drbg-aes: removed the continuous DRBG checks

These are no longer necessary for FIPS140-2 compliance.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 0 insertions, 12 deletions

diff --git a/lib/nettle/int/drbg-aes.c b/lib/nettle/int/drbg-aes.c
index 625ae80ab9..a5a05b64a8 100644
--- a/lib/nettle/int/drbg-aes.c
+++ b/lib/nettle/int/drbg-aes.c
@@ -160,12 +160,6 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst,
 		INCREMENT(sizeof(ctx->v), ctx->v);
 		aes256_encrypt(&ctx->key, AES_BLOCK_SIZE, dst, ctx->v);
 
-		/* if detected loop */
-		if (memcmp(dst, ctx->prev_block, AES_BLOCK_SIZE) == 0) {
-			_gnutls_switch_lib_state(LIB_STATE_ERROR);
-			return gnutls_assert_val(0);
-		}
-
 		memcpy(ctx->prev_block, dst, AES_BLOCK_SIZE);
 	}
 
@@ -174,12 +168,6 @@ int drbg_aes_generate(struct drbg_aes_ctx *ctx, unsigned length, uint8_t * dst,
 		INCREMENT(sizeof(ctx->v), ctx->v);
 		aes256_encrypt(&ctx->key, AES_BLOCK_SIZE, tmp, ctx->v);
 
-		/* if detected loop */
-		if (memcmp(tmp, ctx->prev_block, AES_BLOCK_SIZE) == 0) {
-			_gnutls_switch_lib_state(LIB_STATE_ERROR);
-			return gnutls_assert_val(0);
-		}
-
 		memcpy(ctx->prev_block, tmp, AES_BLOCK_SIZE);
 		memcpy(dst, tmp, left);
 	}