Redirection of low level APIs to FIPS module.

Digest sign, verify operations are not redirected at this stage.
author: Dr. Stephen Henson <steve@openssl.org> 2011-06-02 18:22:42 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-02 18:22:42 +0000
commit: fbe7055370eb7d4e60a462c6a63efec4844a3f54 (patch)
tree: 3ef8a7b42b1141e56f2d24d90b3906cf2eea1853 /crypto/rsa/rsa_lib.c
parent: a5b386205fad656c9a8acee4014fe2f25bc8f779 (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 3225570671..e844395482 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -67,6 +67,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -93,7 +97,12 @@ const RSA_METHOD *RSA_get_default_method(void)
 #if 0 /* was: #ifdef RSAref */
 		default_RSA_meth=RSA_PKCS1_RSAref();
 #else
-		default_RSA_meth=RSA_PKCS1_SSLeay();
+#ifdef OPENSSL_FIPS
+		if (FIPS_mode())
+			default_RSA_meth = FIPS_rsa_pkcs1_ssleay();
+		else
+#endif
+			default_RSA_meth=RSA_PKCS1_SSLeay();
 #endif
 #endif
 		}
@@ -181,7 +190,7 @@ RSA *RSA_new_method(ENGINE *engine)
 	ret->blinding=NULL;
 	ret->mt_blinding=NULL;
 	ret->bignum_data=NULL;
-	ret->flags=ret->meth->flags;
+	ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
 	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
 		{
 #ifndef OPENSSL_NO_ENGINE
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-02 18:22:42 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-02 18:22:42 +0000
commit	fbe7055370eb7d4e60a462c6a63efec4844a3f54 (patch)
tree	3ef8a7b42b1141e56f2d24d90b3906cf2eea1853 /crypto/rsa/rsa_lib.c
parent	a5b386205fad656c9a8acee4014fe2f25bc8f779 (diff)