remove FIPS module code from crypto/dsa

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-10-19 01:06:56 +01:00
parent 8d73db288f
commit fce8311cae
4 changed files with 0 additions and 198 deletions
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -66,30 +66,6 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>

-#ifdef OPENSSL_FIPS
-
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-
-static int fips_check_dsa(DSA *dsa)
-	{
-	EVP_PKEY pk;
-	unsigned char tbs[] = "DSA Pairwise Check Data";
-    	pk.type = EVP_PKEY_DSA;
-    	pk.pkey.dsa = dsa;
-
-	if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,
-					&pk, tbs, 0, NULL, 0, NULL, 0, NULL))
-		{
-		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
-		fips_set_selftest_fail();
-		return 0;
-		}
-	return 1;
-	}
-
-#endif
-
 static int dsa_builtin_keygen(DSA *dsa);

 int DSA_generate_key(DSA *dsa)
@@ -105,17 +81,6 @@ static int dsa_builtin_keygen(DSA *dsa)
 	BN_CTX *ctx=NULL;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;

-#ifdef OPENSSL_FIPS
-	if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)
-		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
-		{
-		DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
-		goto err;
-		}
-	if (!fips_check_dsa_prng(dsa, 0, 0))
-		goto err;
-#endif
-
 	if ((ctx=BN_CTX_new()) == NULL) goto err;

 	if (dsa->priv_key == NULL)
@@ -154,14 +119,6 @@ static int dsa_builtin_keygen(DSA *dsa)

 	dsa->priv_key=priv_key;
 	dsa->pub_key=pub_key;
-#ifdef OPENSSL_FIPS
-	if(!fips_check_dsa(dsa))
-		{
-		dsa->pub_key = NULL;
-		dsa->priv_key = NULL;
-	    	goto err;
-		}
-#endif
 	ok=1;

 err: