Fix self-tests, ban some things in FIPS mode, fix copyrights.

3 files changed, 12 insertions, 1 deletions

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 05851f8429..1f734dae24 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -199,6 +199,7 @@ void ERR_load_DH_strings(void);
 
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR				 101
+#define DH_R_NOT_PERMITTED_IN_FIPS_MODE			 102
 #define DH_R_NO_PRIVATE_VALUE				 100
 
 #ifdef  __cplusplus
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index d837950aec..17cf42d952 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -78,6 +78,7 @@ static ERR_STRING_DATA DH_str_functs[]=
 static ERR_STRING_DATA DH_str_reasons[]=
 	{
 {DH_R_BAD_GENERATOR                      ,"bad generator"},
+{DH_R_NOT_PERMITTED_IN_FIPS_MODE         ,"not permitted in fips mode"},
 {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
 {0,NULL}
 	};
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 06f78b35ab..38675f2688 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#include <openssl/fips.h>
 
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
@@ -94,6 +95,14 @@ DH *DH_generate_parameters(int prime_len, int generator,
 	int g,ok= -1;
 	BN_CTX *ctx=NULL;
 
+#ifdef OPENSSL_FIPS
+	if(FIPS_mode)
+		{
+		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_NOT_PERMITTED_IN_FIPS_MODE);
+		return NULL;
+		}
+#endif
+
 	ret=DH_new();
 	if (ret == NULL) goto err;
 	ctx=BN_CTX_new();