Only use FIPS EC methods in FIPS mode.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 1433cac53c93f9f109290389f60b17078a572d3d)

diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index e0e59c7d8299b0ccebb7e2027a7e48b6c02c8dc7..62223cbb01f2f052886ce039515426de7353d7a5 100644 (file)
--- a/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
@@ -80,9 +80,6 @@
 
 const EC_METHOD *EC_GF2m_simple_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gf2m_simple_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_characteristic_two_field,
@@ -125,8 +122,12 @@ const EC_METHOD *EC_GF2m_simple_method(void)
                0 /* field_decode */,
                0 /* field_set_to_one */ };
 
-       return &ret;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return fips_ec_gf2m_simple_method();
 #endif
+
+       return &ret;
        }
 
 

diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c
index f04f132c7ad689a444d539f7d3cdee185af52f83..3c5ec1965ac829874b23ada4710bdda8c71b84fe 100644 (file)
--- a/crypto/ec/ecp_mont.c
+++ b/crypto/ec/ecp_mont.c
@@ -72,9 +72,6 @@
 
 const EC_METHOD *EC_GFp_mont_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_mont_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -114,8 +111,12 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_mont_field_decode,
                ec_GFp_mont_field_set_to_one };
 
-       return &ret;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return fips_ec_gfp_mont_method();
 #endif
+
+       return &ret;
        }
 
 

diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c
index aad2d5f44389ad6a5f345a05d8da04d2cba7f4d2..db3b99e06a5fa966f946b4067207b0460045581d 100644 (file)
--- a/crypto/ec/ecp_nist.c
+++ b/crypto/ec/ecp_nist.c
@@ -73,9 +73,6 @@
 
 const EC_METHOD *EC_GFp_nist_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_nist_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_nist_method(void)
                0 /* field_decode */,
                0 /* field_set_to_one */ };
 
-       return &ret;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return fips_ec_gfp_nist_method();
 #endif
+
+       return &ret;
        }
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)

diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index ef5285477a2a9f88b37ae3bdf3d867969d84e802..ba56983f958b9022ec610c945c5dd622881a8f12 100644 (file)
--- a/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
@@ -73,9 +73,6 @@
 
 const EC_METHOD *EC_GFp_simple_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_simple_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_simple_method(void)
                0 /* field_decode */,
                0 /* field_set_to_one */ };
 
-       return &ret;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return fips_ec_gfp_simple_method();
 #endif
+
+       return &ret;
        }