Revise DRBG to split between internal and external flags.
[openssl.git] / fips / rand / fips_drbg_hash.c
index 2fdf0e8..4b3b723 100644 (file)
@@ -56,8 +56,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
 #include <openssl/fips.h>
 #include <openssl/fips_rand.h>
 #include "fips_rand_lcl.h"
@@ -195,7 +193,7 @@ static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
                {
                FIPS_digestinit(&hctx->mctx, hctx->md);
                FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
-               if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid)
+               if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
                        {
                        FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
                        dctx->lb_valid = 1;
@@ -335,12 +333,10 @@ int fips_drbg_hash_init(DRBG_CTX *dctx)
        switch (dctx->type)
                {
                case NID_sha1:
-               md = EVP_sha1();
                dctx->strength = 128;
                break;
 
                case NID_sha224:
-               md = EVP_sha224();
                dctx->strength = 192;
                break;
 
@@ -375,7 +371,7 @@ int fips_drbg_hash_init(DRBG_CTX *dctx)
        dctx->max_pers = DRBG_MAX_LENGTH;
        dctx->max_adin = DRBG_MAX_LENGTH;
 
-       dctx->max_request = 1<<19;
+       dctx->max_request = 1<<16;
        dctx->reseed_interval = 1<<24;
 
        return 1;