More fixes for DSA FIPS overrides.

author: Dr. Stephen Henson <steve@openssl.org> 2011-04-23 21:59:12 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-23 21:59:12 +0000
commit: 69a80f7d5e1363276a9588546df28782a18a8c36 (patch)
tree: 0ea39725967589e7a2a3bb9fdd2a648e17755214 /crypto/dsa/dsa_ossl.c
parent: dc03504d090d7b4754bdd65f50d71d35ecb08390 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index acf7af95c4..38f667f4e7 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -353,7 +353,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
 	    return -1;
 	    }
 
-	if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
+	if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 
+		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
 		{
 		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
 		return -1;
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-23 21:59:12 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-23 21:59:12 +0000
commit	69a80f7d5e1363276a9588546df28782a18a8c36 (patch)
tree	0ea39725967589e7a2a3bb9fdd2a648e17755214 /crypto/dsa/dsa_ossl.c
parent	dc03504d090d7b4754bdd65f50d71d35ecb08390 (diff)