remove FIPS module code from crypto/rsa

[openssl.git] / crypto / rsa / rsa_x931g.c

diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c
index e6e62c4ad33da6c870a307d0693c698de74d06ba..2f37cf4699c6ea143fd423256af516d850194cd6 100644 (file)
--- a/crypto/rsa/rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -65,12 +65,6 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-
-extern int fips_check_rsa(RSA *rsa);
-#endif
-
 /* X9.31 RSA key derivation and generation */
 
 int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
@@ -209,29 +203,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
        BIGNUM *Xp = NULL, *Xq = NULL;
        BN_CTX *ctx = NULL;
 
-#ifdef OPENSSL_FIPS
-       if (FIPS_module_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) && 
-               (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
-           {
-           FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
-           return 0;
-           }
-
-       if (bits & 0xff)
-           {
-           FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH);
-           return 0;
-           }
-
-       if(FIPS_selftest_failed())
-           {
-           FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
-           return 0;
-           }
-       if (!fips_check_rsa_prng(rsa, bits))
-           return 0;
-#endif
-
        ctx = BN_CTX_new();
        if (!ctx)
                goto error;
@@ -265,11 +236,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
                                NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
                goto error;
 
-#ifdef OPENSSL_FIPS
-       if(!fips_check_rsa(rsa))
-           goto error;
-#endif
-
        ok = 1;
 
        error: