Use single X931 key generation source file for FIPS and non-FIPS builds.

diff --git a/Makefile.org b/Makefile.org
index 0f772b93f9e5243185e5f61f94cffdd3c2bab466..b608f710e9df87e9a0517e7769230cc0d658925e 100644 (file)
--- a/Makefile.org
+++ b/Makefile.org
@@ -333,6 +333,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
        ../crypto/rsa/rsa_pss.o \
        ../crypto/rsa/rsa_ssl.o \
        ../crypto/rsa/rsa_x931.o \
+       ../crypto/rsa/rsa_x931g.o \
        ../crypto/sha/sha1dgst.o \
        ../crypto/sha/sha256.o \
        ../crypto/sha/sha512.o \

diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile
index 2844264831a21f2ac8b96a5dfd5df9e7c7c6d61c..bf749c6e773dfa9c1dafcce96f4f5de1082a9165 100644 (file)
--- a/crypto/rsa/Makefile
+++ b/crypto/rsa/Makefile
@@ -20,11 +20,11 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
        rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
-       rsa_pmeth.c rsa_crpt.c
+       rsa_pmeth.c rsa_crpt.c rsa_x931g.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
        rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
-       rsa_pmeth.o rsa_crpt.o
+       rsa_pmeth.o rsa_crpt.o rsa_x931g.o
 
 SRC= $(LIBSRC)
 

diff --git a/fips/rsa/fips_rsa_x931g.c b/crypto/rsa/rsa_x931g.c
similarity index 99%
rename from fips/rsa/fips_rsa_x931g.c
rename to crypto/rsa/rsa_x931g.c
index d9f9a81235e5582a163a3af9ce85d78a71b97978..42c262aa41e1e65745f85c6b23fa1231ab0f63ed 100644 (file)
--- a/fips/rsa/fips_rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -62,12 +62,12 @@
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/fips.h>
 
 #ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
 
 extern int fips_check_rsa(RSA *rsa);
-
+#endif
 
 /* X9.31 RSA key derivation and generation */
 
@@ -206,7 +206,8 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
        int ok = 0;
        BIGNUM *Xp = NULL, *Xq = NULL;
        BN_CTX *ctx = NULL;
-       
+
+#ifdef OPENSSL_FIPS
        if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
            {
            FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
@@ -224,6 +225,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
            FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
            return 0;
            }
+#endif
 
        ctx = BN_CTX_new();
        if (!ctx)
@@ -258,8 +260,10 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
                                NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
                goto error;
 
+#ifdef OPENSSL_FIPS
        if(!fips_check_rsa(rsa))
            goto error;
+#endif
 
        ok = 1;
 
@@ -277,4 +281,3 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
 
        }
 
-#endif

diff --git a/fips/rsa/Makefile b/fips/rsa/Makefile
index 4a38c500e8ed61d7c280ceb132e3cbbf5fe3d3b7..09458baa11402dd8d10de02ec47b2f038e5f99ef 100644 (file)
--- a/fips/rsa/Makefile
+++ b/fips/rsa/Makefile
@@ -22,10 +22,8 @@ TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_rsa_selftest.c fips_rsa_x931g.c \
-       fips_rsa_sign.c fips_rsa_lib.c
-LIBOBJ= fips_rsa_selftest.o fips_rsa_x931g.o \
-       fips_rsa_sign.o fips_rsa_lib.o
+LIBSRC= fips_rsa_selftest.c fips_rsa_sign.c fips_rsa_lib.c
+LIBOBJ= fips_rsa_selftest.o fips_rsa_sign.o fips_rsa_lib.o
 
 SRC= $(LIBSRC)