Commit 69a80f7d authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

More fixes for DSA FIPS overrides.

parent dc03504d

apps/dsaparam.c

+9 −1
Original line number Diff line number Diff line
@@ -435,13 +435,21 @@ bad: 


		assert(need_rand);

		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;

		if (!DSA_generate_key(dsakey)) goto end;

		if (non_fips_allow)

			dsakey->flags |= DSA_FLAG_NON_FIPS_ALLOW;

		if (!DSA_generate_key(dsakey))

			{

			ERR_print_errors(bio_err);

			DSA_free(dsakey);

			goto end;

			}

		if 	(outformat == FORMAT_ASN1)

			i=i2d_DSAPrivateKey_bio(out,dsakey);

		else if (outformat == FORMAT_PEM)

			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);

		else	{

			BIO_printf(bio_err,"bad output format specified for outfile\n");

			DSA_free(dsakey);

			goto end;

			}

		DSA_free(dsakey);

crypto/dsa/dsa_ossl.c

+2 −1
Original line number Diff line number Diff line
@@ -353,7 +353,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 
	    return -1;

	    }



	if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))

	if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 

		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))

		{

		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);

		return -1;