Redirection of ECDSA, ECDH operations to FIPS module.

Also use FIPS EC methods unconditionally for now: might want to use them only in FIPS mode or with a switch later.
author: Dr. Stephen Henson <steve@openssl.org> 2011-06-06 15:39:17 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-06 15:39:17 +0000
commit: 6342b6e3324e39863607efce048fa2ef1f3a293d (patch)
tree: 803effdff2d24a690bca5c37d7607e6de84a853d /crypto/ecdh
parent: a6dc77822bb0948e04be800e424d8076a6a8c003 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index 4d8ea03d3d..49c0e41d14 100644
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 
@@ -90,7 +93,14 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
 const ECDH_METHOD *ECDH_get_default_method(void)
 	{
 	if(!default_ECDH_method) 
-		default_ECDH_method = ECDH_OpenSSL();
+		{
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			default_ECDH_method = FIPS_ecdh_openssl();
+		else
+#endif
+			default_ECDH_method = ECDH_OpenSSL();
+		}
 	return default_ECDH_method;
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-06 15:39:17 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-06 15:39:17 +0000
commit	6342b6e3324e39863607efce048fa2ef1f3a293d (patch)
tree	803effdff2d24a690bca5c37d7607e6de84a853d /crypto/ecdh
parent	a6dc77822bb0948e04be800e424d8076a6a8c003 (diff)