From: Dr. Stephen Henson <steve@openssl.org>
Date: Tue, 22 Sep 2009 11:28:05 +0000 (+0000)
Subject: Don't set non fips allow flags when calling RSA_new() and DSA_new().
X-Git-Tag: OpenSSL_0_9_8m-beta1~102
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;ds=sidebyside;h=3cc52ee97a8573624d777c030ed826f6666d367e;p=oweals%2Fopenssl.git

Don't set non fips allow flags when calling RSA_new() and DSA_new().
---

diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index 7ac9dc8c89..85556d12d6 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -190,7 +190,7 @@ DSA *DSA_new_method(ENGINE *engine)
 	ret->method_mont_p=NULL;
 
 	ret->references=1;
-	ret->flags=ret->meth->flags;
+	ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
diff --git a/crypto/rsa/rsa_eng.c b/crypto/rsa/rsa_eng.c
index 383a7045b2..d10a416766 100644
--- a/crypto/rsa/rsa_eng.c
+++ b/crypto/rsa/rsa_eng.c
@@ -207,7 +207,7 @@ RSA *RSA_new_method(ENGINE *engine)
 	ret->blinding=NULL;
 	ret->mt_blinding=NULL;
 	ret->bignum_data=NULL;
-	ret->flags=ret->meth->flags;
+	ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
 	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{