generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Redirect DSA operations to FIPS module in FIPS mode.

Browse Source
This commit is contained in:
Dr. Stephen Henson
2011-06-09 13:54:09 +00:00
parent cc30415d0c
commit 752c1a0ce9
7 changed files with 79 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/dsa/dsa_lib.c
View File

@@ -70,6 +70,10 @@
#include <openssl/dh.h>
#endif
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
static const DSA_METHOD *default_DSA_method = NULL;
@@ -82,7 +86,14 @@ void DSA_set_default_method(const DSA_METHOD *meth)
const DSA_METHOD *DSA_get_default_method(void)
{
if(!default_DSA_method)
default_DSA_method = DSA_OpenSSL();
{
#ifdef OPENSSL_FIPS
if (FIPS_mode())
default_DSA_method = FIPS_dsa_openssl();
else
#endif
default_DSA_method = DSA_OpenSSL();
}
return default_DSA_method;
}
@@ -163,7 +174,7 @@ DSA *DSA_new_method(ENGINE *engine)
ret->method_mont_p=NULL;
ret->references=1;
ret->flags=ret->meth->flags;
ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{