import OpenSSL-1.0.1c

author: djm <> 2012-10-13 21:23:50 +0000
committer: djm <> 2012-10-13 21:23:50 +0000
commit: 228cae30b117c2493f69ad3c195341cd6ec8d430 (patch)
tree: 29ff00b10d52c0978077c4fd83c33b065bade73e /src/lib/libcrypto/ecdsa/ecs_lib.c
parent: 731838c66b52c0ae5888333005b74115a620aa96 (diff)
download: openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.gz
openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.bz2
openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.zip
1 files changed, 20 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c
index 2ebae3aa27..e477da430b 100644
--- a/src/lib/libcrypto/ecdsa/ecs_lib.c
+++ b/src/lib/libcrypto/ecdsa/ecs_lib.c
@@ -60,6 +60,9 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
@@ -77,7 +80,16 @@ void ECDSA_set_default_method(const ECDSA_METHOD *meth)
 const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
        if(!default_ECDSA_method) 
+                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        return FIPS_ecdsa_openssl();
+                else
+                        return ECDSA_OpenSSL();
+#else
                default_ECDSA_method = ECDSA_OpenSSL();
+#endif
+                }
        return default_ECDSA_method;
 }
@@ -193,7 +205,14 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
        }
        else
                ecdsa_data = (ECDSA_DATA *)data;
-        
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
+                        && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
+                {
+                ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
+                return NULL;
+                }
+#endif
        return ecdsa_data;
 }
author	djm <>	2012-10-13 21:23:50 +0000
committer	djm <>	2012-10-13 21:23:50 +0000
commit	228cae30b117c2493f69ad3c195341cd6ec8d430 (patch)
tree	29ff00b10d52c0978077c4fd83c33b065bade73e /src/lib/libcrypto/ecdsa/ecs_lib.c
parent	731838c66b52c0ae5888333005b74115a620aa96 (diff)
download	openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.gz openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.tar.bz2 openbsd-228cae30b117c2493f69ad3c195341cd6ec8d430.zip

diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c index 2ebae3aa27..e477da430b 100644 --- a/src/lib/libcrypto/ecdsa/ecs_lib.c +++ b/src/lib/libcrypto/ecdsa/ecs_lib.c
@@ -60,6 +60,9 @@
60	#endif	60	#endif
61	#include <openssl/err.h>	61	#include <openssl/err.h>
62	#include <openssl/bn.h>	62	#include <openssl/bn.h>
		63	#ifdef OPENSSL_FIPS
		64	#include <openssl/fips.h>
		65	#endif
63		66
64	const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;	67	const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
65		68
@@ -77,7 +80,16 @@ void ECDSA_set_default_method(const ECDSA_METHOD *meth)
77	const ECDSA_METHOD *ECDSA_get_default_method(void)	80	const ECDSA_METHOD *ECDSA_get_default_method(void)
78	{	81	{
79	if(!default_ECDSA_method)	82	if(!default_ECDSA_method)
		83	{
		84	#ifdef OPENSSL_FIPS
		85	if (FIPS_mode())
		86	return FIPS_ecdsa_openssl();
		87	else
		88	return ECDSA_OpenSSL();
		89	#else
80	default_ECDSA_method = ECDSA_OpenSSL();	90	default_ECDSA_method = ECDSA_OpenSSL();
		91	#endif
		92	}
81	return default_ECDSA_method;	93	return default_ECDSA_method;
82	}	94	}
83		95
@@ -193,7 +205,14 @@ ECDSA_DATA ecdsa_check(EC_KEY key)
193	}	205	}
194	else	206	else
195	ecdsa_data = (ECDSA_DATA *)data;	207	ecdsa_data = (ECDSA_DATA *)data;
196		208	#ifdef OPENSSL_FIPS
		209	if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
		210	&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
		211	{
		212	ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
		213	return NULL;
		214	}
		215	#endif
197		216
198	return ecdsa_data;	217	return ecdsa_data;
199	}	218	}