Change RNG test to block oriented instead of request oriented, add option

[openssl.git] / fips / rand / fips_drbg_ctr.c

diff --git a/fips/rand/fips_drbg_ctr.c b/fips/rand/fips_drbg_ctr.c
index 738abdd835e15f530070283d210f37ccc12e7cf5..2a3c321618dcbc145d585f1a72f3bea22283c5e3 100644 (file)
--- a/fips/rand/fips_drbg_ctr.c
+++ b/fips/rand/fips_drbg_ctr.c
@@ -330,14 +330,24 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,
        for (;;)
                {
                inc_128(cctx);
+               if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid)
+                       {
+                       AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
+                       dctx->lb_valid = 1;
+                       continue;
+                       }
                if (outlen < 16)
                        {
                        /* Use K as temp space as it will be updated */
                        AES_encrypt(cctx->V, cctx->K, &cctx->ks);
+                       if (!drbg_cprng_test(dctx, cctx->K))
+                               return 0;
                        memcpy(out, cctx->K, outlen);
                        break;
                        }
                AES_encrypt(cctx->V, out, &cctx->ks);
+               if (!drbg_cprng_test(dctx, out))
+                       return 0;
                out += 16;
                outlen -= 16;
                if (outlen == 0)
@@ -352,7 +362,7 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,
 
 static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
        {
-       OPENSSL_cleanse(&dctx->d.ctr, sizeof(DRBG_CTR_CTX));
+       memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
        return 1;
        }
 
@@ -385,7 +395,6 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
        dctx->generate = drbg_ctr_generate;
        dctx->uninstantiate = drbg_ctr_uninstantiate;
 
-
        cctx->keylen = keylen;
        dctx->strength = keylen * 8;
        dctx->blocklength = 16;
@@ -405,9 +414,9 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
                AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
 
                dctx->min_entropy = cctx->keylen;
-               dctx->max_entropy = DRBG_MAX_ENTROPY;
+               dctx->max_entropy = DRBG_MAX_LENGTH;
                dctx->min_nonce = dctx->min_entropy / 2;
-               dctx->max_nonce = DRBG_MAX_NONCE;
+               dctx->max_nonce = DRBG_MAX_LENGTH;
                dctx->max_pers = DRBG_MAX_LENGTH;
                dctx->max_adin = DRBG_MAX_LENGTH;
                }
@@ -423,7 +432,7 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
                }
 
        dctx->max_request = 1<<19;
-       dctx->reseed_counter = DRBG_MAX_LENGTH;
+       dctx->reseed_interval = 1<<24;
 
        return 1;
        }