From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 9 Jun 2011 13:18:07 +0000 (+0000)
Subject: Use method rsa keygen first if FIPS mode if it is a FIPS method.
X-Git-Tag: OpenSSL_1_0_1-beta1~256
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=cc30415d0c60ced5f8a84bb4cb97b2a051c87dfe;p=oweals%2Fopenssl.git

Use method rsa keygen first if FIPS mode if it is a FIPS method.
---

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index c37d54430c..42290cce66 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -81,19 +81,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 	{
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode())
+	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+			&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
 		{
-		if (rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-			return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
-		if (!(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-			{
-			RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
-			return 0;
-			}
+		RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+		return 0;
 		}
 #endif
 	if(rsa->meth->rsa_keygen)
 		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+#endif
 	return rsa_builtin_keygen(rsa, bits, e_value, cb);
 	}