Redirect DSA operations to FIPS module in FIPS mode.

author: Dr. Stephen Henson <steve@openssl.org> 2011-06-09 13:54:09 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-09 13:54:09 +0000
commit: 752c1a0ce952eb21b5c1e90a7529f52b819b8b2b (patch)
tree: feef3c771128d6ce2277722b391e4c4a8bbe1c07 /crypto/dsa/dsa_lib.c
parent: cc30415d0c60ced5f8a84bb4cb97b2a051c87dfe (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index e9b75902db..f7960901a0 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -70,6 +70,10 @@
 #include <openssl/dh.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
@@ -82,7 +86,14 @@ void DSA_set_default_method(const DSA_METHOD *meth)
 const DSA_METHOD *DSA_get_default_method(void)
 	{
 	if(!default_DSA_method)
-		default_DSA_method = DSA_OpenSSL();
+		{
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			default_DSA_method = FIPS_dsa_openssl();
+		else
+#endif
+			default_DSA_method = DSA_OpenSSL();
+		}
 	return default_DSA_method;
 	}
 
@@ -163,7 +174,7 @@ DSA *DSA_new_method(ENGINE *engine)
 	ret->method_mont_p=NULL;
 
 	ret->references=1;
-	ret->flags=ret->meth->flags;
+	ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-09 13:54:09 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-09 13:54:09 +0000
commit	752c1a0ce952eb21b5c1e90a7529f52b819b8b2b (patch)
tree	feef3c771128d6ce2277722b391e4c4a8bbe1c07 /crypto/dsa/dsa_lib.c
parent	cc30415d0c60ced5f8a84bb4cb97b2a051c87dfe (diff)