUE 100 240#define DH_R_NO_PRIVATE_VALUE 100
230#define DH_R_INVALID_PUBKEY 102 241#define DH_R_INVALID_PUBKEY 102
diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c
index 769b5b68c5..76740af2bd 100644
--- a/src/lib/libcrypto/dh/dh_asn1.c
+++ b/src/lib/libcrypto/dh/dh_asn1.c
@@ -1,5 +1,5 @@
1/* dh_asn1.c */ 1/* dh_asn1.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index b846913004..316cb9221d 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -70,6 +70,8 @@
70 * should hold. 70 * should hold.
71 */ 71 */
72 72
73#ifndef OPENSSL_FIPS
74
73int DH_check(const DH *dh, int *ret) 75int DH_check(const DH *dh, int *ret)
74 { 76 {
75 int ok=0; 77 int ok=0;
@@ -140,3 +142,5 @@ err:
140 if (q != NULL) BN_free(q); 142 if (q != NULL) BN_free(q);
141 return(ok); 143 return(ok);
142 } 144 }
145
146#endif
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index b2361c7389..b364362fca 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -1,6 +1,6 @@
1/* crypto/dh/dh_err.c */ 1/* crypto/dh/dh_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -74,6 +74,9 @@ static ERR_STRING_DATA DH_str_functs[]=
74{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"}, 74{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
75{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, 75{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
76{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, 76{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
77{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
78{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
79{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
77{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, 80{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
78{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, 81{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
79{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, 82{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
@@ -84,6 +87,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
84 { 87 {
85{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, 88{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
86{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, 89{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
90{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
87{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, 91{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
88{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, 92{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
89{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, 93{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index cfd5b11868..999e1deb40 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -66,6 +66,8 @@
66#include <openssl/bn.h> 66#include <openssl/bn.h>
67#include <openssl/dh.h> 67#include <openssl/dh.h>
68 68
69#ifndef OPENSSL_FIPS
70
69static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); 71static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
70 72
71int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) 73int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
@@ -173,3 +175,5 @@ err:
173 } 175 }
174 return ok; 176 return ok;
175 } 177 }
178
179#endif
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index e7db440342..79dd331863 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -62,6 +62,8 @@
62#include <openssl/rand.h> 62#include <openssl/rand.h>
63#include <openssl/dh.h> 63#include <openssl/dh.h>
64 64
65#ifndef OPENSSL_FIPS
66
65static int generate_key(DH *dh); 67static int generate_key(DH *dh);
66static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); 68static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
67static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, 69static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -261,3 +263,5 @@ static int dh_finish(DH *dh)
261 BN_MONT_CTX_free(dh->method_mont_p); 263 BN_MONT_CTX_free(dh->method_mont_p);
262 return(1); 264 return(1);
263 } 265 }
266
267#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 15:25:44 +0000