From dc03504d090d7b4754bdd65f50d71d35ecb08390 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 23 Apr 2011 21:15:05 +0000 Subject: Make sure overrides work for RSA/DSA. --- apps/dsaparam.c | 6 ++++++ apps/genrsa.c | 6 ++++++ 2 files changed, 12 insertions(+) (limited to 'apps') diff --git a/apps/dsaparam.c b/apps/dsaparam.c index fe72c1d3df..deb4aa9444 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -118,6 +118,7 @@ int MAIN(int argc, char **argv) char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; + int non_fips_allow = 0; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif @@ -195,6 +196,8 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv,"-noout") == 0) noout=1; + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else if (sscanf(*argv,"%d",&num) == 1) { /* generate a key */ @@ -297,6 +300,8 @@ bad: BIO_printf(bio_err,"Error allocating DSA object\n"); goto end; } + if (non_fips_allow) + dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW; BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); #ifdef GENCB_TEST @@ -326,6 +331,7 @@ bad: goto end; } #endif + ERR_print_errors(bio_err); BIO_printf(bio_err,"Error, DSA key generation failed\n"); goto end; } diff --git a/apps/genrsa.c b/apps/genrsa.c index 37e9310910..2331024248 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -93,6 +93,7 @@ int MAIN(int argc, char **argv) ENGINE *e = NULL; #endif int ret=1; + int non_fips_allow = 0; int i,num=DEFBITS; long l; const EVP_CIPHER *enc=NULL; @@ -185,6 +186,8 @@ int MAIN(int argc, char **argv) if (--argc < 1) goto bad; passargout= *(++argv); } + else if (strcmp(*argv,"-non-fips-allow") == 0) + non_fips_allow = 1; else break; argv++; @@ -273,6 +276,9 @@ bad: if (!rsa) goto err; + if (non_fips_allow) + rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW; + if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; -- cgit v1.2.3