Don't set non fips allow flags when calling RSA_new() and DSA_new().

author Dr. Stephen Henson <steve@openssl.org>

Tue, 22 Sep 2009 11:28:05 +0000 (11:28 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 22 Sep 2009 11:28:05 +0000 (11:28 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 22 Sep 2009 11:28:05 +0000 (11:28 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 22 Sep 2009 11:28:05 +0000 (11:28 +0000)
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c

index 7ac9dc8c8920d0ae3894d098aa24b377a188292c..85556d12d68119ae9f2fc5a34c6f1b7620e9f479 100644 (file)
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -190,7 +190,7 @@ DSA *DSA_new_method(ENGINE *engine)
         ret->method_mont_p=NULL;
  
         ret->references=1;
-       ret->flags=ret->meth->flags;
+       ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
         if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                 {
diff --git a/crypto/rsa/rsa_eng.c b/crypto/rsa/rsa_eng.c

index 383a7045b2b2d49785983c1064cc1d6b516d7cbc..d10a416766cbb3e5fd3cdae31049e2b94782761d 100644 (file)
--- a/crypto/rsa/rsa_eng.c
+++ b/crypto/rsa/rsa_eng.c
@@ -207,7 +207,7 @@ RSA *RSA_new_method(ENGINE *engine)
         ret->blinding=NULL;
         ret->mt_blinding=NULL;
         ret->bignum_data=NULL;
-       ret->flags=ret->meth->flags;
+       ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
         if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                 {
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 22 Sep 2009 11:28:05 +0000 (11:28 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 22 Sep 2009 11:28:05 +0000 (11:28 +0000)
crypto/dsa/dsa_lib.c		patch \| blob \| history
crypto/rsa/rsa_eng.c		patch \| blob \| history