generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Redirect DSA operations to FIPS module in FIPS mode.

Browse Source
This commit is contained in:
Dr. Stephen Henson
2011-06-09 13:54:09 +00:00
parent cc30415d0c
commit 752c1a0ce9
7 changed files with 79 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
crypto/dsa/dsa_sign.c
View File

@@ -65,11 +65,27 @@
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
return NULL;
}
#endif
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
return 0;
}
#endif
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
}