summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c20
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c16
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c11
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c16
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c8
5 files changed, 0 insertions, 71 deletions
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index c398761d0d..e6a5452016 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -81,33 +81,13 @@
81#include <openssl/sha.h> 81#include <openssl/sha.h>
82#include "dsa_locl.h" 82#include "dsa_locl.h"
83 83
84#ifdef OPENSSL_FIPS
85#include <openssl/fips.h>
86#endif
87
88int DSA_generate_parameters_ex(DSA *ret, int bits, 84int DSA_generate_parameters_ex(DSA *ret, int bits,
89 const unsigned char *seed_in, int seed_len, 85 const unsigned char *seed_in, int seed_len,
90 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 86 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
91 { 87 {
92#ifdef OPENSSL_FIPS
93 if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
94 && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
95 {
96 DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
97 return 0;
98 }
99#endif
100 if(ret->meth->dsa_paramgen) 88 if(ret->meth->dsa_paramgen)
101 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, 89 return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
102 counter_ret, h_ret, cb); 90 counter_ret, h_ret, cb);
103#ifdef OPENSSL_FIPS
104 else if (FIPS_mode())
105 {
106 return FIPS_dsa_generate_parameters_ex(ret, bits,
107 seed_in, seed_len,
108 counter_ret, h_ret, cb);
109 }
110#endif
111 else 91 else
112 { 92 {
113 const EVP_MD *evpmd; 93 const EVP_MD *evpmd;
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index 9cf669b921..c4aa86bc6d 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -64,28 +64,12 @@
64#include <openssl/dsa.h> 64#include <openssl/dsa.h>
65#include <openssl/rand.h> 65#include <openssl/rand.h>
66 66
67#ifdef OPENSSL_FIPS
68#include <openssl/fips.h>
69#endif
70
71static int dsa_builtin_keygen(DSA *dsa); 67static int dsa_builtin_keygen(DSA *dsa);
72 68
73int DSA_generate_key(DSA *dsa) 69int DSA_generate_key(DSA *dsa)
74 { 70 {
75#ifdef OPENSSL_FIPS
76 if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
77 && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
78 {
79 DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
80 return 0;
81 }
82#endif
83 if(dsa->meth->dsa_keygen) 71 if(dsa->meth->dsa_keygen)
84 return dsa->meth->dsa_keygen(dsa); 72 return dsa->meth->dsa_keygen(dsa);
85#ifdef OPENSSL_FIPS
86 if (FIPS_mode())
87 return FIPS_dsa_generate_key(dsa);
88#endif
89 return dsa_builtin_keygen(dsa); 73 return dsa_builtin_keygen(dsa);
90 } 74 }
91 75
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 96d8d0c4b4..897c085968 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -70,10 +70,6 @@
70#include <openssl/dh.h> 70#include <openssl/dh.h>
71#endif 71#endif
72 72
73#ifdef OPENSSL_FIPS
74#include <openssl/fips.h>
75#endif
76
77const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT; 73const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
78 74
79static const DSA_METHOD *default_DSA_method = NULL; 75static const DSA_METHOD *default_DSA_method = NULL;
@@ -87,14 +83,7 @@ const DSA_METHOD *DSA_get_default_method(void)
87 { 83 {
88 if(!default_DSA_method) 84 if(!default_DSA_method)
89 { 85 {
90#ifdef OPENSSL_FIPS
91 if (FIPS_mode())
92 return FIPS_dsa_openssl();
93 else
94 return DSA_OpenSSL();
95#else
96 default_DSA_method = DSA_OpenSSL(); 86 default_DSA_method = DSA_OpenSSL();
97#endif
98 } 87 }
99 return default_DSA_method; 88 return default_DSA_method;
100 } 89 }
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index c3cc3642ce..e02365a8b1 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -65,27 +65,11 @@
65 65
66DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) 66DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
67 { 67 {
68#ifdef OPENSSL_FIPS
69 if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
70 && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
71 {
72 DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
73 return NULL;
74 }
75#endif
76 return dsa->meth->dsa_do_sign(dgst, dlen, dsa); 68 return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
77 } 69 }
78 70
79int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) 71int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
80 { 72 {
81#ifdef OPENSSL_FIPS
82 if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
83 && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
84 {
85 DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
86 return 0;
87 }
88#endif
89 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); 73 return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
90 } 74 }
91 75
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index 674cb5fa5f..286ed28cfa 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -64,13 +64,5 @@
64int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, 64int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
65 DSA *dsa) 65 DSA *dsa)
66 { 66 {
67#ifdef OPENSSL_FIPS
68 if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
69 && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
70 {
71 DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_NON_FIPS_DSA_METHOD);
72 return -1;
73 }
74#endif
75 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); 67 return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
76 } 68 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-04 03:35:31 +0000