Use method rsa keygen first if FIPS mode if it is a FIPS method.

author: Dr. Stephen Henson <steve@openssl.org> 2011-06-09 13:18:07 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-09 13:18:07 +0000
commit: cc30415d0c60ced5f8a84bb4cb97b2a051c87dfe (patch)
tree: 256e8f1207d24d5b1efc657e71cc595abaeaf853 /crypto/rsa
parent: 03e16611a3768c9562e3072bcef1b606f9ce2bae (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index c37d54430c..42290cce66 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -81,19 +81,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 	{
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode())
+	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
 		{
-		if (rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
-		if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-			{
-			RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-			return 0;
-			}
+		RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+		return 0;
 		}
 #endif
 	if(rsa->meth->rsa_keygen)
 		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+#endif
 	return rsa_builtin_keygen(rsa, bits, e_value, cb);
 	}
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-09 13:18:07 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-09 13:18:07 +0000
commit	cc30415d0c60ced5f8a84bb4cb97b2a051c87dfe (patch)
tree	256e8f1207d24d5b1efc657e71cc595abaeaf853 /crypto/rsa
parent	03e16611a3768c9562e3072bcef1b606f9ce2bae (diff)