diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-06 15:39:17 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-06 15:39:17 +0000 |
commit | 6342b6e3324e39863607efce048fa2ef1f3a293d (patch) | |
tree | 803effdff2d24a690bca5c37d7607e6de84a853d /crypto/ec | |
parent | a6dc77822bb0948e04be800e424d8076a6a8c003 (diff) |
Redirection of ECDSA, ECDH operations to FIPS module.
Also use FIPS EC methods unconditionally for now: might want to use them
only in FIPS mode or with a switch later.
Diffstat (limited to 'crypto/ec')
-rw-r--r-- | crypto/ec/ec2_smpl.c | 8 | ||||
-rw-r--r-- | crypto/ec/ec_key.c | 8 | ||||
-rw-r--r-- | crypto/ec/ecp_mont.c | 9 | ||||
-rw-r--r-- | crypto/ec/ecp_nist.c | 8 | ||||
-rw-r--r-- | crypto/ec/ecp_smpl.c | 8 |
5 files changed, 41 insertions, 0 deletions
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 98e60cfa99..2028b4d327 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -73,9 +73,16 @@ #ifndef OPENSSL_NO_EC2M +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const EC_METHOD *EC_GF2m_simple_method(void) { +#ifdef OPENSSL_FIPS + return fips_ec_gf2m_simple_method(); +#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_characteristic_two_field, @@ -119,6 +126,7 @@ const EC_METHOD *EC_GF2m_simple_method(void) 0 /* field_set_to_one */ }; return &ret; +#endif } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 101dd8d3d0..d4f6d61ca4 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -65,6 +65,9 @@ #include "ec_lcl.h" #include <openssl/err.h> #include <string.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif EC_KEY *EC_KEY_new(void) { @@ -239,6 +242,11 @@ int EC_KEY_generate_key(EC_KEY *eckey) BIGNUM *priv_key = NULL, *order = NULL; EC_POINT *pub_key = NULL; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return FIPS_ec_key_generate_key(eckey); +#endif + if (!eckey || !eckey->group) { ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER); diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index cee0fee12a..079e47431b 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -63,11 +63,18 @@ #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "ec_lcl.h" const EC_METHOD *EC_GFp_mont_method(void) { +#ifdef OPENSSL_FIPS + return fips_ec_gfp_mont_method(); +#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -107,7 +114,9 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one }; + return &ret; +#endif } diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index ac5b814238..aad2d5f443 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -67,8 +67,15 @@ #include <openssl/obj_mac.h> #include "ec_lcl.h" +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const EC_METHOD *EC_GFp_nist_method(void) { +#ifdef OPENSSL_FIPS + return fips_ec_gfp_nist_method(); +#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -109,6 +116,7 @@ const EC_METHOD *EC_GFp_nist_method(void) 0 /* field_set_to_one */ }; return &ret; +#endif } int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 4466220561..7cbb321f9a 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -65,10 +65,17 @@ #include <openssl/err.h> #include <openssl/symhacks.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + #include "ec_lcl.h" const EC_METHOD *EC_GFp_simple_method(void) { +#ifdef OPENSSL_FIPS + return fips_ec_gfp_simple_method(); +#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -109,6 +116,7 @@ const EC_METHOD *EC_GFp_simple_method(void) 0 /* field_set_to_one */ }; return &ret; +#endif } |