projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c98de6)
remove FIPS module code from crypto/bn
authorDr. Stephen Henson <steve@openssl.org>
Sun, 19 Oct 2014 00:28:41 +0000 (01:28 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 8 Dec 2014 13:25:38 +0000 (13:25 +0000)
Reviewed-by: Tim Hudson <tjh@openssl.org>
crypto/bn/bn_rand.c patch | blob | history

diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index d550f497d9f55da6b42aa4e1cee9d89eb4eba75d..7c0ec5153d181de65b01d059f3b95ee96bbec6d0 100644 (file)
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -248,15 +248,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
 
        if (n == 1)
                BN_zero(r);
-#ifdef OPENSSL_FIPS
-       /* FIPS 186-3 is picky about how random numbers for keys etc are
-        * generated. So we just use the second case which is equivalent to
-        * "Generation by Testing Candidates" mentioned in B.1.2 et al.
-        */
-       else if (!FIPS_module_mode() && !BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
-#else
        else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
-#endif
                {
                /* range = 100..._2,
                 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
Unnamed repository; edit this file 'description' to name the repository.