提交 ebdf37e4 编写于 作者: D Dr. Stephen Henson

remove FIPS module code from crypto/bn

Reviewed-by: NTim Hudson <tjh@openssl.org>
上级 1c98de6d
...@@ -248,15 +248,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) ...@@ -248,15 +248,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
if (n == 1) if (n == 1)
BN_zero(r); BN_zero(r);
#ifdef OPENSSL_FIPS
/* FIPS 186-3 is picky about how random numbers for keys etc are
* generated. So we just use the second case which is equivalent to
* "Generation by Testing Candidates" mentioned in B.1.2 et al.
*/
else if (!FIPS_module_mode() && !BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
#else
else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
#endif
{ {
/* range = 100..._2, /* range = 100..._2,
* so 3*range (= 11..._2) is exactly one bit longer than range */ * so 3*range (= 11..._2) is exactly one bit longer than range */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册