Uninstantiate and free functions for DRBG.

diff --git a/fips/rand/fips_drbg_ctr.c b/fips/rand/fips_drbg_ctr.c
index 2b2d226c53b0a558830eca4dffd6bd6287fbfbe6..738abdd835e15f530070283d210f37ccc12e7cf5 100644 (file)
--- a/fips/rand/fips_drbg_ctr.c
+++ b/fips/rand/fips_drbg_ctr.c
@@ -350,6 +350,12 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,
 
        }
 
+static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
+       {
+       OPENSSL_cleanse(&dctx->d.ctr, sizeof(DRBG_CTR_CTX));
+       return 1;
+       }
+
 int fips_drbg_ctr_init(DRBG_CTX *dctx)
        {
        DRBG_CTR_CTX *cctx = &dctx->d.ctr;
@@ -377,6 +383,7 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
        dctx->instantiate = drbg_ctr_instantiate;
        dctx->reseed = drbg_ctr_reseed;
        dctx->generate = drbg_ctr_generate;
+       dctx->uninstantiate = drbg_ctr_uninstantiate;
 
 
        cctx->keylen = keylen;

diff --git a/fips/rand/fips_drbg_hash.c b/fips/rand/fips_drbg_hash.c
index 4dbcdb6a7b20d2ce3f54c78df977a565db43ce59..ca3bce7320d6f6c4464c548897047f2fea1d8afc 100644 (file)
--- a/fips/rand/fips_drbg_hash.c
+++ b/fips/rand/fips_drbg_hash.c
@@ -306,6 +306,13 @@ static int drbg_hash_generate(DRBG_CTX *dctx,
        return 1;
        }
 
+static int drbg_hash_uninstantiate(DRBG_CTX *dctx)
+       {
+       EVP_MD_CTX_cleanup(&dctx->d.hash.mctx);
+       OPENSSL_cleanse(&dctx->d.hash, sizeof(DRBG_HASH_CTX));
+       return 1;
+       }
+
 int fips_drbg_hash_init(DRBG_CTX *dctx)
        {
        const EVP_MD *md;
@@ -346,6 +353,7 @@ int fips_drbg_hash_init(DRBG_CTX *dctx)
        dctx->instantiate = drbg_hash_instantiate;
        dctx->reseed = drbg_hash_reseed;
        dctx->generate = drbg_hash_generate;
+       dctx->uninstantiate = drbg_hash_uninstantiate;
 
        dctx->d.hash.md = md;
        EVP_MD_CTX_init(&hctx->mctx);

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 9b497b54cc6eab6fb5cb6db0e0213a97b1435bfc..0bf30f031488938be92a83681b25a3f1ac766d91 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -62,30 +62,41 @@
 
 /* Support framework for SP800-90 DRBGs */
 
-DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
+static int fips_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
        {
        int rv;
-       DRBG_CTX *dctx;
-       dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
        memset(dctx, 0, sizeof(DRBG_CTX));
        dctx->status = DRBG_STATUS_UNINITIALISED;
        dctx->flags = flags;
        dctx->type = type;
+
        rv = fips_drbg_hash_init(dctx);
+
        if (rv == -2)
                rv = fips_drbg_ctr_init(dctx);
-       if (rv <= 0)
+
+       return rv;
+       }
+
+DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
+       {
+       DRBG_CTX *dctx;
+       dctx = OPENSSL_malloc(sizeof(DRBG_CTX));
+       if (!dctx)
+               return NULL;
+       if (fips_drbg_init(dctx, type, flags) <= 0)
                {
-               /* Fatal: cannot initialiase DRBG */
-               goto err;
+               OPENSSL_free(dctx);
+               return NULL;
                }
-
        return dctx;
+       }
 
-       err:
-       if (dctx)
-               OPENSSL_free(dctx);
-       return NULL;
+void FIPS_drbg_free(DRBG_CTX *dctx)
+       {
+       dctx->uninstantiate(dctx);
+       OPENSSL_cleanse(dctx, sizeof(DRBG_CTX));
+       OPENSSL_free(dctx);
        }
 
 int FIPS_drbg_instantiate(DRBG_CTX *dctx,
@@ -224,6 +235,18 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
        return 1;
        }
 
+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
+       {
+       int save_type, save_flags, rv;
+       save_type = dctx->type;
+       save_flags = dctx->flags;
+       rv = dctx->uninstantiate(dctx);
+       OPENSSL_cleanse(dctx, sizeof(DRBG_CTX));
+       /* If method has problems uninstantiating, return error */
+       if (rv <= 0)
+               return rv;
+       return fips_drbg_init(dctx, save_type, save_flags);
+       }
 
 int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
        size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,

diff --git a/fips/rand/fips_drbgvs.c b/fips/rand/fips_drbgvs.c
index a5992339080e96e5fd1d31d3121b00ed996460c7..325925072e87c0faec012c389e10717bf00e53d3 100644 (file)
--- a/fips/rand/fips_drbgvs.c
+++ b/fips/rand/fips_drbgvs.c
@@ -294,6 +294,8 @@ int main(int argc,char **argv)
                if (gen == 2)
                        {
                        OutputValue("ReturnedBits", out, outlen, stdout, 0);
+                       FIPS_drbg_free(dctx);
+                       dctx = NULL;
                        gen = 0;
                        }
 

diff --git a/fips/rand/fips_rand.h b/fips/rand/fips_rand.h
index e0cc8c9da54e55612d998a18044e22560641f637..e9e2afbbaa07841fcef6b9fd4ef91963b4511cbf 100644 (file)
--- a/fips/rand/fips_rand.h
+++ b/fips/rand/fips_rand.h
@@ -83,6 +83,9 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
                        int prediction_resistance,
                        const unsigned char *adin, size_t adinlen);
 
+int FIPS_drbg_uninstantiate(DRBG_CTX *dctx);
+void FIPS_drbg_free(DRBG_CTX *dctx);
+
 int FIPS_drbg_set_test_mode(DRBG_CTX *dctx,
        size_t (*get_entropy)(DRBG_CTX *ctx, unsigned char *out,
                                int entropy, size_t min_len, size_t max_len),