|
@@ -170,7 +170,8 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
|
|
|
goto err;
|
|
|
}
|
|
|
|
|
|
- if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
|
|
|
+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
|
|
|
+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
|
|
|
{
|
|
|
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
|
|
|
return -1;
|
|
@@ -381,7 +382,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
|
|
goto err;
|
|
|
}
|
|
|
|
|
|
- if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
|
|
|
+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
|
|
|
+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
|
|
|
{
|
|
|
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
|
|
|
return -1;
|
|
@@ -528,7 +530,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
|
|
|
goto err;
|
|
|
}
|
|
|
|
|
|
- if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
|
|
|
+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
|
|
|
+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
|
|
|
{
|
|
|
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
|
|
|
return -1;
|
|
@@ -671,7 +674,8 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
|
|
|
goto err;
|
|
|
}
|
|
|
|
|
|
- if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
|
|
|
+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
|
|
|
+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
|
|
|
{
|
|
|
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
|
|
|
return -1;
|