From 0758ab5ea778e4ba36d2150af1bba602a48d6467 Mon Sep 17 00:00:00 2001
From: Jung-uk Kim <jkim@FreeBSD.org>
Date: Wed, 11 Jul 2012 23:31:36 +0000
Subject: Import OpenSSL 1.0.1c.

Approved by:	benl (maintainer)
---
 crypto/ecdh/ech_lib.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'crypto/ecdh/ech_lib.c')

diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index bf2223477852..dadbfd3c49f5 100644
--- a/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 
@@ -90,7 +93,16 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
 const ECDH_METHOD *ECDH_get_default_method(void)
 	{
 	if(!default_ECDH_method) 
+		{
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			return FIPS_ecdh_openssl();
+		else
+			return ECDH_OpenSSL();
+#else
 		default_ECDH_method = ECDH_OpenSSL();
+#endif
+		}
 	return default_ECDH_method;
 	}
 
@@ -103,6 +115,11 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
 	if (ecdh == NULL)
 		return 0;
 
+#if 0
+        mtmp = ecdh->meth;
+        if (mtmp->finish)
+		mtmp->finish(eckey);
+#endif
 #ifndef OPENSSL_NO_ENGINE
 	if (ecdh->engine)
 		{
@@ -210,6 +227,14 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
 	}
 	else
 		ecdh_data = (ECDH_DATA *)data;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
+			&& !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
+		{
+		ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
+		return NULL;
+		}
+#endif
 	
 
 	return ecdh_data;
-- 
cgit v1.2.3