*
*/
+#define OPENSSL_FIPSAPI
#include <string.h>
#include <limits.h>
NULL, /* init */
NULL, /* finish */
#endif
- 0, /* flags */
+ ECDH_FLAG_FIPS_METHOD, /* flags */
NULL /* app_data */
};
size_t buflen, len;
unsigned char *buf=NULL;
+#ifdef OPENSSL_FIPS
+ if(FIPS_selftest_failed())
+ {
+ FIPSerr(FIPS_F_ECDH_COMPUTE_KEY,FIPS_R_FIPS_SELFTEST_FAILED);
+ return -1;
+ }
+#endif
+
if (outlen > INT_MAX)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
}
group = EC_KEY_get0_group(ecdh);
+
+ if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH)
+ {
+ if (!EC_GROUP_get_cofactor(group, x, ctx) ||
+ !BN_mul(x, x, priv_key, ctx))
+ {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ priv_key = x;
+ }
+
if ((tmp=EC_POINT_new(group)) == NULL)
{
ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
if (buf) OPENSSL_free(buf);
return(ret);
}
+
+#ifdef OPENSSL_FIPSCANISTER
+/* FIPS stanadlone version of ecdh_check: just return FIPS method */
+ECDH_DATA *fips_ecdh_check(EC_KEY *key)
+ {
+ static ECDH_DATA rv = {
+ 0,0,0,
+ &openssl_ecdh_meth
+ };
+ return &rv;
+ }
+#endif
projects / oweals / openssl.git / blobdiff