diff options
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | crypto/dh/dh_lib.c | 6 | ||||
| -rw-r--r-- | crypto/dsa/dsa_lib.c | 6 | ||||
| -rw-r--r-- | crypto/ecdh/ech_lib.c | 6 | ||||
| -rw-r--r-- | crypto/ecdsa/ecs_lib.c | 6 | ||||
| -rw-r--r-- | crypto/rsa/rsa_lib.c | 16 |
6 files changed, 29 insertions, 17 deletions
@@ -4,6 +4,12 @@ Changes between 1.0.0e and 1.0.1 [xx XXX xxxx] + *) For FIPS capable OpenSSL interpret a NULL default public key method + as unset and return the appopriate default but do *not* set the default. + This means we can return the appopriate method in applications that + swicth between FIPS and non-FIPS modes. + [Steve Henson] + *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an ENGINE is used then we cannot handle that in the FIPS module so we keep original code iff non-FIPS operations are allowed. diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index edb4bb31fb..00218f2b92 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -83,10 +83,12 @@ const DH_METHOD *DH_get_default_method(void) { #ifdef OPENSSL_FIPS if (FIPS_mode()) - default_DH_method = FIPS_dh_openssl(); + return FIPS_dh_openssl(); else + return DH_OpenSSL(); +#else + default_DH_method = DH_OpenSSL(); #endif - default_DH_method = DH_OpenSSL(); } return default_DH_method; } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index f7960901a0..e416ef3e12 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -89,10 +89,12 @@ const DSA_METHOD *DSA_get_default_method(void) { #ifdef OPENSSL_FIPS if (FIPS_mode()) - default_DSA_method = FIPS_dsa_openssl(); + return FIPS_dsa_openssl(); else + return DSA_OpenSSL(); +#else + default_DSA_method = DSA_OpenSSL(); #endif - default_DSA_method = DSA_OpenSSL(); } return default_DSA_method; } diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index 568392bdd4..dadbfd3c49 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -96,10 +96,12 @@ const ECDH_METHOD *ECDH_get_default_method(void) { #ifdef OPENSSL_FIPS if (FIPS_mode()) - default_ECDH_method = FIPS_ecdh_openssl(); + return FIPS_ecdh_openssl(); else + return ECDH_OpenSSL(); +#else + default_ECDH_method = ECDH_OpenSSL(); #endif - default_ECDH_method = ECDH_OpenSSL(); } return default_ECDH_method; } diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 65aca01767..e477da430b 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -83,10 +83,12 @@ const ECDSA_METHOD *ECDSA_get_default_method(void) { #ifdef OPENSSL_FIPS if (FIPS_mode()) - default_ECDSA_method = FIPS_ecdsa_openssl(); + return FIPS_ecdsa_openssl(); else + return ECDSA_OpenSSL(); +#else + default_ECDSA_method = ECDSA_OpenSSL(); #endif - default_ECDSA_method = ECDSA_OpenSSL(); } return default_ECDSA_method; } diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index e844395482..c95ceafc82 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -91,18 +91,16 @@ const RSA_METHOD *RSA_get_default_method(void) { if (default_RSA_meth == NULL) { -#ifdef RSA_NULL - default_RSA_meth=RSA_null_method(); -#else -#if 0 /* was: #ifdef RSAref */ - default_RSA_meth=RSA_PKCS1_RSAref(); -#else #ifdef OPENSSL_FIPS if (FIPS_mode()) - default_RSA_meth = FIPS_rsa_pkcs1_ssleay(); + return FIPS_rsa_pkcs1_ssleay(); else -#endif - default_RSA_meth=RSA_PKCS1_SSLeay(); + return RSA_PKCS1_SSLeay(); +#else +#ifdef RSA_NULL + default_RSA_meth=RSA_null_method(); +#else + default_RSA_meth=RSA_PKCS1_SSLeay(); #endif #endif } |