import OpenSSL-1.0.1c

author: djm <> 2012-10-13 21:23:50 +0000
committer: djm <> 2012-10-13 21:23:50 +0000
commit: 228cae30b117c2493f69ad3c195341cd6ec8d430 (patch)
tree: 29ff00b10d52c0978077c4fd83c33b065bade73e /src/lib/libcrypto/ecdh/ech_lib.c
parent: 731838c66b52c0ae5888333005b74115a620aa96 (diff)
download: openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.gz
openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.bz2
openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c
index 4d8ea03d3d..dadbfd3c49 100644
--- a/src/lib/libcrypto/ecdh/ech_lib.c
+++ b/src/lib/libcrypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
@@ -90,7 +93,16 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
 const ECDH_METHOD *ECDH_get_default_method(void)
        {
        if(!default_ECDH_method) 
+                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        return FIPS_ecdh_openssl();
+                else
+                        return ECDH_OpenSSL();
+#else
                default_ECDH_method = ECDH_OpenSSL();
+#endif
+                }
        return default_ECDH_method;
        }
@@ -215,6 +227,14 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
        }
        else
                ecdh_data = (ECDH_DATA *)data;
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
+                        && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
+                {
+                ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
+                return NULL;
+                }
+#endif
        
        return ecdh_data;
author	djm <>	2012-10-13 21:23:50 +0000
committer	djm <>	2012-10-13 21:23:50 +0000
commit	228cae30b117c2493f69ad3c195341cd6ec8d430 (patch)
tree	29ff00b10d52c0978077c4fd83c33b065bade73e /src/lib/libcrypto/ecdh/ech_lib.c
parent	731838c66b52c0ae5888333005b74115a620aa96 (diff)
download	openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.gz openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.bz2 openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.zip

diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c index 4d8ea03d3d..dadbfd3c49 100644 --- a/src/lib/libcrypto/ecdh/ech_lib.c +++ b/src/lib/libcrypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
73	#include <openssl/engine.h>	73	#include <openssl/engine.h>
74	#endif	74	#endif
75	#include <openssl/err.h>	75	#include <openssl/err.h>
		76	#ifdef OPENSSL_FIPS
		77	#include <openssl/fips.h>
		78	#endif
76		79
77	const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;	80	const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
78		81
@@ -90,7 +93,16 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
90	const ECDH_METHOD *ECDH_get_default_method(void)	93	const ECDH_METHOD *ECDH_get_default_method(void)
91	{	94	{
92	if(!default_ECDH_method)	95	if(!default_ECDH_method)
		96	{
		97	#ifdef OPENSSL_FIPS
		98	if (FIPS_mode())
		99	return FIPS_ecdh_openssl();
		100	else
		101	return ECDH_OpenSSL();
		102	#else
93	default_ECDH_method = ECDH_OpenSSL();	103	default_ECDH_method = ECDH_OpenSSL();
		104	#endif
		105	}
94	return default_ECDH_method;	106	return default_ECDH_method;
95	}	107	}
96		108
@@ -215,6 +227,14 @@ ECDH_DATA ecdh_check(EC_KEY key)
215	}	227	}
216	else	228	else
217	ecdh_data = (ECDH_DATA *)data;	229	ecdh_data = (ECDH_DATA *)data;
		230	#ifdef OPENSSL_FIPS
		231	if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
		232	&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
		233	{
		234	ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
		235	return NULL;
		236	}
		237	#endif
218		238
219		239
220	return ecdh_data;	240	return ecdh_data;