Only use FIPS EC methods in FIPS mode.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 7 Aug 2014 00:08:14 +0000 (01:08 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 7 Aug 2014 00:08:14 +0000 (01:08 +0100)
Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/ec/ec2_smpl.c
crypto/ec/ecp_mont.c
crypto/ec/ecp_nist.c
crypto/ec/ecp_smpl.c

index e0e59c7..62223cb 100644 (file)
@@ -80,9 +80,6 @@
 
 const EC_METHOD *EC_GF2m_simple_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gf2m_simple_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_characteristic_two_field,
@@ -125,8 +122,12 @@ const EC_METHOD *EC_GF2m_simple_method(void)
                0 /* field_decode */,
                0 /* field_set_to_one */ };
 
-       return &ret;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return fips_ec_gf2m_simple_method();
 #endif
+
+       return &ret;
        }
 
 
index f04f132..3c5ec19 100644 (file)
@@ -72,9 +72,6 @@
 
 const EC_METHOD *EC_GFp_mont_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_mont_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -114,8 +111,12 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_mont_field_decode,
                ec_GFp_mont_field_set_to_one };
 
-       return &ret;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return fips_ec_gfp_mont_method();
 #endif
+
+       return &ret;
        }
 
 
index aad2d5f..db3b99e 100644 (file)
@@ -73,9 +73,6 @@
 
 const EC_METHOD *EC_GFp_nist_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_nist_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_nist_method(void)
                0 /* field_decode */,
                0 /* field_set_to_one */ };
 
-       return &ret;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return fips_ec_gfp_nist_method();
 #endif
+
+       return &ret;
        }
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
index ef52854..ba56983 100644 (file)
@@ -73,9 +73,6 @@
 
 const EC_METHOD *EC_GFp_simple_method(void)
        {
-#ifdef OPENSSL_FIPS
-       return fips_ec_gfp_simple_method();
-#else
        static const EC_METHOD ret = {
                EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
@@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_simple_method(void)
                0 /* field_decode */,
                0 /* field_set_to_one */ };
 
-       return &ret;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return fips_ec_gfp_simple_method();
 #endif
+
+       return &ret;
        }