Redirect DH key and parameter generation.

author: Dr. Stephen Henson <steve@openssl.org> 2011-06-09 15:21:46 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-09 15:21:46 +0000
commit: ed9b0e5cba9ddc41e7b902d925c5b1b836ada366 (patch)
tree: 6e7a8ad4ac87efff5e0508379091331d8fbd0f9c /crypto/dsa
parent: 752c1a0ce952eb21b5c1e90a7529f52b819b8b2b (diff)
4 files changed, 20 insertions, 1 deletions
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 6a21b2cce2..295470e868 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -287,6 +287,7 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSAPARAMS_PRINT_FP			 101
 #define DSA_F_DSA_DO_SIGN				 112
 #define DSA_F_DSA_DO_VERIFY				 113
+#define DSA_F_DSA_GENERATE_KEY				 124
 #define DSA_F_DSA_GENERATE_PARAMETERS_EX		 123
 #define DSA_F_DSA_NEW_METHOD				 103
 #define DSA_F_DSA_PARAM_DECODE				 119
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index bada41fcce..6c49523289 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -76,6 +76,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),	"DSAparams_print_fp"},
 {ERR_FUNC(DSA_F_DSA_DO_SIGN),	"DSA_do_sign"},
 {ERR_FUNC(DSA_F_DSA_DO_VERIFY),	"DSA_do_verify"},
+{ERR_FUNC(DSA_F_DSA_GENERATE_KEY),	"DSA_generate_key"},
 {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX),	"DSA_generate_parameters_ex"},
 {ERR_FUNC(DSA_F_DSA_NEW_METHOD),	"DSA_new_method"},
 {ERR_FUNC(DSA_F_DSA_PARAM_DECODE),	"DSA_PARAM_DECODE"},
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index cc73a23724..c398761d0d 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -89,13 +89,14 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
 		const unsigned char *seed_in, int seed_len,
 		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
 	{
+#ifdef OPENSSL_FIPS
 	if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
 			&& !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
 		{
 		DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
 		return 0;
 		}
-
+#endif
 	if(ret->meth->dsa_paramgen)
 		return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
 				counter_ret, h_ret, cb);
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index c4aa86bc6d..9cf669b921 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -64,12 +64,28 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
 	{
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
+			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+		{
+		DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
+		return 0;
+		}
+#endif
 	if(dsa->meth->dsa_keygen)
 		return dsa->meth->dsa_keygen(dsa);
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return FIPS_dsa_generate_key(dsa);
+#endif
 	return dsa_builtin_keygen(dsa);
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-09 15:21:46 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-09 15:21:46 +0000
commit	ed9b0e5cba9ddc41e7b902d925c5b1b836ada366 (patch)
tree	6e7a8ad4ac87efff5e0508379091331d8fbd0f9c /crypto/dsa
parent	752c1a0ce952eb21b5c1e90a7529f52b819b8b2b (diff)