diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2018-03-08 22:30:28 +0100 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2018-03-19 15:04:40 +0100 |
commit | 16cfc2c90d9e7776965db07c1f31bbec2f6c41e3 (patch) | |
tree | dab155d1453fce5e7e2a5d6c2d4d02557227cb41 /crypto/evp/e_aes.c | |
parent | 7caf122e717e79afcb986fe217e77a630b67bf4c (diff) | |
download | openssl-16cfc2c90d9e7776965db07c1f31bbec2f6c41e3.zip openssl-16cfc2c90d9e7776965db07c1f31bbec2f6c41e3.tar.gz openssl-16cfc2c90d9e7776965db07c1f31bbec2f6c41e3.tar.bz2 |
Don't use a ssl specific DRBG anymore
Since the public and private DRBG are per thread we don't need one
per ssl object anymore. It could also try to get entropy from a DRBG
that's really from an other thread because the SSL object moved to an
other thread.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5547)
Diffstat (limited to 'crypto/evp/e_aes.c')
-rw-r--r-- | crypto/evp/e_aes.c | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 2421385..1d5007a 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -17,7 +17,6 @@ #include "internal/evp_int.h" #include "modes_lcl.h" #include <openssl/rand.h> -#include <openssl/rand_drbg.h> #include "evp_locl.h" typedef struct { @@ -1405,14 +1404,8 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) memcpy(gctx->iv, ptr, arg); enc = EVP_CIPHER_CTX_encrypting(c); - if (enc) { - if (c->drbg != NULL) { - if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen - arg) == 0) - return 0; - } else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) { - return 0; - } - } + if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) + return 0; gctx->iv_gen = 1; return 1; @@ -2639,14 +2632,9 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) return 0; if (arg) memcpy(gctx->iv, ptr, arg); - if (EVP_CIPHER_CTX_encrypting(c)) { - if (c->drbg != NULL) { - if (RAND_DRBG_bytes(c->drbg, gctx->iv + arg, gctx->ivlen - arg) == 0) - return 0; - } else if (RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) { - return 0; - } - } + if (EVP_CIPHER_CTX_encrypting(c) + && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) + return 0; gctx->iv_gen = 1; return 1; |