1 |
Do not call pairwise tests in non-fips mode. |
2 |
Some possible generated keys might be too small to pass. |
3 |
diff -up openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c.no-pairwise openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c |
4 |
--- openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c.no-pairwise 2007-09-12 19:46:04.000000000 +0200 |
5 |
+++ openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c 2009-04-15 11:21:07.000000000 +0200 |
6 |
@@ -154,7 +154,7 @@ static int dsa_builtin_keygen(DSA *dsa) |
7 |
dsa->pub_key=pub_key; |
8 |
if (fips_dsa_pairwise_fail) |
9 |
BN_add_word(dsa->pub_key, 1); |
10 |
- if(!fips_check_dsa(dsa)) |
11 |
+ if(FIPS_mode() && !fips_check_dsa(dsa)) |
12 |
goto err; |
13 |
ok=1; |
14 |
|
15 |
diff -up openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c.no-pairwise openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c |
16 |
--- openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c.no-pairwise 2007-09-12 19:46:07.000000000 +0200 |
17 |
+++ openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c 2009-04-15 11:21:31.000000000 +0200 |
18 |
@@ -288,7 +288,7 @@ static int rsa_builtin_keygen(RSA *rsa, |
19 |
if (fips_rsa_pairwise_fail) |
20 |
BN_add_word(rsa->n, 1); |
21 |
|
22 |
- if(!fips_check_rsa(rsa)) |
23 |
+ if(FIPS_mode() && !fips_check_rsa(rsa)) |
24 |
goto err; |
25 |
|
26 |
ok=1; |