Loading crypto/dsa/dsa.h +7 −0 Original line number Diff line number Diff line Loading @@ -88,6 +88,13 @@ * be used for all exponents. */ /* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode * it is then the applications responsibility to ensure the external method * is compliant. */ #define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04 #if defined(OPENSSL_FIPS) #define FIPS_DSA_SIZE_T int #endif Loading crypto/dsa/dsa_sign.c +4 −2 Original line number Diff line number Diff line Loading @@ -72,7 +72,8 @@ DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { #ifdef OPENSSL_FIPS if(FIPS_mode() && !FIPS_dsa_check(dsa)) if(FIPS_mode() && !FIPS_dsa_check(dsa) && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)) return NULL; #endif return dsa->meth->dsa_do_sign(dgst, dlen, dsa); Loading @@ -96,7 +97,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { #ifdef OPENSSL_FIPS if(FIPS_mode() && !FIPS_dsa_check(dsa)) if(FIPS_mode() && !FIPS_dsa_check(dsa) && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)) return 0; #endif return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); Loading crypto/dsa/dsa_vrf.c +2 −1 Original line number Diff line number Diff line Loading @@ -74,7 +74,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { #ifdef OPENSSL_FIPS if(FIPS_mode() && !FIPS_dsa_check(dsa)) if(FIPS_mode() && !FIPS_dsa_check(dsa) && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)) return -1; #endif return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); Loading Loading
crypto/dsa/dsa.h +7 −0 Original line number Diff line number Diff line Loading @@ -88,6 +88,13 @@ * be used for all exponents. */ /* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode * it is then the applications responsibility to ensure the external method * is compliant. */ #define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW 0x04 #if defined(OPENSSL_FIPS) #define FIPS_DSA_SIZE_T int #endif Loading
crypto/dsa/dsa_sign.c +4 −2 Original line number Diff line number Diff line Loading @@ -72,7 +72,8 @@ DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) { #ifdef OPENSSL_FIPS if(FIPS_mode() && !FIPS_dsa_check(dsa)) if(FIPS_mode() && !FIPS_dsa_check(dsa) && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)) return NULL; #endif return dsa->meth->dsa_do_sign(dgst, dlen, dsa); Loading @@ -96,7 +97,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { #ifdef OPENSSL_FIPS if(FIPS_mode() && !FIPS_dsa_check(dsa)) if(FIPS_mode() && !FIPS_dsa_check(dsa) && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)) return 0; #endif return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); Loading
crypto/dsa/dsa_vrf.c +2 −1 Original line number Diff line number Diff line Loading @@ -74,7 +74,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) { #ifdef OPENSSL_FIPS if(FIPS_mode() && !FIPS_dsa_check(dsa)) if(FIPS_mode() && !FIPS_dsa_check(dsa) && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)) return -1; #endif return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); Loading
