CTR, HASH and HMAC DRBGs in provider

Move the three different DRBGs to the provider.

As part of the move, the DRBG specific data was pulled out of a common
structure and into their own structures.  Only these smaller structures are
securely allocated.  This saves quite a bit of secure memory:

    +-------------------------------+
    | DRBG         | Bytes | Secure |
    +--------------+-------+--------+
    | HASH         |  376  |   512  |
    | HMAC         |  168  |   256  |
    | CTR          |  176  |   256  |
    | Common (new) |  320  |     0  |
    | Common (old) |  592  |  1024  |
    +--------------+-------+--------+

Bytes is the structure size on the X86/64.
Secure is the number of bytes of secure memory used (power of two allocator).

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)

1 files changed, 2 insertions, 9 deletions

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 5927c9fedc..6a1b56eeae 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -470,17 +470,10 @@ static const OSSL_ALGORITHM fips_kdfs[] = {
 };
 
 static const OSSL_ALGORITHM fips_rands[] = {
-    /*
-     * The TEST RNG must be first, so it can be suppressed after the power up
-     * tests are completed.
-     */
-    { "TEST-RAND", "provider=fips", test_rng_functions },
+    { "CTR-DRBG", "provider=fips", drbg_ctr_functions },
     { "HASH-DRBG", "provider=fips", drbg_hash_functions },
-/*
     { "HMAC-DRBG", "provider=fips", drbg_hmac_functions },
-    { "CTR-DRBG", "provider=fips", drbg_ctr_functions },
-*/
-    { "CRNGT:continuous-rng-test", "provider=fips", crngt_functions },
+    { "TEST-RAND", "provider=fips", test_rng_functions },
     { NULL, NULL, NULL }
 };