Set flags in ECDH and ECDSA methods for FIPS.

6b6abd62 · Dr. Stephen Henson · 7eabad42 · 6b6abd62 · 6b6abd62 · 6b6abd62
Showing with 18 addition and 2 deletion

crypto/ecdh/ech_locl.h crypto/ecdh/ech_locl.h +8 -0

crypto/ecdh/ech_ossl.c crypto/ecdh/ech_ossl.c +1 -1

crypto/ecdsa/ecs_locl.h crypto/ecdsa/ecs_locl.h +8 -0

crypto/ecdsa/ecs_ossl.c crypto/ecdsa/ecs_ossl.c +1 -1

未找到文件。
--- a/crypto/ecdh/ech_locl.h
+++ b/crypto/ecdh/ech_locl.h
@@ -75,6 +75,14 @@ struct ecdh_method
 	char *app_data;
 	};
+/* If this flag is set the ECDH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+#define ECDH_FLAG_FIPS_METHOD	0x1
 typedef struct ecdh_data_st {
 	/* EC_KEY_METH_DATA part */
 	int (*init)(EC_KEY *);

--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -91,7 +91,7 @@ static ECDH_METHOD openssl_ecdh_meth = {
 	NULL, /* init     */
 	NULL, /* finish   */
 #endif
-	0,    /* flags    */
+	ECDH_FLAG_FIPS_METHOD,    /* flags    */
 	NULL  /* app_data */
 };

--- a/crypto/ecdsa/ecs_locl.h
+++ b/crypto/ecdsa/ecs_locl.h
@@ -82,6 +82,14 @@ struct ecdsa_method
 	char *app_data;
 	};
+/* If this flag is set the ECDSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+#define ECDSA_FLAG_FIPS_METHOD	0x1
 typedef struct ecdsa_data_st {
 	/* EC_KEY_METH_DATA part */
 	int (*init)(EC_KEY *);

--- a/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -79,7 +79,7 @@ static ECDSA_METHOD openssl_ecdsa_meth = {
 	NULL, /* init     */
 	NULL, /* finish   */
 #endif
-	0,    /* flags    */
+	ECDSA_FLAG_FIPS_METHOD,    /* flags    */
 	NULL  /* app_data */
 };