diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-08-22 08:19:46 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-08-22 08:19:46 +0200 |
commit | c7cc163905981a244efa2b0008192063df5ec106 (patch) | |
tree | 32930a3ad11b9305149b3d9eb4ddaddeadf88dbd | |
parent | 936b5a1ef0bc1bae7f8164cb96e8dc406ba808c9 (diff) | |
download | gnutls-c7cc163905981a244efa2b0008192063df5ec106.tar.gz |
prevent 1024-bit DSA parameter generation only when FIPS-mode is enabled.
-rw-r--r-- | lib/nettle/int/dsa-keygen-fips186.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c index 06338c92ed..2712ddbd79 100644 --- a/lib/nettle/int/dsa-keygen-fips186.c +++ b/lib/nettle/int/dsa-keygen-fips186.c @@ -40,6 +40,9 @@ unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits) { switch (q_bits) { case 160: + if (_gnutls_fips_mode_enabled() != 0) + return 0; + if (p_bits != 1024) return 0; break; |