diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 19:55:55 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 19:55:55 +0000 |
commit | cac4fb58e02d8cf799d75212179f56c69e652ec7 (patch) | |
tree | d96dd01b03818cc88755fee7fe19d28d3ed9b43e /crypto/rsa/rsa_x931g.c | |
parent | 9e5fe439b4e8fb4198f241f2ba16a029a480d5f5 (diff) |
Add PRNG security strength checking.
Diffstat (limited to 'crypto/rsa/rsa_x931g.c')
-rw-r--r-- | crypto/rsa/rsa_x931g.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 1ccd0a1969..819a728954 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -210,7 +210,8 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) BN_CTX *ctx = NULL; #ifdef OPENSSL_FIPS - if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && + (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT); return 0; @@ -227,6 +228,8 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED); return 0; } + if (!fips_check_rsa_prng(rsa, bits)) + return 0; #endif ctx = BN_CTX_new(); |