diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-01-23 20:33:28 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-01-23 20:33:28 +1000 |
commit | 62f49b90d7e88d3c36fc1f5e4d677997aeb97b0a (patch) | |
tree | fbe5f7df9b658d87f2975923703942033ff020d2 /crypto/evp/exchange.c | |
parent | f10048301390283523d3d1623880be7518cf46ac (diff) |
Add DH key exchange to fips provider
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10826)
Diffstat (limited to 'crypto/evp/exchange.c')
-rw-r--r-- | crypto/evp/exchange.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 1f9e39be4c..1f87c59343 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -256,6 +256,9 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) */ ERR_pop_to_mark(); +#ifdef FIPS_MODE + return 0; +#else if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; @@ -267,11 +270,12 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) if (ret <= 0) ctx->operation = EVP_PKEY_OP_UNDEFINED; return ret; +#endif } int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) { - int ret; + int ret = 0; void *provkey = NULL; if (ctx == NULL) { @@ -296,6 +300,9 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return ctx->op.kex.exchange->set_peer(ctx->op.kex.exchprovctx, provkey); legacy: +#ifdef FIPS_MODE + return ret; +#else if (ctx->pmeth == NULL || !(ctx->pmeth->derive != NULL || ctx->pmeth->encrypt != NULL @@ -356,6 +363,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) EVP_PKEY_up_ref(peer); return 1; +#endif } int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) |