openssl/crypto/rand
Patrick Steuer 28bdbe1aaa AES CTR-DRGB: performance improvement
Optimize the the AES-based implementation of the CTR_DRBG
construction, see 10.2.1 in [1].
Due to the optimizations, the code may deviate (more) from the
pseudocode in [1], but it is functional equivalence being decisive
for compliance:

"All DRBG mechanisms and algorithms are described in this document
in pseudocode, which is intended to explain functionality.
The pseudocode is not intended to constrain real-world
implementations." [9 in [1]].

The following optimizations are done:

- Replace multiple plain AES encryptions by a single AES-ECB
  encryption of a corresponding pre-initialized buffer, where
  possible.
  This allows platform-specific AES-ECB support to
  be used and reduces the overhead of multiple EVP calls.

- Replace the generate operation loop (which is a counter
  increment followed by a plain AES encryption) by a
  loop which does a plain AES encryption followed by
  a counter increment. The latter loop is just a description
  of AES-CTR, so we replace it by a single AES-CTR
  encryption.
  This allows for platform-specific AES-CTR support to be used
  and reduces the overhead of multiple EVP calls.
  This change, that is, going from a pre- to a post- counter
  increment, requires the counter in the internal state
  to be kept at "+1" (compared to the pseudocode in [1])
  such that it is in the correct state, when a generate
  operation is called.
  That in turn also requires all other operations to be
  changed from pre- to post-increment to keep functional
  equivalence.

[1] NIST SP 800-90A Revision 1

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10457)
2020-03-11 12:14:10 +01:00
..
build.info
drbg_ctr.c AES CTR-DRGB: performance improvement 2020-03-11 12:14:10 +01:00
drbg_hash.c DRBG: add check for XOF so these can be disallowed by the DRBGs 2019-11-02 15:10:54 +10:00
drbg_hmac.c Deprecate the low level HMAC functions 2020-01-29 19:49:23 +10:00
drbg_lib.c DRBG: delay initialization of DRBG method until instantiation 2020-02-25 11:30:00 +01:00
rand_crng_test.c
rand_egd.c
rand_err.c DRBG: delay initialization of DRBG method until instantiation 2020-02-25 11:30:00 +01:00
rand_lib.c Fix misspelling errors and typos reported by codespell 2020-02-06 17:01:00 +01:00
rand_local.h AES CTR-DRGB: performance improvement 2020-03-11 12:14:10 +01:00
rand_unix.c Move random-related defines to "crypto/rand.h" 2020-01-07 16:28:15 +01:00
rand_vms.c Fix some typos 2019-12-11 19:04:01 +01:00
rand_vxworks.c
rand_win.c Fix some typos 2019-12-11 19:04:01 +01:00
randfile.c