1 // Copyright 2022 The BoringSSL Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // https://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_DH_INTERNAL_H 16 #define OPENSSL_HEADER_CRYPTO_FIPSMODULE_DH_INTERNAL_H 17 18 #include <openssl/base.h> 19 20 #include "../../internal.h" 21 22 #if defined(__cplusplus) 23 extern "C" { 24 #endif 25 26 27 struct dh_st { 28 BIGNUM *p; 29 BIGNUM *g; 30 BIGNUM *q; 31 BIGNUM *pub_key; // g^x mod p 32 BIGNUM *priv_key; // x 33 34 // priv_length contains the length, in bits, of the private value. If zero, 35 // the private value will be the same length as |p|. 36 unsigned priv_length; 37 38 CRYPTO_MUTEX method_mont_p_lock; 39 BN_MONT_CTX *method_mont_p; 40 41 int flags; 42 CRYPTO_refcount_t references; 43 }; 44 45 // dh_check_params_fast checks basic invariants on |dh|'s domain parameters. It 46 // does not check that |dh| forms a valid group, only that the sizes are within 47 // DoS bounds. 48 int dh_check_params_fast(const DH *dh); 49 50 // dh_compute_key_padded_no_self_test does the same as |DH_compute_key_padded|, 51 // but doesn't try to run the self-test first. This is for use in the self tests 52 // themselves, to prevent an infinite loop. 53 int dh_compute_key_padded_no_self_test(unsigned char *out, 54 const BIGNUM *peers_key, DH *dh); 55 56 57 #if defined(__cplusplus) 58 } 59 #endif 60 61 #endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_DH_INTERNAL_H 62