summaryrefslogtreecommitdiffstats
path: root/crypto/ecdh/ech_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/ecdh/ech_lib.c')
-rw-r--r--crypto/ecdh/ech_lib.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index bf22234..dadbfd3 100644
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
#include <openssl/engine.h>
#endif
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
@@ -90,7 +93,16 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
const ECDH_METHOD *ECDH_get_default_method(void)
{
if(!default_ECDH_method)
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_ecdh_openssl();
+ else
+ return ECDH_OpenSSL();
+#else
default_ECDH_method = ECDH_OpenSSL();
+#endif
+ }
return default_ECDH_method;
}
@@ -103,6 +115,11 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
if (ecdh == NULL)
return 0;
+#if 0
+ mtmp = ecdh->meth;
+ if (mtmp->finish)
+ mtmp->finish(eckey);
+#endif
#ifndef OPENSSL_NO_ENGINE
if (ecdh->engine)
{
@@ -210,6 +227,14 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
}
else
ecdh_data = (ECDH_DATA *)data;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
+ && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
+ {
+ ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
+ return NULL;
+ }
+#endif
return ecdh_data;
OpenPOWER on IntegriCloud