diff options
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_lib.c')
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_lib.c | 49 |
1 files changed, 27 insertions, 22 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c index e9b75902db..7ac9dc8c89 100644 --- a/src/lib/libcrypto/dsa/dsa_lib.c +++ b/src/lib/libcrypto/dsa/dsa_lib.c | |||
| @@ -76,6 +76,14 @@ static const DSA_METHOD *default_DSA_method = NULL; | |||
| 76 | 76 | ||
| 77 | void DSA_set_default_method(const DSA_METHOD *meth) | 77 | void DSA_set_default_method(const DSA_METHOD *meth) |
| 78 | { | 78 | { |
| 79 | #ifdef OPENSSL_FIPS | ||
| 80 | if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) | ||
| 81 | { | ||
| 82 | DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD); | ||
| 83 | return; | ||
| 84 | } | ||
| 85 | #endif | ||
| 86 | |||
| 79 | default_DSA_method = meth; | 87 | default_DSA_method = meth; |
| 80 | } | 88 | } |
| 81 | 89 | ||
| @@ -96,6 +104,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) | |||
| 96 | /* NB: The caller is specifically setting a method, so it's not up to us | 104 | /* NB: The caller is specifically setting a method, so it's not up to us |
| 97 | * to deal with which ENGINE it comes from. */ | 105 | * to deal with which ENGINE it comes from. */ |
| 98 | const DSA_METHOD *mtmp; | 106 | const DSA_METHOD *mtmp; |
| 107 | #ifdef OPENSSL_FIPS | ||
| 108 | if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) | ||
| 109 | { | ||
| 110 | DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD); | ||
| 111 | return 0; | ||
| 112 | } | ||
| 113 | #endif | ||
| 99 | mtmp = dsa->meth; | 114 | mtmp = dsa->meth; |
| 100 | if (mtmp->finish) mtmp->finish(dsa); | 115 | if (mtmp->finish) mtmp->finish(dsa); |
| 101 | #ifndef OPENSSL_NO_ENGINE | 116 | #ifndef OPENSSL_NO_ENGINE |
| @@ -147,6 +162,18 @@ DSA *DSA_new_method(ENGINE *engine) | |||
| 147 | } | 162 | } |
| 148 | } | 163 | } |
| 149 | #endif | 164 | #endif |
| 165 | #ifdef OPENSSL_FIPS | ||
| 166 | if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) | ||
| 167 | { | ||
| 168 | DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD); | ||
| 169 | #ifndef OPENSSL_NO_ENGINE | ||
| 170 | if (ret->engine) | ||
| 171 | ENGINE_finish(ret->engine); | ||
| 172 | #endif | ||
| 173 | OPENSSL_free(ret); | ||
| 174 | return NULL; | ||
| 175 | } | ||
| 176 | #endif | ||
| 150 | 177 | ||
| 151 | ret->pad=0; | 178 | ret->pad=0; |
| 152 | ret->version=0; | 179 | ret->version=0; |
| @@ -233,28 +260,6 @@ int DSA_up_ref(DSA *r) | |||
| 233 | return ((i > 1) ? 1 : 0); | 260 | return ((i > 1) ? 1 : 0); |
| 234 | } | 261 | } |
| 235 | 262 | ||
| 236 | int DSA_size(const DSA *r) | ||
| 237 | { | ||
| 238 | int ret,i; | ||
| 239 | ASN1_INTEGER bs; | ||
| 240 | unsigned char buf[4]; /* 4 bytes looks really small. | ||
| 241 | However, i2d_ASN1_INTEGER() will not look | ||
| 242 | beyond the first byte, as long as the second | ||
| 243 | parameter is NULL. */ | ||
| 244 | |||
| 245 | i=BN_num_bits(r->q); | ||
| 246 | bs.length=(i+7)/8; | ||
| 247 | bs.data=buf; | ||
| 248 | bs.type=V_ASN1_INTEGER; | ||
| 249 | /* If the top bit is set the asn1 encoding is 1 larger. */ | ||
| 250 | buf[0]=0xff; | ||
| 251 | |||
| 252 | i=i2d_ASN1_INTEGER(&bs,NULL); | ||
| 253 | i+=i; /* r and s */ | ||
| 254 | ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); | ||
| 255 | return(ret); | ||
| 256 | } | ||
| 257 | |||
| 258 | int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | 263 | int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 259 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | 264 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 260 | { | 265 | { |