Allocate DRBG additional data pool from non-secure memory

The additional data allocates 12K per DRBG instance in the secure memory, which is not necessary. Also nonces are not considered secret. [extended tests] Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9423)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-07-20 11:22:46 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2019-07-22 13:37:13 +0200
commit: 1372560f64c9a7cfad1979fa8c41bee335a04373 (patch)
tree: 0e36898357cc623e3d0904921d091ba2c4b38ff8 /crypto/include
parent: a8f1aabd4b44db668bca638c111598b2e0688cc4 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/include/internal/rand_int.h b/crypto/include/internal/rand_int.h
index d964a1d407..c5d0c20551 100644
--- a/crypto/include/internal/rand_int.h
+++ b/crypto/include/internal/rand_int.h
@@ -58,7 +58,8 @@ void rand_crngt_cleanup_entropy(RAND_DRBG *drbg,
 /*
  * RAND_POOL functions
  */
-RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len);
+RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+                         size_t min_len, size_t max_len);
 RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
                             size_t entropy);
 void rand_pool_free(RAND_POOL *pool);
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-07-20 11:22:46 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2019-07-22 13:37:13 +0200
commit	1372560f64c9a7cfad1979fa8c41bee335a04373 (patch)
tree	0e36898357cc623e3d0904921d091ba2c4b38ff8 /crypto/include
parent	a8f1aabd4b44db668bca638c111598b2e0688cc4 (diff)