Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX. (af4bfa15) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

fips/rand/fips_drbg_lib.c

+19 −2

Original line number	Diff line number	Diff line
		@@ -135,9 +135,19 @@ void FIPS_drbg_free(DRBG_CTX *dctx)
		{
		if (dctx->uninstantiate)
		dctx->uninstantiate(dctx);
		/* Don't free up default DRBG */
		if (dctx == FIPS_get_default_drbg())
		{
		memset(dctx, 0, sizeof(DRBG_CTX));
		dctx->type = 0;
		dctx->status = DRBG_STATUS_UNINITIALISED;
		}
		else
		{
		OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
		OPENSSL_free(dctx);
		}
		}

		static size_t fips_get_entropy(DRBG_CTX dctx, unsigned char *pout,
		int entropy, size_t min_len, size_t max_len)
		@@ -194,6 +204,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
		FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
		FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
		FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
		FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
		#endif

		int r = 0;
		@@ -204,6 +215,12 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
		goto end;
		}

		if (!dctx->instantiate)
		{
		r = FIPS_R_DRBG_NOT_INITIALISED;
		goto end;
		}

		if (dctx->status != DRBG_STATUS_UNINITIALISED)
		{
		if (dctx->status == DRBG_STATUS_ERROR)