openssl-1.0.1 upgrade Bug: 6168278 Change-Id: I648f9172828120df5d19a14425e9ceec92647921

commit: 392aa7cc7d2b122614c5393c3e357da07fd07af3 [log] [tgz]
author: Brian Carlstrom <bdc@google.com> Thu Mar 15 16:03:43 2012 -0700
committer: Brian Carlstrom <bdc@google.com> Wed Mar 21 11:09:32 2012 -0700
tree: 69f0b217fb624fdc56abb9f659c9bdea1b1865aa
parent: 7f1d63479ce92a2a4a0874b007e49f8acb13a0d9 [diff] [blame]
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index c4aa86b..9cf669b 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c

@@ -64,12 +64,28 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
 	{
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
+			&& !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+		{
+		DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
+		return 0;
+		}
+#endif
 	if(dsa->meth->dsa_keygen)
 		return dsa->meth->dsa_keygen(dsa);
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return FIPS_dsa_generate_key(dsa);
+#endif
 	return dsa_builtin_keygen(dsa);
 	}
commit	392aa7cc7d2b122614c5393c3e357da07fd07af3	[log] [tgz]
author	Brian Carlstrom <bdc@google.com>	Thu Mar 15 16:03:43 2012 -0700
committer	Brian Carlstrom <bdc@google.com>	Wed Mar 21 11:09:32 2012 -0700
tree	69f0b217fb624fdc56abb9f659c9bdea1b1865aa
parent	7f1d63479ce92a2a4a0874b007e49f8acb13a0d9 [diff] [blame]