Delete strength parameter from FIPS_drbg_generate. It isn't very useful
[openssl.git] / fips / rand / fips_drbg_lib.c
index ddbb99d..98bd10b 100644 (file)
@@ -353,7 +353,7 @@ static int fips_drbg_check(DRBG_CTX *dctx)
        }
 
 int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
-                       int strength, int prediction_resistance,
+                       int prediction_resistance,
                        const unsigned char *adin, size_t adinlen)
        {
        int r = 0;
@@ -377,12 +377,6 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
                return 0;
                }
 
-       if (strength > dctx->strength)
-               {
-               r = FIPS_R_INSUFFICIENT_SECURITY_STRENGTH;
-               goto end;
-               }
-
        if (dctx->flags & DRBG_CUSTOM_RESEED)
                dctx->generate(dctx, NULL, outlen, NULL, 0);
        else if (dctx->reseed_counter >= dctx->reseed_interval)