diff options
author | Pauli <paul.dale@oracle.com> | 2020-05-08 10:25:19 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-06-24 20:05:42 +1000 |
commit | f000e82898af251442ca52e81fc1ee45996090dc (patch) | |
tree | b378db85b032065a595ce8d7b0422981f09e0d58 /providers/defltprov.c | |
parent | a998b85a4f0e706fa6a07b7feab557d9e570d372 (diff) | |
download | openssl-f000e82898af251442ca52e81fc1ee45996090dc.zip openssl-f000e82898af251442ca52e81fc1ee45996090dc.tar.gz openssl-f000e82898af251442ca52e81fc1ee45996090dc.tar.bz2 |
CTR, HASH and HMAC DRBGs in provider
Move the three different DRBGs to the provider.
As part of the move, the DRBG specific data was pulled out of a common
structure and into their own structures. Only these smaller structures are
securely allocated. This saves quite a bit of secure memory:
+-------------------------------+
| DRBG | Bytes | Secure |
+--------------+-------+--------+
| HASH | 376 | 512 |
| HMAC | 168 | 256 |
| CTR | 176 | 256 |
| Common (new) | 320 | 0 |
| Common (old) | 592 | 1024 |
+--------------+-------+--------+
Bytes is the structure size on the X86/64.
Secure is the number of bytes of secure memory used (power of two allocator).
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
Diffstat (limited to 'providers/defltprov.c')
-rw-r--r-- | providers/defltprov.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/providers/defltprov.c b/providers/defltprov.c index c68e347..7c1ffc7 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -338,13 +338,10 @@ static const OSSL_ALGORITHM deflt_keyexch[] = { }; static const OSSL_ALGORITHM deflt_rands[] = { - { "TEST-RAND", "provider=default", test_rng_functions }, + { "CTR-DRBG", "provider=default", drbg_ctr_functions }, { "HASH-DRBG", "provider=default", drbg_hash_functions }, -/* { "HMAC-DRBG", "provider=default", drbg_hmac_functions }, - { "CTR-DRBG", "provider=default", drbg_ctr_functions }, -*/ - { "CRNGT:continuous-rng-test", "provider=default", crngt_functions }, + { "TEST-RAND", "provider=default", test_rng_functions }, { NULL, NULL, NULL } }; |