summaryrefslogtreecommitdiff
path: root/src/crypto/fipsmodule/rand/ctrdrbg.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/fipsmodule/rand/ctrdrbg.c')
-rw-r--r--src/crypto/fipsmodule/rand/ctrdrbg.c10
1 files changed, 2 insertions, 8 deletions
diff --git a/src/crypto/fipsmodule/rand/ctrdrbg.c b/src/crypto/fipsmodule/rand/ctrdrbg.c
index 418f56b6..b2fda1da 100644
--- a/src/crypto/fipsmodule/rand/ctrdrbg.c
+++ b/src/crypto/fipsmodule/rand/ctrdrbg.c
@@ -57,12 +57,7 @@ int CTR_DRBG_init(CTR_DRBG_STATE *drbg,
seed_material[i] ^= kInitMask[i];
}
- // |RAND_bytes| is rarely called with large enough inputs for bsaes to be
- // faster than vpaes. bsaes also currently has side channel trade offs
- // (https://crbug.com/boringssl/256), which we should especially avoid in the
- // PRNG. (Note the size hint is a no-op on machines with AES instructions.)
- drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, seed_material, 32,
- 0 /* small inputs */);
+ drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, seed_material, 32);
OPENSSL_memcpy(drbg->counter.bytes, seed_material + 32, 16);
drbg->reseed_counter = 1;
@@ -98,8 +93,7 @@ static int ctr_drbg_update(CTR_DRBG_STATE *drbg, const uint8_t *data,
temp[i] ^= data[i];
}
- drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, temp, 32,
- 0 /* small inputs */);
+ drbg->ctr = aes_ctr_set_key(&drbg->ks, NULL, &drbg->block, temp, 32);
OPENSSL_memcpy(drbg->counter.bytes, temp + 32, 16);
return 1;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 14:23:54 +0000