X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=fips%2Frand%2Ffips_drbg_lib.c;h=32e4b83c5e9f7cdcb83fbc44436b3412dd7e0633;hp=95c73e191d32fc468d620df0f4a0bada8a62f67a;hb=af4bfa151c27d70c94272e3ae53b8a50d648b81d;hpb=cf61940534836ebd8d8a13bae0dd2cbd273a3d49

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 95c73e191d..32e4b83c5e 100644
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -135,8 +135,18 @@ void FIPS_drbg_free(DRBG_CTX *dctx)
 	{
 	if (dctx->uninstantiate)
 		dctx->uninstantiate(dctx);
-	OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
-	OPENSSL_free(dctx);
+	/* Don't free up default DRBG */
+	if (dctx == FIPS_get_default_drbg())
+		{
+		memset(dctx, 0, sizeof(DRBG_CTX));
+		dctx->type = 0;
+		dctx->status = DRBG_STATUS_UNINITIALISED;
+		}
+	else
+		{
+		OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
+		OPENSSL_free(dctx);
+		}
 	}
 
 static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
@@ -194,6 +204,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
 	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
 	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
 	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
+	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
 #endif
 
 	int r = 0;
@@ -204,6 +215,12 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
 		goto end;
 		}
 
+	if (!dctx->instantiate)
+		{
+		r = FIPS_R_DRBG_NOT_INITIALISED;
+		goto end;
+		}
+
 	if (dctx->status != DRBG_STATUS_UNINITIALISED)
 		{
 		if (dctx->status == DRBG_STATUS_ERROR)
@@ -278,8 +295,8 @@ static int drbg_reseed(DRBG_CTX *dctx,
 	int r = 0;
 
 #if 0
-	FIPSerr(FIPS_F_FIPS_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
-	FIPSerr(FIPS_F_FIPS_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
+	FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
+	FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
 #endif
 	if (dctx->status != DRBG_STATUS_READY
 		&& dctx->status != DRBG_STATUS_RESEED)
@@ -336,7 +353,7 @@ static int drbg_reseed(DRBG_CTX *dctx,
 		return 1;
 
 	if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
-		FIPSerr(FIPS_F_FIPS_DRBG_RESEED, r);
+		FIPSerr(FIPS_F_DRBG_RESEED, r);
 
 	return 0;
 	}