Loading apps/dsaparam.c +6 −0 Original line number Diff line number Diff line Loading @@ -118,6 +118,7 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; int non_fips_allow = 0; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif Loading Loading @@ -195,6 +196,8 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-non-fips-allow") == 0) non_fips_allow = 1; else if (sscanf(*argv,"%d",&num) == 1) { /* generate a key */ Loading Loading @@ -297,6 +300,8 @@ bad: BIO_printf(bio_err,"Error allocating DSA object\n"); goto end; } if (non_fips_allow) dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW; BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); #ifdef GENCB_TEST Loading Loading @@ -326,6 +331,7 @@ bad: goto end; } #endif ERR_print_errors(bio_err); BIO_printf(bio_err,"Error, DSA key generation failed\n"); goto end; } Loading apps/genrsa.c +6 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; #endif int ret=1; int non_fips_allow = 0; int i,num=DEFBITS; long l; const EVP_CIPHER *enc=NULL; Loading Loading @@ -185,6 +186,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } else if (strcmp(*argv,"-non-fips-allow") == 0) non_fips_allow = 1; else break; argv++; Loading Loading @@ -273,6 +276,9 @@ bad: if (!rsa) goto err; if (non_fips_allow) rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW; if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; Loading crypto/dsa/dsa_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -163,7 +163,7 @@ DSA *DSA_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references=1; ret->flags=ret->meth->flags; ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { Loading crypto/rsa/rsa.h +1 −1 Original line number Diff line number Diff line Loading @@ -458,7 +458,7 @@ RSA *RSAPrivateKey_dup(RSA *rsa); /* If this flag is set the RSA method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an * application sets this flag in its own methods it is its reposibility * application sets this flag in its own methods it is its responsibility * to ensure the result is compliant. */ Loading crypto/rsa/rsa_eay.c +8 −4 Original line number Diff line number Diff line Loading @@ -170,7 +170,8 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; Loading Loading @@ -381,7 +382,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; Loading Loading @@ -528,7 +530,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; Loading Loading @@ -671,7 +674,8 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; Loading Loading
apps/dsaparam.c +6 −0 Original line number Diff line number Diff line Loading @@ -118,6 +118,7 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; int non_fips_allow = 0; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif Loading Loading @@ -195,6 +196,8 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (strcmp(*argv,"-non-fips-allow") == 0) non_fips_allow = 1; else if (sscanf(*argv,"%d",&num) == 1) { /* generate a key */ Loading Loading @@ -297,6 +300,8 @@ bad: BIO_printf(bio_err,"Error allocating DSA object\n"); goto end; } if (non_fips_allow) dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW; BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); #ifdef GENCB_TEST Loading Loading @@ -326,6 +331,7 @@ bad: goto end; } #endif ERR_print_errors(bio_err); BIO_printf(bio_err,"Error, DSA key generation failed\n"); goto end; } Loading
apps/genrsa.c +6 −0 Original line number Diff line number Diff line Loading @@ -93,6 +93,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; #endif int ret=1; int non_fips_allow = 0; int i,num=DEFBITS; long l; const EVP_CIPHER *enc=NULL; Loading Loading @@ -185,6 +186,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } else if (strcmp(*argv,"-non-fips-allow") == 0) non_fips_allow = 1; else break; argv++; Loading Loading @@ -273,6 +276,9 @@ bad: if (!rsa) goto err; if (non_fips_allow) rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW; if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; Loading
crypto/dsa/dsa_lib.c +1 −1 Original line number Diff line number Diff line Loading @@ -163,7 +163,7 @@ DSA *DSA_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references=1; ret->flags=ret->meth->flags; ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { Loading
crypto/rsa/rsa.h +1 −1 Original line number Diff line number Diff line Loading @@ -458,7 +458,7 @@ RSA *RSAPrivateKey_dup(RSA *rsa); /* If this flag is set the RSA method is FIPS compliant and can be used * in FIPS mode. This is set in the validated module method. If an * application sets this flag in its own methods it is its reposibility * application sets this flag in its own methods it is its responsibility * to ensure the result is compliant. */ Loading
crypto/rsa/rsa_eay.c +8 −4 Original line number Diff line number Diff line Loading @@ -170,7 +170,8 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; Loading Loading @@ -381,7 +382,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; Loading Loading @@ -528,7 +530,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; Loading Loading @@ -671,7 +674,8 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; Loading
