projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Change RNG test to block oriented instead of request oriented, add option
[openssl.git]
/
fips
/
rand
/
fips_drbg_hash.c
diff --git
a/fips/rand/fips_drbg_hash.c
b/fips/rand/fips_drbg_hash.c
index b20d0726466af0f405fb89e4668a977882fdc5b0..8b49f33a63081f0dcc63965dd171451e19e96bc3 100644
(file)
--- a/
fips/rand/fips_drbg_hash.c
+++ b/
fips/rand/fips_drbg_hash.c
@@
-195,13
+195,23
@@
static int hash_gen(DRBG_CTX *dctx, unsigned char *out, size_t outlen)
{
FIPS_digestinit(&hctx->mctx, hctx->md);
FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
{
FIPS_digestinit(&hctx->mctx, hctx->md);
FIPS_digestupdate(&hctx->mctx, hctx->vtmp, dctx->seedlen);
+ if (!(dctx->flags & DRBG_FLAG_TEST) && !dctx->lb_valid)
+ {
+ FIPS_digestfinal(&hctx->mctx, dctx->lb, NULL);
+ dctx->lb_valid = 1;
+ continue;
+ }
if (outlen < dctx->blocklength)
{
FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
if (outlen < dctx->blocklength)
{
FIPS_digestfinal(&hctx->mctx, hctx->vtmp, NULL);
+ if (!drbg_cprng_test(dctx, hctx->vtmp))
+ return 0;
memcpy(out, hctx->vtmp, outlen);
return 1;
}
FIPS_digestfinal(&hctx->mctx, out, NULL);
memcpy(out, hctx->vtmp, outlen);
return 1;
}
FIPS_digestfinal(&hctx->mctx, out, NULL);
+ if (!drbg_cprng_test(dctx, out))
+ return 0;
outlen -= dctx->blocklength;
if (outlen == 0)
return 1;
outlen -= dctx->blocklength;
if (outlen == 0)
return 1;