Remove unnecessary DRBG_RESEED state
authorDr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Mon, 9 Oct 2017 21:51:42 +0000 (23:51 +0200)
committerBen Kaduk <kaduk@mit.edu>
Wed, 18 Oct 2017 13:39:20 +0000 (08:39 -0500)
The DRBG_RESEED state plays an analogue role to the |reseed_required_flag| in
Appendix B.3.4 of [NIST SP 800-90A Rev. 1]. The latter is a local variable,
the scope of which is limited to the RAND_DRBG_generate() function. Hence there
is no need for a DRBG_RESEED state outside of the generate function. This state
was removed and replaced by a local variable |reseed_required|.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4328)

crypto/rand/drbg_lib.c
crypto/rand/rand_lcl.h

index eef5e11..0042a93 100644 (file)
@@ -356,6 +356,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
                        int prediction_resistance,
                        const unsigned char *adin, size_t adinlen)
 {
                        int prediction_resistance,
                        const unsigned char *adin, size_t adinlen)
 {
+    int reseed_required = 0;
+
     if (drbg->state != DRBG_READY) {
         /* try to recover from previous errors */
         rand_drbg_restart(drbg, NULL, 0, 0);
     if (drbg->state != DRBG_READY) {
         /* try to recover from previous errors */
         rand_drbg_restart(drbg, NULL, 0, 0);
@@ -381,13 +383,13 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
 
     if (drbg->fork_count != rand_fork_count) {
         drbg->fork_count = rand_fork_count;
 
     if (drbg->fork_count != rand_fork_count) {
         drbg->fork_count = rand_fork_count;
-        drbg->state = DRBG_RESEED;
+        reseed_required = 1;
     }
 
     if (drbg->reseed_counter >= drbg->reseed_interval)
     }
 
     if (drbg->reseed_counter >= drbg->reseed_interval)
-        drbg->state = DRBG_RESEED;
+        reseed_required = 1;
 
 
-    if (drbg->state == DRBG_RESEED || prediction_resistance) {
+    if (reseed_required || prediction_resistance) {
         if (!RAND_DRBG_reseed(drbg, adin, adinlen)) {
             RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR);
             return 0;
         if (!RAND_DRBG_reseed(drbg, adin, adinlen)) {
             RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR);
             return 0;
@@ -402,10 +404,8 @@ int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
         return 0;
     }
 
         return 0;
     }
 
-    if (drbg->reseed_counter >= drbg->reseed_interval)
-        drbg->state = DRBG_RESEED;
-    else
-        drbg->reseed_counter++;
+    drbg->reseed_counter++;
+
     return 1;
 }
 
     return 1;
 }
 
index 10a6f00..5e319d8 100644 (file)
@@ -41,7 +41,6 @@
 typedef enum drbg_status_e {
     DRBG_UNINITIALISED,
     DRBG_READY,
 typedef enum drbg_status_e {
     DRBG_UNINITIALISED,
     DRBG_READY,
-    DRBG_RESEED,
     DRBG_ERROR
 } DRBG_STATUS;
 
     DRBG_ERROR
 } DRBG_STATUS;