diff options
| author | Pauli <paul.dale@oracle.com> | 2020-07-02 10:45:23 +1000 |
|---|---|---|
| committer | Pauli <paul.dale@oracle.com> | 2020-07-05 13:18:08 +1000 |
| commit | 22f7f42433fe9deb409703d76a0c4383371e6983 (patch) | |
| tree | 8da69089be42798769e35cdb1df86c6e5eb706f4 /crypto | |
| parent | 7dc38bea94bcb71258eb2abaf48607a610cd576f (diff) | |
rand: avoid caching RNG parameters.
The strength and max_length DRBG parameters were being cached in the EVP_RAND
layer. This commit removes the caching.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12321)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/evp_local.h | 5 | ||||
| -rw-r--r-- | crypto/evp/evp_rand.c | 38 |
2 files changed, 14 insertions, 29 deletions
diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index aeb4cca266..4aae702d6f 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -69,11 +69,6 @@ struct evp_kdf_ctx_st { struct evp_rand_ctx_st { EVP_RAND *meth; /* Method structure */ void *data; /* Algorithm-specific data */ - size_t max_request; /* - * Cached: maximum number of bytes generated - * in a single call to the generate function - */ - unsigned int strength; /* Cached: bit strength of generator */ } /* EVP_RAND_CTX */ ; struct evp_rand_st { diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c index 495e774c51..9273fd9c19 100644 --- a/crypto/evp/evp_rand.c +++ b/crypto/evp/evp_rand.c @@ -359,10 +359,6 @@ int EVP_RAND_get_ctx_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]) static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]) { - /* Clear out the cache state because the values can change on a set */ - ctx->strength = 0; - ctx->max_request = 0; - if (ctx->meth->set_ctx_params != NULL) return ctx->meth->set_ctx_params(ctx->data, params); return 1; @@ -457,22 +453,18 @@ static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out, const unsigned char *addin, size_t addin_len) { - size_t chunk; - OSSL_PARAM params[2]; + size_t chunk, max_request = 0; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - if (ctx->max_request == 0) { - params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST, - &chunk); - params[1] = OSSL_PARAM_construct_end(); - if (!evp_rand_get_ctx_params_locked(ctx, params) - || chunk == 0) { - EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); - return 0; - } - ctx->max_request = chunk; + params[0] = OSSL_PARAM_construct_size_t(OSSL_DRBG_PARAM_MAX_REQUEST, + &max_request); + if (!evp_rand_get_ctx_params_locked(ctx, params) + || max_request == 0) { + EVPerr(0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); + return 0; } for (; outlen > 0; outlen -= chunk, out += chunk) { - chunk = outlen > ctx->max_request ? ctx->max_request : outlen; + chunk = outlen > max_request ? max_request : outlen; if (!ctx->meth->generate(ctx->data, out, chunk, strength, prediction_resistance, addin, addin_len)) { EVPerr(0, EVP_R_GENERATE_ERROR); @@ -528,14 +520,12 @@ int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx) { OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + unsigned int strength = 0; - if (ctx->strength == 0) { - params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, - &ctx->strength); - if (!evp_rand_get_ctx_params_locked(ctx, params)) - return 0; - } - return ctx->strength; + params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); + if (!evp_rand_get_ctx_params_locked(ctx, params)) + return 0; + return strength; } unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx) |