Set flags in ECDH and ECDSA methods for FIPS.

author: Dr. Stephen Henson <steve@openssl.org> 2011-06-08 13:52:36 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-08 13:52:36 +0000
commit: 6b6abd627c08eef55bcc39042ffe12090b044f7b (patch)
tree: 30ff2c1ebbfdd7548fff92b33b512747a608c83a /crypto/ecdh
parent: 7eabad423c2bea8c2dae7d1a7e4963ed42574bfc (diff)
2 files changed, 9 insertions, 1 deletions
diff --git a/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
index f658526a7e..f6cad6a894 100644
--- a/crypto/ecdh/ech_locl.h
+++ b/crypto/ecdh/ech_locl.h
@@ -75,6 +75,14 @@ struct ecdh_method
 	char *app_data;
 	};
 
+/* If this flag is set the ECDH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define ECDH_FLAG_FIPS_METHOD	0x1
+
 typedef struct ecdh_data_st {
 	/* EC_KEY_METH_DATA part */
 	int (*init)(EC_KEY *);
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index ceaa2f06b6..f93dfcb4f7 100644
--- a/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
@@ -91,7 +91,7 @@ static ECDH_METHOD openssl_ecdh_meth = {
 	NULL, /* init     */
 	NULL, /* finish   */
 #endif
-	0,    /* flags    */
+	ECDH_FLAG_FIPS_METHOD,    /* flags    */
 	NULL  /* app_data */
 };
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-08 13:52:36 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-08 13:52:36 +0000
commit	6b6abd627c08eef55bcc39042ffe12090b044f7b (patch)
tree	30ff2c1ebbfdd7548fff92b33b512747a608c83a /crypto/ecdh
parent	7eabad423c2bea8c2dae7d1a7e4963ed42574bfc (diff)