remove OPENSSL_FIPSAPI

[openssl.git] / crypto / bn / bn_lib.c

diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index b1e224bb4dc19bbcfec662057179b8860ea67c05..0305a19e3dcad6ea006902e0bc7536139ebdee13 100644 (file)
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -61,15 +61,13 @@
 # define NDEBUG
 #endif
 
-#define OPENSSL_FIPSAPI
+
 
 #include <assert.h>
 #include <limits.h>
-#include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-__fips_constseg
 const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
 
 /* This stuff appears to be completely unused, so is deprecated */
@@ -144,7 +142,6 @@ const BIGNUM *BN_value_one(void)
 
 int BN_num_bits_word(BN_ULONG l)
        {
-       __fips_constseg
        static const unsigned char bits[256]={
                0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
                5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
@@ -324,6 +321,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
                BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
+#ifdef PURIFY
+       /* Valgrind complains in BN_consttime_swap because we process the whole
+        * array even if it's not initialised yet. This doesn't matter in that
+        * function - what's important is constant time operation (we're not
+        * actually going to use the data)
+       */
+       memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
 #if 1
        B=b->d;
        /* Check if the previous number needs to be copied */