diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-08 13:52:36 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-08 13:52:36 +0000 |
commit | 6b6abd627c08eef55bcc39042ffe12090b044f7b (patch) | |
tree | 30ff2c1ebbfdd7548fff92b33b512747a608c83a | |
parent | 7eabad423c2bea8c2dae7d1a7e4963ed42574bfc (diff) | |
download | openssl-6b6abd627c08eef55bcc39042ffe12090b044f7b.tar.gz |
Set flags in ECDH and ECDSA methods for FIPS.
-rw-r--r-- | crypto/ecdh/ech_locl.h | 8 | ||||
-rw-r--r-- | crypto/ecdh/ech_ossl.c | 2 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_locl.h | 8 | ||||
-rw-r--r-- | crypto/ecdsa/ecs_ossl.c | 2 |
4 files changed, 18 insertions, 2 deletions
diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h index f658526a7e..f6cad6a894 100644 --- a/crypto/ecdh/ech_locl.h +++ b/crypto/ecdh/ech_locl.h @@ -75,6 +75,14 @@ struct ecdh_method char *app_data; }; +/* If this flag is set the ECDH method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its responsibility + * to ensure the result is compliant. + */ + +#define ECDH_FLAG_FIPS_METHOD 0x1 + typedef struct ecdh_data_st { /* EC_KEY_METH_DATA part */ int (*init)(EC_KEY *); diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index ceaa2f06b6..f93dfcb4f7 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -91,7 +91,7 @@ static ECDH_METHOD openssl_ecdh_meth = { NULL, /* init */ NULL, /* finish */ #endif - 0, /* flags */ + ECDH_FLAG_FIPS_METHOD, /* flags */ NULL /* app_data */ }; diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h index 3a69a840e2..cb3be13cfc 100644 --- a/crypto/ecdsa/ecs_locl.h +++ b/crypto/ecdsa/ecs_locl.h @@ -82,6 +82,14 @@ struct ecdsa_method char *app_data; }; +/* If this flag is set the ECDSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its responsibility + * to ensure the result is compliant. + */ + +#define ECDSA_FLAG_FIPS_METHOD 0x1 + typedef struct ecdsa_data_st { /* EC_KEY_METH_DATA part */ int (*init)(EC_KEY *); diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 50d02ed069..8b407c5470 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -79,7 +79,7 @@ static ECDSA_METHOD openssl_ecdsa_meth = { NULL, /* init */ NULL, /* finish */ #endif - 0, /* flags */ + ECDSA_FLAG_FIPS_METHOD, /* flags */ NULL /* app_data */ }; |