diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 21:59:12 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 21:59:12 +0000 |
commit | 69a80f7d5e1363276a9588546df28782a18a8c36 (patch) | |
tree | 0ea39725967589e7a2a3bb9fdd2a648e17755214 /crypto/dsa/dsa_ossl.c | |
parent | dc03504d090d7b4754bdd65f50d71d35ecb08390 (diff) |
More fixes for DSA FIPS overrides.
Diffstat (limited to 'crypto/dsa/dsa_ossl.c')
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index acf7af95c4..38f667f4e7 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -353,7 +353,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, return -1; } - if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) + if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) + && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) { DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL); return -1; |