Loading fips/rand/fips_drbg_ctr.c +7 −0 Original line number Original line Diff line number Diff line Loading @@ -350,6 +350,12 @@ static int drbg_ctr_generate(DRBG_CTX *dctx, } } static int drbg_ctr_uninstantiate(DRBG_CTX *dctx) { OPENSSL_cleanse(&dctx->d.ctr, sizeof(DRBG_CTR_CTX)); return 1; } int fips_drbg_ctr_init(DRBG_CTX *dctx) int fips_drbg_ctr_init(DRBG_CTX *dctx) { { DRBG_CTR_CTX *cctx = &dctx->d.ctr; DRBG_CTR_CTX *cctx = &dctx->d.ctr; Loading Loading @@ -377,6 +383,7 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx) dctx->instantiate = drbg_ctr_instantiate; dctx->instantiate = drbg_ctr_instantiate; dctx->reseed = drbg_ctr_reseed; dctx->reseed = drbg_ctr_reseed; dctx->generate = drbg_ctr_generate; dctx->generate = drbg_ctr_generate; dctx->uninstantiate = drbg_ctr_uninstantiate; cctx->keylen = keylen; cctx->keylen = keylen; Loading fips/rand/fips_drbg_hash.c +8 −0 Original line number Original line Diff line number Diff line Loading @@ -306,6 +306,13 @@ static int drbg_hash_generate(DRBG_CTX *dctx, return 1; return 1; } } static int drbg_hash_uninstantiate(DRBG_CTX *dctx) { EVP_MD_CTX_cleanup(&dctx->d.hash.mctx); OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX)); return 1; } int fips_drbg_hash_init(DRBG_CTX *dctx) int fips_drbg_hash_init(DRBG_CTX *dctx) { { const EVP_MD *md; const EVP_MD *md; Loading Loading @@ -346,6 +353,7 @@ int fips_drbg_hash_init(DRBG_CTX *dctx) dctx->instantiate = drbg_hash_instantiate; dctx->instantiate = drbg_hash_instantiate; dctx->reseed = drbg_hash_reseed; dctx->reseed = drbg_hash_reseed; dctx->generate = drbg_hash_generate; dctx->generate = drbg_hash_generate; dctx->uninstantiate = drbg_hash_uninstantiate; dctx->d.hash.md = md; dctx->d.hash.md = md; EVP_MD_CTX_init(&hctx->mctx); EVP_MD_CTX_init(&hctx->mctx); Loading fips/rand/fips_drbg_lib.c +34 −11 Original line number Original line Diff line number Diff line Loading @@ -62,30 +62,41 @@ /* Support framework for SP800-90 DRBGs */ /* Support framework for SP800-90 DRBGs */ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags) static int fips_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags) { { int rv; int rv; DRBG_CTX *dctx; dctx = OPENSSL_malloc(sizeof(DRBG_CTX)); memset(dctx, 0, sizeof(DRBG_CTX)); memset(dctx, 0, sizeof(DRBG_CTX)); dctx->status = DRBG_STATUS_UNINITIALISED; dctx->status = DRBG_STATUS_UNINITIALISED; dctx->flags = flags; dctx->flags = flags; dctx->type = type; dctx->type = type; rv = fips_drbg_hash_init(dctx); rv = fips_drbg_hash_init(dctx); if (rv == -2) if (rv == -2) rv = fips_drbg_ctr_init(dctx); rv = fips_drbg_ctr_init(dctx); if (rv <= 0) { return rv; /* Fatal: cannot initialiase DRBG */ goto err; } } DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags) { DRBG_CTX *dctx; dctx = OPENSSL_malloc(sizeof(DRBG_CTX)); if (!dctx) return NULL; if (fips_drbg_init(dctx, type, flags) <= 0) { OPENSSL_free(dctx); return NULL; } return dctx; return dctx; } err: void FIPS_drbg_free(DRBG_CTX *dctx) if (dctx) { dctx->uninstantiate(dctx); OPENSSL_cleanse(dctx, sizeof(DRBG_CTX)); OPENSSL_free(dctx); OPENSSL_free(dctx); return NULL; } } int FIPS_drbg_instantiate(DRBG_CTX *dctx, int FIPS_drbg_instantiate(DRBG_CTX *dctx, Loading Loading @@ -224,6 +235,18 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, return 1; return 1; } } int FIPS_drbg_uninstantiate(DRBG_CTX *dctx) { int save_type, save_flags, rv; save_type = dctx->type; save_flags = dctx->flags; rv = dctx->uninstantiate(dctx); OPENSSL_cleanse(dctx, sizeof(DRBG_CTX)); /* If method has problems uninstantiating, return error */ if (rv <= 0) return rv; return fips_drbg_init(dctx, save_type, save_flags); } int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, Loading fips/rand/fips_drbgvs.c +2 −0 Original line number Original line Diff line number Diff line Loading @@ -294,6 +294,8 @@ int main(int argc,char **argv) if (gen == 2) if (gen == 2) { { OutputValue("ReturnedBits", out, outlen, stdout, 0); OutputValue("ReturnedBits", out, outlen, stdout, 0); FIPS_drbg_free(dctx); dctx = NULL; gen = 0; gen = 0; } } Loading fips/rand/fips_rand.h +3 −0 Original line number Original line Diff line number Diff line Loading @@ -83,6 +83,9 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, int prediction_resistance, int prediction_resistance, const unsigned char *adin, size_t adinlen); const unsigned char *adin, size_t adinlen); int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); void FIPS_drbg_free(DRBG_CTX *dctx); int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, int entropy, size_t min_len, size_t max_len), int entropy, size_t min_len, size_t max_len), Loading Loading
