* be used for all exponents.
*/
+/* If this flag is set the DH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DH_FLAG_FIPS_METHOD 0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DH_FLAG_NON_FIPS_ALLOW 0x0400
+
#ifdef __cplusplus
extern "C" {
#endif
struct evp_cipher_ctx_st;
struct ec_method_st;
struct ecdsa_method;
+struct dh_method;
int FIPS_module_mode_set(int onoff);
int FIPS_module_mode(void);
const RSA_METHOD *FIPS_rsa_pkcs1_ssleay(void);
int FIPS_rsa_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-struct ec_method_st *fips_ec_gf2m_simple_method(void);
-struct ec_method_st *fips_ec_gfp_simple_method(void);
-struct ec_method_st *fips_ec_gfp_mont_method(void);
-struct ec_method_st *fips_ec_gfp_nist_method(void);
+const struct ec_method_st *fips_ec_gf2m_simple_method(void);
+const struct ec_method_st *fips_ec_gfp_simple_method(void);
+const struct ec_method_st *fips_ec_gfp_mont_method(void);
+const struct ec_method_st *fips_ec_gfp_nist_method(void);
-struct ecdsa_method *FIPS_ecdsa_openssl(void);
-struct ecdh_method *FIPS_ecdh_openssl(void);
+const struct ecdsa_method *FIPS_ecdsa_openssl(void);
+const struct ecdh_method *FIPS_ecdh_openssl(void);
int FIPS_ec_key_generate_key(struct ec_key_st *key);
+const struct dh_method *FIPS_dh_openssl(void);
+
#endif
/* Where necessary redirect standard OpenSSL APIs to FIPS versions */
projects / oweals / openssl.git / commitdiff