1 files changed, 17 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index cfd5b11868..7b1fe9c9cb 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -66,12 +66,29 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
        {
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
+                        && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
+                {
+                DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
+                return 0;
+                }
+#endif
        if(ret->meth->generate_params)
                return ret->meth->generate_params(ret, prime_len, generator, cb);
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode())
+                return FIPS_dh_generate_parameters_ex(ret, prime_len,
+                                                        generator, cb);
+#endif
        return dh_builtin_genparams(ret, prime_len, generator, cb);
        }

diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index cfd5b11868..7b1fe9c9cb 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -66,12 +66,29 @@
66	#include <openssl/bn.h>	66	#include <openssl/bn.h>
67	#include <openssl/dh.h>	67	#include <openssl/dh.h>
68		68
		69	#ifdef OPENSSL_FIPS
		70	#include <openssl/fips.h>
		71	#endif
		72
69	static int dh_builtin_genparams(DH ret, int prime_len, int generator, BN_GENCB cb);	73	static int dh_builtin_genparams(DH ret, int prime_len, int generator, BN_GENCB cb);
70		74
71	int DH_generate_parameters_ex(DH ret, int prime_len, int generator, BN_GENCB cb)	75	int DH_generate_parameters_ex(DH ret, int prime_len, int generator, BN_GENCB cb)
72	{	76	{
		77	#ifdef OPENSSL_FIPS
		78	if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
		79	&& !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
		80	{
		81	DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
		82	return 0;
		83	}
		84	#endif
73	if(ret->meth->generate_params)	85	if(ret->meth->generate_params)
74	return ret->meth->generate_params(ret, prime_len, generator, cb);	86	return ret->meth->generate_params(ret, prime_len, generator, cb);
		87	#ifdef OPENSSL_FIPS
		88	if (FIPS_mode())
		89	return FIPS_dh_generate_parameters_ex(ret, prime_len,
		90	generator, cb);
		91	#endif
75	return dh_builtin_genparams(ret, prime_len, generator, cb);	92	return dh_builtin_genparams(ret, prime_len, generator, cb);
76	}	93	}
77		94