]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
fips140-2: limit the FIPS code in fips mode
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 21 Oct 2014 18:00:54 +0000 (20:00 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 21 Oct 2014 18:00:54 +0000 (20:00 +0200)
lib/nettle/pk.c

index ad2b96557d820d5eee95192c3f38b8b0c8c732c0..0653fcc24841c236b039791e61e9ddb7bb4a8ac3 100644 (file)
@@ -1276,12 +1276,15 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
 
                        mpz_set_ui(pub.e, 65537);
 
+#ifdef ENABLE_FIPS140
                        if (_gnutls_fips_mode_enabled() != 0) {
                                ret =
                                    rsa_generate_fips186_4_keypair(&pub, &priv, NULL,
                                                 rnd_func, NULL, NULL,
                                                 level);
-                       } else {
+                       } else
+#endif
+                       {
                                ret =
                                    rsa_generate_keypair(&pub, &priv, NULL,
                                                 rnd_func, NULL, NULL,