diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-09 13:54:09 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-09 13:54:09 +0000 |
commit | 752c1a0ce952eb21b5c1e90a7529f52b819b8b2b (patch) | |
tree | feef3c771128d6ce2277722b391e4c4a8bbe1c07 /crypto/dsa/dsa_lib.c | |
parent | cc30415d0c60ced5f8a84bb4cb97b2a051c87dfe (diff) |
Redirect DSA operations to FIPS module in FIPS mode.
Diffstat (limited to 'crypto/dsa/dsa_lib.c')
-rw-r--r-- | crypto/dsa/dsa_lib.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index e9b75902db..f7960901a0 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -70,6 +70,10 @@ #include <openssl/dh.h> #endif +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; static const DSA_METHOD *default_DSA_method = NULL; @@ -82,7 +86,14 @@ void DSA_set_default_method(const DSA_METHOD *meth) const DSA_METHOD *DSA_get_default_method(void) { if(!default_DSA_method) - default_DSA_method = DSA_OpenSSL(); + { +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + default_DSA_method = FIPS_dsa_openssl(); + else +#endif + default_DSA_method = DSA_OpenSSL(); + } return default_DSA_method; } @@ -163,7 +174,7 @@ DSA *DSA_new_method(ENGINE *engine) ret->method_mont_p=NULL; ret->references=1; - ret->flags=ret->meth->flags; + ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { |