Make `safe' (EC)DSA nonces the default.

[openssl.git] / crypto / ecdsa / ecs_locl.h

diff --git a/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
index 343b866249cea6c3c41f6f76116235d496d7c69a..ad466e2b61546157b4c914e0f2f3146fb9e090a5 100644 (file)
--- a/crypto/ecdsa/ecs_locl.h
+++ b/crypto/ecdsa/ecs_locl.h
@@ -69,8 +69,8 @@ struct ecdsa_method
        {
        const char *name;
        ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 
-                       EC_KEY *eckey);
-       int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
+                       const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
+       int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
                        BIGNUM **r);
        int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
                        const ECDSA_SIG *sig, EC_KEY *eckey);
@@ -82,18 +82,23 @@ struct ecdsa_method
        char *app_data;
        };
 
-struct ecdsa_data_st {
+/* If this flag is set the ECDSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define ECDSA_FLAG_FIPS_METHOD 0x1
+
+typedef struct ecdsa_data_st {
        /* EC_KEY_METH_DATA part */
        int (*init)(EC_KEY *);
-       void (*finish)(EC_KEY *);
        /* method (ECDSA) specific part */
-       BIGNUM  *kinv;  /* signing pre-calc */
-       BIGNUM  *r;     /* signing pre-calc */
        ENGINE  *engine;
        int     flags;
        const ECDSA_METHOD *meth;
        CRYPTO_EX_DATA ex_data;
-};
+} ECDSA_DATA;
 
 /** ecdsa_check
  * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure