mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
f000e82898
Move the three different DRBGs to the provider.
As part of the move, the DRBG specific data was pulled out of a common
structure and into their own structures. Only these smaller structures are
securely allocated. This saves quite a bit of secure memory:
+-------------------------------+
| DRBG | Bytes | Secure |
+--------------+-------+--------+
| HASH | 376 | 512 |
| HMAC | 168 | 256 |
| CTR | 176 | 256 |
| Common (new) | 320 | 0 |
| Common (old) | 592 | 1024 |
+--------------+-------+--------+
Bytes is the structure size on the X86/64.
Secure is the number of bytes of secure memory used (power of two allocator).
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11682)
63 lines
1.9 KiB
C
63 lines
1.9 KiB
C
/*
|
|
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#ifndef OSSL_CRYPTO_RAND_LOCAL_H
|
|
# define OSSL_CRYPTO_RAND_LOCAL_H
|
|
|
|
# include <openssl/aes.h>
|
|
# include <openssl/evp.h>
|
|
# include <openssl/sha.h>
|
|
# include <openssl/hmac.h>
|
|
# include <openssl/ec.h>
|
|
# include <openssl/rand_drbg.h>
|
|
# include "internal/tsan_assist.h"
|
|
# include "crypto/rand.h"
|
|
|
|
# include "internal/numbers.h"
|
|
|
|
/* Maximum reseed intervals */
|
|
# define MAX_RESEED_INTERVAL (1 << 24)
|
|
# define MAX_RESEED_TIME_INTERVAL (1 << 20) /* approx. 12 days */
|
|
|
|
/* Default reseed intervals */
|
|
# define MASTER_RESEED_INTERVAL (1 << 8)
|
|
# define SLAVE_RESEED_INTERVAL (1 << 16)
|
|
# define MASTER_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */
|
|
# define SLAVE_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */
|
|
/*
|
|
* The state of all types of DRBGs.
|
|
*/
|
|
struct rand_drbg_st {
|
|
CRYPTO_RWLOCK *lock;
|
|
/* The library context this DRBG is associated with, if any */
|
|
OPENSSL_CTX *libctx;
|
|
RAND_DRBG *parent;
|
|
int type; /* the nid of the underlying algorithm */
|
|
unsigned short flags; /* various external flags */
|
|
|
|
/* Application data, mainly used in the KATs. */
|
|
CRYPTO_EX_DATA ex_data;
|
|
|
|
/* Implementation */
|
|
EVP_RAND_CTX *rand;
|
|
|
|
/* Callback functions. See comments in rand_lib.c */
|
|
RAND_DRBG_get_entropy_fn get_entropy;
|
|
RAND_DRBG_cleanup_entropy_fn cleanup_entropy;
|
|
RAND_DRBG_get_nonce_fn get_nonce;
|
|
RAND_DRBG_cleanup_nonce_fn cleanup_nonce;
|
|
|
|
void *callback_data;
|
|
};
|
|
|
|
/* The global RAND method, and the global buffer and DRBG instance. */
|
|
extern RAND_METHOD rand_meth;
|
|
|
|
#endif
|