| 1 |
wellsi |
1.1 |
Do not call pairwise tests in non-fips mode. |
| 2 |
|
|
Some possible generated keys might be too small to pass. |
| 3 |
|
|
diff -up openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c.no-pairwise openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c |
| 4 |
|
|
--- openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c.no-pairwise 2007-09-12 19:46:04.000000000 +0200 |
| 5 |
|
|
+++ openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c 2009-04-15 11:21:07.000000000 +0200 |
| 6 |
|
|
@@ -154,7 +154,7 @@ static int dsa_builtin_keygen(DSA *dsa) |
| 7 |
|
|
dsa->pub_key=pub_key; |
| 8 |
|
|
if (fips_dsa_pairwise_fail) |
| 9 |
|
|
BN_add_word(dsa->pub_key, 1); |
| 10 |
|
|
- if(!fips_check_dsa(dsa)) |
| 11 |
|
|
+ if(FIPS_mode() && !fips_check_dsa(dsa)) |
| 12 |
|
|
goto err; |
| 13 |
|
|
ok=1; |
| 14 |
|
|
|
| 15 |
|
|
diff -up openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c.no-pairwise openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c |
| 16 |
|
|
--- openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c.no-pairwise 2007-09-12 19:46:07.000000000 +0200 |
| 17 |
|
|
+++ openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c 2009-04-15 11:21:31.000000000 +0200 |
| 18 |
|
|
@@ -288,7 +288,7 @@ static int rsa_builtin_keygen(RSA *rsa, |
| 19 |
|
|
if (fips_rsa_pairwise_fail) |
| 20 |
|
|
BN_add_word(rsa->n, 1); |
| 21 |
|
|
|
| 22 |
|
|
- if(!fips_check_rsa(rsa)) |
| 23 |
|
|
+ if(FIPS_mode() && !fips_check_rsa(rsa)) |
| 24 |
|
|
goto err; |
| 25 |
|
|
|
| 26 |
|
|
ok=1; |
Parent Directory
| 
Revision Log
| 
Revision Graph
