prevent 1024-bit DSA parameter generation only when FIPS-mode is enabled.

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-08-22 08:19:46 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-08-22 08:21:57 +0200
commit: e712e79d56a9e245cea57203185f6fd62f90c374 (patch)
tree: d7b58deca3ad2f1c2d8c7ef6200f7f20df2fa115 /lib/nettle/int
parent: fea7d0aa4de9569331f3f5f4c00b58cdffac42f8 (diff)
download: gnutls-e712e79d56a9e245cea57203185f6fd62f90c374.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c
index 06338c92ed..2712ddbd79 100644
--- a/lib/nettle/int/dsa-keygen-fips186.c
+++ b/lib/nettle/int/dsa-keygen-fips186.c
@@ -40,6 +40,9 @@ unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits)
 {
 	switch (q_bits) {
 	case 160:
+		if (_gnutls_fips_mode_enabled() != 0)
+			return 0;
+
 		if (p_bits != 1024)
 			return 0;
 		break;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-08-22 08:19:46 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-08-22 08:21:57 +0200
commit	e712e79d56a9e245cea57203185f6fd62f90c374 (patch)
tree	d7b58deca3ad2f1c2d8c7ef6200f7f20df2fa115 /lib/nettle/int
parent	fea7d0aa4de9569331f3f5f4c00b58cdffac42f8 (diff)
download	gnutls-e712e79d56a9e245cea57203185f6fd62f90c374.tar.gz