{
const char *name;
ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
- EC_KEY *eckey);
- int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
+ const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
+ int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
BIGNUM **r);
int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
const ECDSA_SIG *sig, EC_KEY *eckey);
char *app_data;
};
-struct ecdsa_data_st {
+/* If this flag is set the ECDSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define ECDSA_FLAG_FIPS_METHOD 0x1
+
+typedef struct ecdsa_data_st {
/* EC_KEY_METH_DATA part */
int (*init)(EC_KEY *);
- void (*finish)(EC_KEY *);
/* method (ECDSA) specific part */
- BIGNUM *kinv; /* signing pre-calc */
- BIGNUM *r; /* signing pre-calc */
ENGINE *engine;
int flags;
const ECDSA_METHOD *meth;
CRYPTO_EX_DATA ex_data;
-};
+} ECDSA_DATA;
/** ecdsa_check
* checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure