Redirection of ECDSA, ECDH operations to FIPS module.

Also use FIPS EC methods unconditionally for now: might want to use them only in FIPS mode or with a switch later.
author: Dr. Stephen Henson <steve@openssl.org> 2011-06-06 15:39:17 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-06 15:39:17 +0000
commit: 6342b6e3324e39863607efce048fa2ef1f3a293d (patch)
tree: 803effdff2d24a690bca5c37d7607e6de84a853d /crypto/ecdsa
parent: a6dc77822bb0948e04be800e424d8076a6a8c003 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
index 2ebae3aa27..0c5b17a527 100644
--- a/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
@@ -60,6 +60,9 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
 
@@ -77,7 +80,14 @@ void ECDSA_set_default_method(const ECDSA_METHOD *meth)
 const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
 	if(!default_ECDSA_method) 
-		default_ECDSA_method = ECDSA_OpenSSL();
+		{
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			default_ECDSA_method = FIPS_ecdsa_openssl();
+		else
+#endif
+			default_ECDSA_method = ECDSA_OpenSSL();
+		}
 	return default_ECDSA_method;
 }
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-06 15:39:17 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-06 15:39:17 +0000
commit	6342b6e3324e39863607efce048fa2ef1f3a293d (patch)
tree	803effdff2d24a690bca5c37d7607e6de84a853d /crypto/ecdsa
parent	a6dc77822bb0948e04be800e424d8076a6a8c003 (diff)