Redirection of ECDSA, ECDH operations to FIPS module.

[openssl.git] / crypto / ecdh / ech_lib.c

diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index 4d8ea03d3df2ff8c287ee3e1bf6a8bf12ac945aa..49c0e41d1405293d10ea29a04a2dc792df0b93d0 100644 (file)
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 
@@ -90,7 +93,14 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
 const ECDH_METHOD *ECDH_get_default_method(void)
        {
        if(!default_ECDH_method) 
-               default_ECDH_method = ECDH_OpenSSL();
+               {
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       default_ECDH_method = FIPS_ecdh_openssl();
+               else
+#endif
+                       default_ECDH_method = ECDH_OpenSSL();
+               }
        return default_ECDH_method;
        }