summaryrefslogtreecommitdiff
path: root/Cryptlib/OpenSSL/crypto/dh/dh_gen.c
diff options
context:
space:
mode:
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/dh/dh_gen.c')
-rw-r--r--Cryptlib/OpenSSL/crypto/dh/dh_gen.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c
index 560d4bbe..5bedb665 100644
--- a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c
@@ -66,7 +66,9 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
-#ifndef OPENSSL_FIPS
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
@@ -74,8 +76,19 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
BN_GENCB *cb)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
+ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) {
+ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
if (ret->meth->generate_params)
return ret->meth->generate_params(ret, prime_len, generator, cb);
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_dh_generate_parameters_ex(ret, prime_len, generator, cb);
+#endif
return dh_builtin_genparams(ret, prime_len, generator, cb);
}
@@ -139,7 +152,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
goto err;
g = 2;
}
-# if 0 /* does not work for safe primes */
+#if 0 /* does not work for safe primes */
else if (generator == DH_GENERATOR_3) {
if (!BN_set_word(t1, 12))
goto err;
@@ -147,7 +160,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
goto err;
g = 3;
}
-# endif
+#endif
else if (generator == DH_GENERATOR_5) {
if (!BN_set_word(t1, 10))
goto err;
@@ -189,5 +202,3 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
}
return ok;
}
-
-#endif
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-17 04:32:11 +0000