diff options
Diffstat (limited to 'src/crypto/fipsmodule/rand/ctrdrbg.c')
-rw-r--r-- | src/crypto/fipsmodule/rand/ctrdrbg.c | 10 |
1 files changed, 2 insertions, 8 deletions
diff --git a/src/crypto/fipsmodule/rand/ctrdrbg.c b/src/crypto/fipsmodule/rand/ctrdrbg.c index 418f56b6..b2fda1da 100644 --- a/src/crypto/fipsmodule/rand/ctrdrbg.c +++ b/src/crypto/fipsmodule/rand/ctrdrbg.c @@ -57,12 +57,7 @@ int CTR_DRBG_init(CTR_DRBG_STATE *drbg, seed_material[i] ^= kInitMask[i]; } - // |RAND_bytes| is rarely called with large enough inputs for bsaes to be - // faster than vpaes. bsaes also currently has side channel trade offs - // (https://crbug.com/boringssl/256), which we should especially avoid in the - // PRNG. (Note the size hint is a no-op on machines with AES instructions.) - drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, seed_material, 32, - 0 /* small inputs */); + drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, seed_material, 32); OPENSSL_memcpy(drbg->counter.bytes, seed_material + 32, 16); drbg->reseed_counter = 1; @@ -98,8 +93,7 @@ static int ctr_drbg_update(CTR_DRBG_STATE *drbg, const uint8_t *data, temp[i] ^= data[i]; } - drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, temp, 32, - 0 /* small inputs */); + drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, temp, 32); OPENSSL_memcpy(drbg->counter.bytes, temp + 32, 16); return 1; |