summaryrefslogtreecommitdiff
path: root/main/openssl/crypto/rsa/rsa_gen.c
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2014-04-23 09:56:37 +0200
committerArne Schwabe <arne@rfc2549.org>2014-04-23 09:56:37 +0200
commite436c963f0976b885a7db04681344779e26dd3b5 (patch)
tree240663106f32e02e1c34080656f4ef21a2e1776e /main/openssl/crypto/rsa/rsa_gen.c
parent6a99715a9b072fa249e79c98cd9f03991f0f1219 (diff)
Update OpenSSL to 1.0.1g and statically link OpenVPN with it
Diffstat (limited to 'main/openssl/crypto/rsa/rsa_gen.c')
-rw-r--r--main/openssl/crypto/rsa/rsa_gen.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/main/openssl/crypto/rsa/rsa_gen.c b/main/openssl/crypto/rsa/rsa_gen.c
index 767f7ab6..42290cce 100644
--- a/main/openssl/crypto/rsa/rsa_gen.c
+++ b/main/openssl/crypto/rsa/rsa_gen.c
@@ -67,6 +67,9 @@
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
@@ -77,8 +80,20 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
* now just because key-generation is part of RSA_METHOD. */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+ {
+ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+ return 0;
+ }
+#endif
if(rsa->meth->rsa_keygen)
return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+#endif
return rsa_builtin_keygen(rsa, bits, e_value, cb);
}