diff options
| author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2017-10-09 23:51:42 +0200 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2017-10-18 08:39:20 -0500 |
| commit | e0b625f9db00509af9004b7907d44b78f332754a (patch) | |
| tree | c09b3d7da3c62be375e248909cb94bc40a963ea3 | |
| parent | c16de9d8329d41a2433d0f273c080d9d06ad7a87 (diff) | |
| download | openssl-e0b625f9db00509af9004b7907d44b78f332754a.tar.gz | |
Remove unnecessary DRBG_RESEED state
The DRBG_RESEED state plays an analogue role to the |reseed_required_flag| in
Appendix B.3.4 of [NIST SP 800-90A Rev. 1]. The latter is a local variable,
the scope of which is limited to the RAND_DRBG_generate() function. Hence there
is no need for a DRBG_RESEED state outside of the generate function. This state
was removed and replaced by a local variable |reseed_required|.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4328)
| -rw-r--r-- | crypto/rand/drbg_lib.c | 14 | ||||
| -rw-r--r-- | crypto/rand/rand_lcl.h | 1 |
2 files changed, 7 insertions, 8 deletions
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c index eef5e11cc5..0042a931b0 100644 --- a/crypto/rand/drbg_lib.c +++ b/crypto/rand/drbg_lib.c @@ -356,6 +356,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, int prediction_resistance, const unsigned char *adin, size_t adinlen) { + int reseed_required = 0; + if (drbg->state != DRBG_READY) { /* try to recover from previous errors */ rand_drbg_restart(drbg, NULL, 0, 0); @@ -381,13 +383,13 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, if (drbg->fork_count != rand_fork_count) { drbg->fork_count = rand_fork_count; - drbg->state = DRBG_RESEED; + reseed_required = 1; } if (drbg->reseed_counter >= drbg->reseed_interval) - drbg->state = DRBG_RESEED; + reseed_required = 1; - if (drbg->state == DRBG_RESEED || prediction_resistance) { + if (reseed_required || prediction_resistance) { if (!RAND_DRBG_reseed(drbg, adin, adinlen)) { RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR); return 0; @@ -402,10 +404,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen, return 0; } - if (drbg->reseed_counter >= drbg->reseed_interval) - drbg->state = DRBG_RESEED; - else - drbg->reseed_counter++; + drbg->reseed_counter++; + return 1; } diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index 10a6f00a2d..5e319d8c99 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -41,7 +41,6 @@ typedef enum drbg_status_e { DRBG_UNINITIALISED, DRBG_READY, - DRBG_RESEED, DRBG_ERROR } DRBG_STATUS; |