projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
rsa: make the maximum key strength check FIPS only.
[openssl.git]
/
crypto
/
rsa
/
rsa_sp800_56b_gen.c
diff --git
a/crypto/rsa/rsa_sp800_56b_gen.c
b/crypto/rsa/rsa_sp800_56b_gen.c
index 82b87cc5af39ddd44098647e61be1511dbe50211..365996fd07255e8d212729564589d62500e17c70 100644
(file)
--- a/
crypto/rsa/rsa_sp800_56b_gen.c
+++ b/
crypto/rsa/rsa_sp800_56b_gen.c
@@
-195,11
+195,17
@@
static int rsa_validate_rng_strength(EVP_RAND_CTX *rng, int nbits)
{
if (rng == NULL)
return 0;
+#ifdef FIPS_MODULE
+ /*
+ * This should become mainstream once similar tests are added to the other
+ * key generations and once there is a way to disable these checks.
+ */
if (EVP_RAND_get_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) {
ERR_raise(ERR_LIB_RSA,
RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT);
return 0;
}
+#endif
return 1;
}
projects / openssl.git / blobdiff