Merge branch 'feature/establish-an-upstream-relationship-with-ics-openvpn-codebase-#5381' into develop

1 files changed, 11 insertions, 2 deletions

diff --git a/app/openssl/crypto/ecdsa/ecs_locl.h b/app/openssl/crypto/ecdsa/ecs_locl.h
index 3a69a840..46f7ad91 100644
--- a/app/openssl/crypto/ecdsa/ecs_locl.h
+++ b/app/openssl/crypto/ecdsa/ecs_locl.h
@@ -70,8 +70,9 @@ struct ecdsa_method
 	const char *name;
 	ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 
 			const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
-	int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
-			BIGNUM **r);
+	int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx,
+				BIGNUM **kinv, BIGNUM **r,
+				const unsigned char *dgst, int dlen);
 	int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
 			const ECDSA_SIG *sig, EC_KEY *eckey);
 #if 0
@@ -82,6 +83,14 @@ struct ecdsa_method
 	char *app_data;
 	};
 
+/* If this flag is set the ECDSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define ECDSA_FLAG_FIPS_METHOD	0x1
+
 typedef struct ecdsa_data_st {
 	/* EC_KEY_METH_DATA part */
 	int (*init)(EC_KEY *);