Delete strength parameter from FIPS_drbg_generate. It isn't very useful

[openssl.git] / fips / rand / fips_drbg_lib.c

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index ddbb99df6635d3ba52c01bfe95e03c488aef0e9e..98bd10bce374024434ac37d875a8f0374575c98a 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -353,7 +353,7 @@ static int fips_drbg_check(DRBG_CTX *dctx)
        }
 
 int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
        }
 
 int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,

-                       int strength, int prediction_resistance,
+                       int prediction_resistance,

                        const unsigned char *adin, size_t adinlen)
        {
        int r = 0;
                        const unsigned char *adin, size_t adinlen)
        {
        int r = 0;


@@ -377,12 +377,6 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
                return 0;
                }
 
                return 0;
                }
 

-       if (strength > dctx->strength)
-               {
-               r = FIPS_R_INSUFFICIENT_SECURITY_STRENGTH;
-               goto end;
-               }
-

        if (dctx->flags & DRBG_CUSTOM_RESEED)
                dctx->generate(dctx, NULL, outlen, NULL, 0);
        else if (dctx->reseed_counter >= dctx->reseed_interval)
        if (dctx->flags & DRBG_CUSTOM_RESEED)
                dctx->generate(dctx, NULL, outlen, NULL, 0);
        else if (dctx->reseed_counter >= dctx->reseed_interval)