Uninstantiate and free functions for DRBG. (e45c6c4e) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

fips/rand/fips_drbg_ctr.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -350,6 +350,12 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,

		}

		static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
		{
		OPENSSL_cleanse(&dctx->d.ctr, sizeof(DRBG_CTR_CTX));
		return 1;
		}

		int fips_drbg_ctr_init(DRBG_CTX *dctx)
		{
		DRBG_CTR_CTX *cctx = &dctx->d.ctr;
		@@ -377,6 +383,7 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
		dctx->instantiate = drbg_ctr_instantiate;
		dctx->reseed = drbg_ctr_reseed;
		dctx->generate = drbg_ctr_generate;
		dctx->uninstantiate = drbg_ctr_uninstantiate;


		cctx->keylen = keylen;

+8 −0

Original line number	Diff line number	Diff line
		@@ -306,6 +306,13 @@ static int drbg_hash_generate(DRBG_CTX *dctx,
		return 1;
		}

		static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
		{
		EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
		OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
		return 1;
		}

		int fips_drbg_hash_init(DRBG_CTX *dctx)
		{
		const EVP_MD *md;
		@@ -346,6 +353,7 @@ int fips_drbg_hash_init(DRBG_CTX *dctx)
		dctx->instantiate = drbg_hash_instantiate;
		dctx->reseed = drbg_hash_reseed;
		dctx->generate = drbg_hash_generate;
		dctx->uninstantiate = drbg_hash_uninstantiate;

		dctx->d.hash.md = md;
		EVP_MD_CTX_init(&hctx->mctx);

+34 −11

Original line number	Diff line number	Diff line
		@@ -62,30 +62,41 @@

		/* Support framework for SP800-90 DRBGs */

		DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
		static int fips_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
		{
		int rv;
		DRBG_CTX *dctx;
		dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
		memset(dctx, 0, sizeof(DRBG_CTX));
		dctx->status = DRBG_STATUS_UNINITIALISED;
		dctx->flags = flags;
		dctx->type = type;

		rv = fips_drbg_hash_init(dctx);

		if (rv == -2)
		rv = fips_drbg_ctr_init(dctx);
		if (rv <= 0)
		{
		/* Fatal: cannot initialiase DRBG */
		goto err;

		return rv;
		}

		DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
		{
		DRBG_CTX *dctx;
		dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
		if (!dctx)
		return NULL;
		if (fips_drbg_init(dctx, type, flags) <= 0)
		{
		OPENSSL_free(dctx);
		return NULL;
		}
		return dctx;
		}

		err:
		if (dctx)
		void FIPS_drbg_free(DRBG_CTX *dctx)
		{
		dctx->uninstantiate(dctx);
		OPENSSL_cleanse(dctx, sizeof(DRBG_CTX));
		OPENSSL_free(dctx);
		return NULL;
		}

		int FIPS_drbg_instantiate(DRBG_CTX *dctx,
		@@ -224,6 +235,18 @@ int FIPS_drbg_generate(DRBG_CTX dctx, unsigned char out, size_t outlen,
		return 1;
		}

		int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
		{
		int save_type, save_flags, rv;
		save_type = dctx->type;
		save_flags = dctx->flags;
		rv = dctx->uninstantiate(dctx);
		OPENSSL_cleanse(dctx, sizeof(DRBG_CTX));
		/* If method has problems uninstantiating, return error */
		if (rv <= 0)
		return rv;
		return fips_drbg_init(dctx, save_type, save_flags);
		}

		int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
		size_t (get_entropy)(DRBG_CTX ctx, unsigned char *out,

+2 −0

Original line number	Diff line number	Diff line
		@@ -294,6 +294,8 @@ int main(int argc,char **argv)
		if (gen == 2)
		{
		OutputValue("ReturnedBits", out, outlen, stdout, 0);
		FIPS_drbg_free(dctx);
		dctx = NULL;
		gen = 0;
		}

+3 −0

Original line number	Diff line number	Diff line
		@@ -83,6 +83,9 @@ int FIPS_drbg_generate(DRBG_CTX dctx, unsigned char out, size_t outlen,
		int prediction_resistance,
		const unsigned char *adin, size_t adinlen);

		int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
		void FIPS_drbg_free(DRBG_CTX *dctx);

		int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
		size_t (get_entropy)(DRBG_CTX ctx, unsigned char *out,
		int entropy, size_t min_len, size_t max_len),