remove FIPS module code from crypto/dsa

const DSA_METHOD *DSA_get_default_method(void);

int	DSA_set_method(DSA *dsa, const DSA_METHOD *);

#ifdef OPENSSL_FIPS

DSA *	FIPS_dsa_new(void);

void	FIPS_dsa_free (DSA *r);

DSA_SIG * FIPS_dsa_sign_digest(DSA *dsa, const unsigned char *dig, int dlen);

DSA_SIG * FIPS_dsa_sign_ctx(DSA *dsa, EVP_MD_CTX *ctx);

int FIPS_dsa_verify_digest(DSA *dsa,

				const unsigned char *dig, int dlen, DSA_SIG *s);

int FIPS_dsa_verify_ctx(DSA *dsa, EVP_MD_CTX *ctx, DSA_SIG *s);

int FIPS_dsa_verify(DSA *dsa, const unsigned char *msg, size_t msglen,

			const EVP_MD *mhash, DSA_SIG *s);

DSA_SIG * FIPS_dsa_sign(DSA *dsa, const unsigned char *msg, size_t msglen,

			const EVP_MD *mhash);

#endif

DSA *	DSA_new(void);

DSA *	DSA_new_method(ENGINE *engine);

void	DSA_free (DSA *r);

#include <openssl/bn.h>

#include <openssl/rand.h>

#include <openssl/sha.h>

#ifdef OPENSSL_FIPS

#include <openssl/fips.h>

#include <openssl/fips_rand.h>

#endif

#include "dsa_locl.h"

	BN_CTX *ctx=NULL;

	unsigned int h=2;

#ifdef OPENSSL_FIPS

	if(FIPS_selftest_failed())

	    {

	    FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN, FIPS_R_FIPS_SELFTEST_FAILED);

	    goto err;

	    }

	if (FIPS_module_mode() && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW) 

			&& (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))

		{

		DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);

		goto err;

		}

#endif

	if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&

	    qsize != SHA256_DIGEST_LENGTH)

		/* invalid q size */

	return ok;

	}

#ifdef OPENSSL_FIPS

/* Security strength of parameter values for (L,N): see FIPS186-3 4.2

 * and SP800-131A

 */

static int fips_ffc_strength(size_t L, size_t N)

	{

	if (L >= 15360 && N >= 512)

		return 256;

	if (L >= 7680 && N >= 384)

		return 192;

	if (L >= 3072 && N >= 256)

		return 128;

	if (L >= 2048 && N >= 224)

		return 112;

	if (L >= 1024 && N >= 160)

		return  80;

	return 0;

	}

/* Valid DSA2 parameters from FIPS 186-3 */

static int dsa2_valid_parameters(size_t L, size_t N)

	{

	if (L == 1024 && N == 160)

		return 80;

	if (L == 2048 && N == 224)

		return 112;

	if (L == 2048 && N == 256)

		return 112;

	if (L == 3072 && N == 256)

		return 128;

	return 0;

	}

int fips_check_dsa_prng(DSA *dsa, size_t L, size_t N)

	{

	int strength;

	if (!FIPS_module_mode())

		return 1;

	if (dsa->flags & (DSA_FLAG_NON_FIPS_ALLOW|DSA_FLAG_FIPS_CHECKED))

		return 1;

	if (!L || !N)

		{

		L = BN_num_bits(dsa->p);

		N = BN_num_bits(dsa->q);

		}

	if (!dsa2_valid_parameters(L, N))

		{

		FIPSerr(FIPS_F_FIPS_CHECK_DSA_PRNG, FIPS_R_INVALID_PARAMETERS);

		return 0;

		}

	strength = fips_ffc_strength(L, N);

	if (!strength)

		{

	    	FIPSerr(FIPS_F_FIPS_CHECK_DSA_PRNG,FIPS_R_KEY_TOO_SHORT);

		return 0;

		}

	if (FIPS_rand_strength() >= strength)

		return 1;

	FIPSerr(FIPS_F_FIPS_CHECK_DSA_PRNG,FIPS_R_PRNG_STRENGTH_TOO_LOW);

	return 0;

	}

#endif /* OPENSSL_FIPS */

/* This is a parameter generation algorithm for the DSA2 algorithm as

 * described in FIPS 186-3.

 */

	EVP_MD_CTX_init(&mctx);

#ifdef OPENSSL_FIPS

	if(FIPS_selftest_failed())

	    {

	    FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN2,

		    FIPS_R_FIPS_SELFTEST_FAILED);

	    goto err;

	    }

	if (!fips_check_dsa_prng(ret, L, N))

		goto err;

#endif

	if (evpmd == NULL)

		{

		if (N == 160)

#include <openssl/dsa.h>

#include <openssl/rand.h>

#ifdef OPENSSL_FIPS

#include <openssl/fips.h>

#include <openssl/evp.h>

static int fips_check_dsa(DSA *dsa)

	{

	EVP_PKEY pk;

	unsigned char tbs[] = "DSA Pairwise Check Data";

    	pk.type = EVP_PKEY_DSA;

    	pk.pkey.dsa = dsa;

	if (!fips_pkey_signature_test(FIPS_TEST_PAIRWISE,

					&pk, tbs, 0, NULL, 0, NULL, 0, NULL))

		{

		FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);

		fips_set_selftest_fail();

		return 0;

		}

	return 1;

	}

#endif

static int dsa_builtin_keygen(DSA *dsa);

int DSA_generate_key(DSA *dsa)

	BN_CTX *ctx=NULL;

	BIGNUM *pub_key=NULL,*priv_key=NULL;

#ifdef OPENSSL_FIPS

	if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)

		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))

		{

		DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);

		goto err;

		}

	if (!fips_check_dsa_prng(dsa, 0, 0))

		goto err;

#endif

	if ((ctx=BN_CTX_new()) == NULL) goto err;

	if (dsa->priv_key == NULL)

	dsa->priv_key=priv_key;

	dsa->pub_key=pub_key;

#ifdef OPENSSL_FIPS

	if(!fips_check_dsa(dsa))

		{

		dsa->pub_key = NULL;

		dsa->priv_key = NULL;

	    	goto err;

		}

#endif

	ok=1;

err:

#include <openssl/dsa.h>

#include <openssl/rand.h>

#include <openssl/asn1.h>

#ifdef OPENSSL_FIPS

#include <openssl/fips.h>

#endif

static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);

static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);

	DSA_SIG *ret=NULL;

	int noredo = 0;

#ifdef OPENSSL_FIPS

	if(FIPS_selftest_failed())

	    {

	    FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);

	    return NULL;

	    }

	if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 

		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))

		{

		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);

		return NULL;

		}

	if (!fips_check_dsa_prng(dsa, 0, 0))

		goto err;

#endif

	BN_init(&m);

	BN_init(&xr);

		return -1;

		}

#ifdef OPENSSL_FIPS

	if(FIPS_selftest_failed())

	    {

	    FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);

	    return -1;

	    }

	if (FIPS_module_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW) 

		&& (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))

		{

		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);

		return -1;

		}

#endif

	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)

		{

		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);