char *infile,*outfile,*prog,*inrand=NULL;
int numbits= -1,num,genkey=0;
int need_rand=0;
+ int non_fips_allow = 0;
#ifndef OPENSSL_NO_ENGINE
char *engine=NULL;
#endif
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
+ else if (strcmp(*argv,"-non-fips-allow") == 0)
+ non_fips_allow = 1;
else if (sscanf(*argv,"%d",&num) == 1)
{
/* generate a key */
BIO_printf(bio_err,"Error allocating DSA object\n");
goto end;
}
+ if (non_fips_allow)
+ dsa->flags |= DSA_FLAG_NON_FIPS_ALLOW;
BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
BIO_printf(bio_err,"This could take some time\n");
#ifdef GENCB_TEST
goto end;
}
#endif
+ ERR_print_errors(bio_err);
BIO_printf(bio_err,"Error, DSA key generation failed\n");
goto end;
}
assert(need_rand);
if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
- if (!DSA_generate_key(dsakey)) goto end;
+ if (non_fips_allow)
+ dsakey->flags |= DSA_FLAG_NON_FIPS_ALLOW;
+ if (!DSA_generate_key(dsakey))
+ {
+ ERR_print_errors(bio_err);
+ DSA_free(dsakey);
+ goto end;
+ }
if (outformat == FORMAT_ASN1)
i=i2d_DSAPrivateKey_bio(out,dsakey);
else if (outformat == FORMAT_PEM)
i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
+ DSA_free(dsakey);
goto end;
}
DSA_free(dsakey);