1 files changed, 17 insertions, 14 deletions

diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 89205026f0..4cfbbe57a8 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -64,29 +64,32 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-        {
-        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
-        }
 
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
-             unsigned int *siglen, DSA *dsa)
+DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         {
-        DSA_SIG *s;
-        s=DSA_do_sign(dgst,dlen,dsa);
-        if (s == NULL)
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
                 {
-                *siglen=0;
-                return(0);
+                DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return NULL;
                 }
-        *siglen=i2d_DSA_SIG(s,&sig);
-        DSA_SIG_free(s);
-        return(1);
+#endif
+        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
         }
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+                {
+                DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+                return 0;
+                }
+#endif
         return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
         }