diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 21:15:05 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-23 21:15:05 +0000 |
commit | dc03504d090d7b4754bdd65f50d71d35ecb08390 (patch) | |
tree | 527d68e4b54d8047fcb76ca6b03057a08244732b /crypto/rsa/rsa_eay.c | |
parent | 383bc117bb90377b2cd8667be8b00150917bb5c9 (diff) | |
download | openssl-dc03504d090d7b4754bdd65f50d71d35ecb08390.tar.gz |
Make sure overrides work for RSA/DSA.
Diffstat (limited to 'crypto/rsa/rsa_eay.c')
-rw-r--r-- | crypto/rsa/rsa_eay.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index d47f64e75d..bb434d7328 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -170,7 +170,8 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } - if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; @@ -381,7 +382,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, goto err; } - if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; @@ -528,7 +530,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, goto err; } - if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; @@ -671,7 +674,8 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) + if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) + && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) { RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL); return -1; |