Harmonize Tru64 and Linux make rules.

[oweals/openssl.git] / crypto / rsa / rsa_lib.c

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 3225570671f339c4ddd3b50f494d0da39aadf6c2..c95ceafc824da915163848592cb84d810442f975 100644 (file)
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -67,6 +67,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -87,11 +91,14 @@ const RSA_METHOD *RSA_get_default_method(void)
        {
        if (default_RSA_meth == NULL)
                {
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return FIPS_rsa_pkcs1_ssleay();
+               else
+                       return RSA_PKCS1_SSLeay();
+#else
 #ifdef RSA_NULL
                default_RSA_meth=RSA_null_method();
-#else
-#if 0 /* was: #ifdef RSAref */
-               default_RSA_meth=RSA_PKCS1_RSAref();
 #else
                default_RSA_meth=RSA_PKCS1_SSLeay();
 #endif
@@ -181,7 +188,7 @@ RSA *RSA_new_method(ENGINE *engine)
        ret->blinding=NULL;
        ret->mt_blinding=NULL;
        ret->bignum_data=NULL;
-       ret->flags=ret->meth->flags;
+       ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
                {
 #ifndef OPENSSL_NO_ENGINE