diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-08-07 01:08:14 +0100 |
---|---|---|
committer | Janusz Kozerski <j.kozerski@samsung.com> | 2014-10-20 15:25:34 +0200 |
commit | 1aaeaf200e58d442a7bc85af849b2a2ab7f99616 (patch) | |
tree | 73f5aca194bb7ed9c7ac7807943a48cbcc865d0f | |
parent | a31b6be09f99555954eada0dab7fb9e5cae2f4c6 (diff) | |
download | openssl-1aaeaf200e58d442a7bc85af849b2a2ab7f99616.tar.gz openssl-1aaeaf200e58d442a7bc85af849b2a2ab7f99616.tar.bz2 openssl-1aaeaf200e58d442a7bc85af849b2a2ab7f99616.zip |
Only use FIPS EC methods in FIPS mode.
Reviewed-by: Tim Hudson <tjh@openssl.org>
-rw-r--r-- | crypto/ec/ec2_smpl.c | 9 | ||||
-rw-r--r-- | crypto/ec/ecp_mont.c | 9 | ||||
-rw-r--r-- | crypto/ec/ecp_nist.c | 9 | ||||
-rw-r--r-- | crypto/ec/ecp_smpl.c | 9 |
4 files changed, 20 insertions, 16 deletions
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index e0e59c7..62223cb 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -80,9 +80,6 @@ const EC_METHOD *EC_GF2m_simple_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gf2m_simple_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_characteristic_two_field, @@ -125,8 +122,12 @@ const EC_METHOD *EC_GF2m_simple_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gf2m_simple_method(); #endif + + return &ret; } diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index f04f132..3c5ec19 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -72,9 +72,6 @@ const EC_METHOD *EC_GFp_mont_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_mont_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -114,8 +111,12 @@ const EC_METHOD *EC_GFp_mont_method(void) ec_GFp_mont_field_decode, ec_GFp_mont_field_set_to_one }; - return &ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_mont_method(); #endif + + return &ret; } diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index aad2d5f..db3b99e 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -73,9 +73,6 @@ const EC_METHOD *EC_GFp_nist_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_nist_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_nist_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_nist_method(); #endif + + return &ret; } int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index ef52854..ba56983 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -73,9 +73,6 @@ const EC_METHOD *EC_GFp_simple_method(void) { -#ifdef OPENSSL_FIPS - return fips_ec_gfp_simple_method(); -#else static const EC_METHOD ret = { EC_FLAGS_DEFAULT_OCT, NID_X9_62_prime_field, @@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_simple_method(void) 0 /* field_decode */, 0 /* field_set_to_one */ }; - return &ret; +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return fips_ec_gfp_simple_method(); #endif + + return &ret; } |