diff options
Diffstat (limited to 'crypto/dh/dh_gen.c')
-rw-r--r-- | crypto/dh/dh_gen.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 999e1de..7b1fe9c 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -66,14 +66,29 @@ #include <openssl/bn.h> #include <openssl/dh.h> -#ifndef OPENSSL_FIPS +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) { +#ifdef OPENSSL_FIPS + if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) + && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) + { + DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); + return 0; + } +#endif if(ret->meth->generate_params) return ret->meth->generate_params(ret, prime_len, generator, cb); +#ifdef OPENSSL_FIPS + if (FIPS_mode()) + return FIPS_dh_generate_parameters_ex(ret, prime_len, + generator, cb); +#endif return dh_builtin_genparams(ret, prime_len, generator, cb); } @@ -175,5 +190,3 @@ err: } return ok; } - -#endif |