summaryrefslogtreecommitdiff
path: root/app/openssl/crypto/ecdh/ech_lib.c
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-06-13 13:24:13 +0200
committerParménides GV <parmegv@sdf.org>2014-06-13 13:24:13 +0200
commit69b10487fcd63dfe1e94fa97c9f3fd9b035646b4 (patch)
treed4960893a4444634d404c7fbe4fa3e8778d30179 /app/openssl/crypto/ecdh/ech_lib.c
parent9f6cfff38ae87922adc022300e1e2fd1c0d4c3e4 (diff)
parente45929e220fe49e30235a1d4d36c1a413547f8bf (diff)
Merge branch 'develop'
Diffstat (limited to 'app/openssl/crypto/ecdh/ech_lib.c')
-rw-r--r--app/openssl/crypto/ecdh/ech_lib.c31
1 files changed, 29 insertions, 2 deletions
diff --git a/app/openssl/crypto/ecdh/ech_lib.c b/app/openssl/crypto/ecdh/ech_lib.c
index 4d8ea03d..0644431b 100644
--- a/app/openssl/crypto/ecdh/ech_lib.c
+++ b/app/openssl/crypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
#include <openssl/engine.h>
#endif
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
@@ -90,7 +93,16 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
const ECDH_METHOD *ECDH_get_default_method(void)
{
if(!default_ECDH_method)
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_ecdh_openssl();
+ else
+ return ECDH_OpenSSL();
+#else
default_ECDH_method = ECDH_OpenSSL();
+#endif
+ }
return default_ECDH_method;
}
@@ -210,11 +222,26 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
ecdh_data = (ECDH_DATA *)ecdh_data_new();
if (ecdh_data == NULL)
return NULL;
- EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
- ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+ ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+ if (data != NULL)
+ {
+ /* Another thread raced us to install the key_method
+ * data and won. */
+ ecdh_data_free(ecdh_data);
+ ecdh_data = (ECDH_DATA *)data;
+ }
}
else
ecdh_data = (ECDH_DATA *)data;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
+ && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
+ {
+ ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
+ return NULL;
+ }
+#endif
return ecdh_data;