Exclude the option for passing parameters pre-computed in unverified way.

diff --git a/fips/dsa/fips_dsa_ossl.c b/fips/dsa/fips_dsa_ossl.c
index fff3b8c4b7cd84d5ba3739843f463ee2db84563b..07eb1da936a49212fc99fcfa969d4fc3b08fd28a 100644 (file)
--- a/fips/dsa/fips_dsa_ossl.c
+++ b/fips/dsa/fips_dsa_ossl.c
@@ -153,17 +153,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
 
-       if ((dsa->kinv == NULL) || (dsa->r == NULL))
-               {
-               if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
-               }
-       else
-               {
-               kinv=dsa->kinv;
-               dsa->kinv=NULL;
-               r=dsa->r;
-               dsa->r=NULL;
-               }
+       if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
 
        if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
 

diff --git a/fips/fipshashes.c b/fips/fipshashes.c
index 484ebbcdc8c140d5c5e5437d82b6a70e76eeca30..424def70eaad2cdd589b8ba5b30667d9536889f0 100644 (file)
--- a/fips/fipshashes.c
+++ b/fips/fipshashes.c
@@ -15,7 +15,7 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
 "HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
 "HMAC-SHA1(dh/fips_dh_key.c)= 0b810d411090abd6b676a7ca730c35362fbd04a4",
-"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 0ff7c3aa1cb111f14ff253870fc2eddfd2224d06",
+"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 8bb943c0fd1adf04f6a845f4d1727c5472697e93",
 "HMAC-SHA1(dsa/fips_dsa_gen.c)= c252db14699f3ff641db052311da7d7521569c53",
 "HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
 "HMAC-SHA1(rand/fips_rand.c)= 29139e29f56f3ecd99f527af8742d5afb12f409a",