Check flag before calling FIPS_dsa_check().

diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 46601102b57c37b1bcca993a1fbde37cb43fb617..37c65efb20e6e30b9d8ecfe6e7c6c3ec10bf66eb 100644 (file)
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -72,8 +72,8 @@
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
 #ifdef OPENSSL_FIPS
-       if(FIPS_mode() && !FIPS_dsa_check(dsa)
-               && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW))
+       if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+               && !FIPS_dsa_check(dsa))
                return NULL;
 #endif
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
@@ -97,8 +97,8 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
 #ifdef OPENSSL_FIPS
-       if(FIPS_mode() && !FIPS_dsa_check(dsa)
-               && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW))
+       if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+               && !FIPS_dsa_check(dsa))
                return 0;
 #endif
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);

diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index 608431ca56553e25f6a1e35c20cf4e789f96005d..c9784bed48e74728ed168bbbd1de00d82287f67b 100644 (file)
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -74,8 +74,8 @@ int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
 #ifdef OPENSSL_FIPS
-       if(FIPS_mode() && !FIPS_dsa_check(dsa)
-               && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW))
+       if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+               && !FIPS_dsa_check(dsa))
                return -1;
 #endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);