From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 3 Feb 2011 12:47:56 +0000 (+0000)
Subject: Use single X931 key generation source file for FIPS and non-FIPS builds.
X-Git-Tag: OpenSSL-fips-2_0-rc1~801
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c2a459315a48762c23b81dafaf79e8f7fd9d5020;p=thirdparty%2Fopenssl.git

Use single X931 key generation source file for FIPS and non-FIPS builds.
---

diff --git a/Makefile.org b/Makefile.org
index 0f772b93f9..b608f710e9 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -333,6 +333,7 @@ FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
 	../crypto/rsa/rsa_pss.o \
 	../crypto/rsa/rsa_ssl.o \
 	../crypto/rsa/rsa_x931.o \
+	../crypto/rsa/rsa_x931g.o \
 	../crypto/sha/sha1dgst.o \
 	../crypto/sha/sha256.o \
 	../crypto/sha/sha512.o \
diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile
index 2844264831..bf749c6e77 100644
--- a/crypto/rsa/Makefile
+++ b/crypto/rsa/Makefile
@@ -20,11 +20,11 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
 	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
 	rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
-	rsa_pmeth.c rsa_crpt.c
+	rsa_pmeth.c rsa_crpt.c rsa_x931g.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
 	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
 	rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
-	rsa_pmeth.o rsa_crpt.o
+	rsa_pmeth.o rsa_crpt.o rsa_x931g.o
 
 SRC= $(LIBSRC)
 
diff --git a/fips/rsa/fips_rsa_x931g.c b/crypto/rsa/rsa_x931g.c
similarity index 99%
rename from fips/rsa/fips_rsa_x931g.c
rename to crypto/rsa/rsa_x931g.c
index d9f9a81235..42c262aa41 100644
--- a/fips/rsa/fips_rsa_x931g.c
+++ b/crypto/rsa/rsa_x931g.c
@@ -62,12 +62,12 @@
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-#include <openssl/fips.h>
 
 #ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
 
 extern int fips_check_rsa(RSA *rsa);
-
+#endif
 
 /* X9.31 RSA key derivation and generation */
 
@@ -206,7 +206,8 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
 	int ok = 0;
 	BIGNUM *Xp = NULL, *Xq = NULL;
 	BN_CTX *ctx = NULL;
-	
+
+#ifdef OPENSSL_FIPS
 	if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
 	    {
 	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
@@ -224,6 +225,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
 	    FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
 	    return 0;
 	    }
+#endif
 
 	ctx = BN_CTX_new();
 	if (!ctx)
@@ -258,8 +260,10 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
 				NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
 		goto error;
 
+#ifdef OPENSSL_FIPS
 	if(!fips_check_rsa(rsa))
 	    goto error;
+#endif
 
 	ok = 1;
 
@@ -277,4 +281,3 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
 
 	}
 
-#endif
diff --git a/fips/rsa/Makefile b/fips/rsa/Makefile
index 4a38c500e8..09458baa11 100644
--- a/fips/rsa/Makefile
+++ b/fips/rsa/Makefile
@@ -22,10 +22,8 @@ TEST= fips_rsavtest.c fips_rsastest.c fips_rsagtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_rsa_selftest.c fips_rsa_x931g.c \
-	fips_rsa_sign.c fips_rsa_lib.c
-LIBOBJ= fips_rsa_selftest.o fips_rsa_x931g.o \
-	fips_rsa_sign.o fips_rsa_lib.o
+LIBSRC= fips_rsa_selftest.c fips_rsa_sign.c fips_rsa_lib.c
+LIBOBJ= fips_rsa_selftest.o fips_rsa_sign.o fips_rsa_lib.o
 
 SRC= $(LIBSRC)