generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

remove FIPS module code from crypto/bn

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2014-10-19 01:28:41 +01:00
parent 1c98de6d81
commit ebdf37e4b1
1 changed files with 0 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/bn/bn_rand.c
View File

@ -248,15 +248,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
if (n == 1) if (n == 1)
BN_zero(r); BN_zero(r);
#ifdef OPENSSL_FIPS
/* FIPS 186-3 is picky about how random numbers for keys etc are
* generated. So we just use the second case which is equivalent to
* "Generation by Testing Candidates" mentioned in B.1.2 et al.
*/
else if (!FIPS_module_mode() && !BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
#else
else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
#endif
{ {
/* range = 100..._2, /* range = 100..._2,
* so 3*range (= 11..._2) is exactly one bit longer than range */ * so 3*range (= 11..._2) is exactly one bit longer than range */