fips/rand/fips_drbg_ctr.c +7 −0 Original line number Original line Diff line number Diff line Loading @@ -350,6 +350,12 @@ static int drbg_ctr_generate(DRBG_CTX *dctx, } } static int drbg_ctr_uninstantiate(DRBG_CTX *dctx) { OPENSSL_cleanse(&dctx->d.ctr, sizeof(DRBG_CTR_CTX)); return 1; } int fips_drbg_ctr_init(DRBG_CTX *dctx) int fips_drbg_ctr_init(DRBG_CTX *dctx) { { DRBG_CTR_CTX *cctx = &dctx->d.ctr; DRBG_CTR_CTX *cctx = &dctx->d.ctr; Loading Loading @@ -377,6 +383,7 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx) dctx->instantiate = drbg_ctr_instantiate; dctx->instantiate = drbg_ctr_instantiate; dctx->reseed = drbg_ctr_reseed; dctx->reseed = drbg_ctr_reseed; dctx->generate = drbg_ctr_generate; dctx->generate = drbg_ctr_generate; dctx->uninstantiate = drbg_ctr_uninstantiate; cctx->keylen = keylen; cctx->keylen = keylen; Loading
fips/rand/fips_drbg_hash.c +8 −0 Original line number Original line Diff line number Diff line Loading @@ -306,6 +306,13 @@ static int drbg_hash_generate(DRBG_CTX *dctx, return 1; return 1; } } static int drbg_hash_uninstantiate(DRBG_CTX *dctx) { EVP_MD_CTX_cleanup(&dctx->d.hash.mctx); OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX)); return 1; } int fips_drbg_hash_init(DRBG_CTX *dctx) int fips_drbg_hash_init(DRBG_CTX *dctx) { { const EVP_MD *md; const EVP_MD *md; Loading Loading @@ -346,6 +353,7 @@ int fips_drbg_hash_init(DRBG_CTX *dctx) dctx->instantiate = drbg_hash_instantiate; dctx->instantiate = drbg_hash_instantiate; dctx->reseed = drbg_hash_reseed; dctx->reseed = drbg_hash_reseed; dctx->generate = drbg_hash_generate; dctx->generate = drbg_hash_generate; dctx->uninstantiate = drbg_hash_uninstantiate; dctx->d.hash.md = md; dctx->d.hash.md = md; EVP_MD_CTX_init(&hctx->mctx); EVP_MD_CTX_init(&hctx->mctx); Loading
fips/rand/fips_drbg_lib.c +34 −11 Original line number Original line Diff line number Diff line Loading @@ -62,30 +62,41 @@ /* Support framework for SP800-90 DRBGs */ /* Support framework for SP800-90 DRBGs */ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags) static int fips_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags) { { int rv; int rv; DRBG_CTX *dctx; dctx = OPENSSL_malloc(sizeof(DRBG_CTX)); memset(dctx, 0, sizeof(DRBG_CTX)); memset(dctx, 0, sizeof(DRBG_CTX)); dctx->status = DRBG_STATUS_UNINITIALISED; dctx->status = DRBG_STATUS_UNINITIALISED; dctx->flags = flags; dctx->flags = flags; dctx->type = type; dctx->type = type; rv = fips_drbg_hash_init(dctx); rv = fips_drbg_hash_init(dctx); if (rv == -2) if (rv == -2) rv = fips_drbg_ctr_init(dctx); rv = fips_drbg_ctr_init(dctx); if (rv <= 0) { return rv; /* Fatal: cannot initialiase DRBG */ goto err; } } DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags) { DRBG_CTX *dctx; dctx = OPENSSL_malloc(sizeof(DRBG_CTX)); if (!dctx) return NULL; if (fips_drbg_init(dctx, type, flags) <= 0) { OPENSSL_free(dctx); return NULL; } return dctx; return dctx; } err: void FIPS_drbg_free(DRBG_CTX *dctx) if (dctx) { dctx->uninstantiate(dctx); OPENSSL_cleanse(dctx, sizeof(DRBG_CTX)); OPENSSL_free(dctx); OPENSSL_free(dctx); return NULL; } } int FIPS_drbg_instantiate(DRBG_CTX *dctx, int FIPS_drbg_instantiate(DRBG_CTX *dctx, Loading Loading @@ -224,6 +235,18 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, return 1; return 1; } } int FIPS_drbg_uninstantiate(DRBG_CTX *dctx) { int save_type, save_flags, rv; save_type = dctx->type; save_flags = dctx->flags; rv = dctx->uninstantiate(dctx); OPENSSL_cleanse(dctx, sizeof(DRBG_CTX)); /* If method has problems uninstantiating, return error */ if (rv <= 0) return rv; return fips_drbg_init(dctx, save_type, save_flags); } int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, Loading
fips/rand/fips_drbgvs.c +2 −0 Original line number Original line Diff line number Diff line Loading @@ -294,6 +294,8 @@ int main(int argc,char **argv) if (gen == 2) if (gen == 2) { { OutputValue("ReturnedBits", out, outlen, stdout, 0); OutputValue("ReturnedBits", out, outlen, stdout, 0); FIPS_drbg_free(dctx); dctx = NULL; gen = 0; gen = 0; } } Loading
fips/rand/fips_rand.h +3 −0 Original line number Original line Diff line number Diff line Loading @@ -83,6 +83,9 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen, int prediction_resistance, int prediction_resistance, const unsigned char *adin, size_t adinlen); const unsigned char *adin, size_t adinlen); int FIPS_drbg_uninstantiate(DRBG_CTX *dctx); void FIPS_drbg_free(DRBG_CTX *dctx); int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, int FIPS_drbg_set_test_mode(DRBG_CTX *dctx, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out, int entropy, size_t min_len, size_t max_len), int entropy, size_t min_len, size_t max_len), Loading
