diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-06-02 18:22:42 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-06-02 18:22:42 +0000 |
commit | fbe7055370eb7d4e60a462c6a63efec4844a3f54 (patch) | |
tree | 3ef8a7b42b1141e56f2d24d90b3906cf2eea1853 /crypto/rsa/rsa_lib.c | |
parent | a5b386205fad656c9a8acee4014fe2f25bc8f779 (diff) |
Redirection of low level APIs to FIPS module.
Digest sign, verify operations are not redirected at this stage.
Diffstat (limited to 'crypto/rsa/rsa_lib.c')
-rw-r--r-- | crypto/rsa/rsa_lib.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 3225570671..e844395482 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -67,6 +67,10 @@ #include <openssl/engine.h> #endif +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif + const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; static const RSA_METHOD *default_RSA_meth=NULL; @@ -93,7 +97,12 @@ const RSA_METHOD *RSA_get_default_method(void) #if 0 /* was: #ifdef RSAref */ default_RSA_meth=RSA_PKCS1_RSAref(); #else - default_RSA_meth=RSA_PKCS1_SSLeay(); +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + default_RSA_meth = FIPS_rsa_pkcs1_ssleay(); + else +#endif + default_RSA_meth=RSA_PKCS1_SSLeay(); #endif #endif } @@ -181,7 +190,7 @@ RSA *RSA_new_method(ENGINE *engine) ret->blinding=NULL; ret->mt_blinding=NULL; ret->bignum_data=NULL; - ret->flags=ret->meth->flags; + ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { #ifndef OPENSSL_NO_ENGINE |