Changes between 1.0.0d and 1.0.1 [xx XXX xxxx]
+ *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use
+ FIPS EC methods unconditionally for now.
+ [Steve Henson]
+
*) New build option no-ec2m to disable characteristic 2 code.
[Steve Henson]
#ifndef OPENSSL_NO_EC2M
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
const EC_METHOD *EC_GF2m_simple_method(void)
{
+#ifdef OPENSSL_FIPS
+ return fips_ec_gf2m_simple_method();
+#else
static const EC_METHOD ret = {
EC_FLAGS_DEFAULT_OCT,
NID_X9_62_characteristic_two_field,
0 /* field_set_to_one */ };
return &ret;
+#endif
}
#include "ec_lcl.h"
#include <openssl/err.h>
#include <string.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
EC_KEY *EC_KEY_new(void)
{
BIGNUM *priv_key = NULL, *order = NULL;
EC_POINT *pub_key = NULL;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_ec_key_generate_key(eckey);
+#endif
+
if (!eckey || !eckey->group)
{
ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#include "ec_lcl.h"
const EC_METHOD *EC_GFp_mont_method(void)
{
+#ifdef OPENSSL_FIPS
+ return fips_ec_gfp_mont_method();
+#else
static const EC_METHOD ret = {
EC_FLAGS_DEFAULT_OCT,
NID_X9_62_prime_field,
ec_GFp_mont_field_decode,
ec_GFp_mont_field_set_to_one };
+
return &ret;
+#endif
}
#include <openssl/obj_mac.h>
#include "ec_lcl.h"
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
const EC_METHOD *EC_GFp_nist_method(void)
{
+#ifdef OPENSSL_FIPS
+ return fips_ec_gfp_nist_method();
+#else
static const EC_METHOD ret = {
EC_FLAGS_DEFAULT_OCT,
NID_X9_62_prime_field,
0 /* field_set_to_one */ };
return &ret;
+#endif
}
int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
#include <openssl/err.h>
#include <openssl/symhacks.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
#include "ec_lcl.h"
const EC_METHOD *EC_GFp_simple_method(void)
{
+#ifdef OPENSSL_FIPS
+ return fips_ec_gfp_simple_method();
+#else
static const EC_METHOD ret = {
EC_FLAGS_DEFAULT_OCT,
NID_X9_62_prime_field,
0 /* field_set_to_one */ };
return &ret;
+#endif
}
#include <openssl/engine.h>
#endif
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
const ECDH_METHOD *ECDH_get_default_method(void)
{
if(!default_ECDH_method)
- default_ECDH_method = ECDH_OpenSSL();
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ default_ECDH_method = FIPS_ecdh_openssl();
+ else
+#endif
+ default_ECDH_method = ECDH_OpenSSL();
+ }
return default_ECDH_method;
}
#endif
#include <openssl/err.h>
#include <openssl/bn.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
const ECDSA_METHOD *ECDSA_get_default_method(void)
{
if(!default_ECDSA_method)
- default_ECDSA_method = ECDSA_OpenSSL();
+ {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ default_ECDSA_method = FIPS_ecdsa_openssl();
+ else
+#endif
+ default_ECDSA_method = ECDSA_OpenSSL();
+ }
return default_ECDSA_method;
}
projects / openssl / commitdiff