diff options
Diffstat (limited to 'crypto/ecdh/ech_lib.c')
-rw-r--r-- | crypto/ecdh/ech_lib.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index bf22234..dadbfd3 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -73,6 +73,9 @@ #include <openssl/engine.h> #endif #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT; @@ -90,7 +93,16 @@ void ECDH_set_default_method(const ECDH_METHOD *meth) const ECDH_METHOD *ECDH_get_default_method(void) { if(!default_ECDH_method) + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return FIPS_ecdh_openssl(); + else + return ECDH_OpenSSL(); +#else default_ECDH_method = ECDH_OpenSSL(); +#endif + } return default_ECDH_method; } @@ -103,6 +115,11 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) if (ecdh == NULL) return 0; +#if 0 + mtmp = ecdh->meth; + if (mtmp->finish) + mtmp->finish(eckey); +#endif #ifndef OPENSSL_NO_ENGINE if (ecdh->engine) { @@ -210,6 +227,14 @@ ECDH_DATA *ecdh_check(EC_KEY *key) } else ecdh_data = (ECDH_DATA *)data; +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD) + && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW)) + { + ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD); + return NULL; + } +#endif return ecdh_data; |