Make sure overrides work for RSA/DSA.

2 files changed, 12 insertions, 0 deletions

diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index fe72c1d3df..deb4aa9444 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -118,6 +118,7 @@ int MAIN(int argc, char **argv)
 	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
 	int need_rand=0;
+	int non_fips_allow = 0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif
@@ -195,6 +196,8 @@ int MAIN(int argc, char **argv)
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
+		else if (strcmp(*argv,"-non-fips-allow") == 0)
+			non_fips_allow = 1;
 		else if (sscanf(*argv,"%d",&num) == 1)
 			{
 			/* generate a key */
@@ -297,6 +300,8 @@ bad:
 			BIO_printf(bio_err,"Error allocating DSA object\n");
 			goto end;
 			}
+		if (non_fips_allow)
+			dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW;
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
 #ifdef GENCB_TEST
@@ -326,6 +331,7 @@ bad:
 				goto end;
 				}
 #endif
+			ERR_print_errors(bio_err);
 			BIO_printf(bio_err,"Error, DSA key generation failed\n");
 			goto end;
 			}
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 37e9310910..2331024248 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
 	ENGINE *e = NULL;
 #endif
 	int ret=1;
+	int non_fips_allow = 0;
 	int i,num=DEFBITS;
 	long l;
 	const EVP_CIPHER *enc=NULL;
@@ -185,6 +186,8 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
+		else if (strcmp(*argv,"-non-fips-allow") == 0)
+			non_fips_allow = 1;
 		else
 			break;
 		argv++;
@@ -273,6 +276,9 @@ bad:
 	if (!rsa)
 		goto err;
 
+	if (non_fips_allow)
+		rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW;
+
 	if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
 		goto err;