#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
{
FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
dctx->lb_valid = 1;
- continue;
}
- if (outlen < dctx->blocklength)
+ else if (outlen < dctx->blocklength)
{
FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
- if (!drbg_cprng_test(dctx, hctx->vtmp))
+ if (!fips_drbg_cprng_test(dctx, hctx->vtmp))
return 0;
memcpy(out, hctx->vtmp, outlen);
return 1;
}
- FIPS_digestfinal(&hctx->mctx, out, NULL);
- if (!drbg_cprng_test(dctx, out))
- return 0;
- outlen -= dctx->blocklength;
- if (outlen == 0)
- return 1;
- out += dctx->blocklength;
+ else
+ {
+ FIPS_digestfinal(&hctx->mctx, out, NULL);
+ if (!fips_drbg_cprng_test(dctx, out))
+ return 0;
+ outlen -= dctx->blocklength;
+ if (outlen == 0)
+ return 1;
+ out += dctx->blocklength;
+ }
ctx_add_buf(dctx, hctx->vtmp, NULL, 0);
}
}
{
const EVP_MD *md;
DRBG_HASH_CTX *hctx = &dctx->d.hash;
+ md = FIPS_get_digestbynid(dctx->type);
+ if (!md)
+ return -2;
switch (dctx->type)
{
case NID_sha1:
- md = EVP_sha1();
dctx->strength = 128;
break;
case NID_sha224:
- md = EVP_sha224();
dctx->strength = 192;
break;
- case NID_sha256:
- md = EVP_sha256();
- dctx->strength = 256;
- break;
-
- case NID_sha384:
- md = EVP_sha384();
- dctx->strength = 256;
- break;
-
- case NID_sha512:
- md = EVP_sha512();
- dctx->strength = 256;
- break;
-
default:
- return -2;
+ dctx->strength = 256;
break;
-
}
dctx->instantiate = drbg_hash_instantiate;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
- dctx->max_request = 1<<19;
+ dctx->max_request = 1<<16;
dctx->reseed_interval = 1<<24;
return 1;