projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Revise DRBG to split between internal and external flags.
[openssl.git]
/
fips
/
rand
/
fips_drbg_ctr.c
diff --git
a/fips/rand/fips_drbg_ctr.c
b/fips/rand/fips_drbg_ctr.c
index 7e6d497ad1f9c94abd7c196a5a0783844900048a..4483681f633085306eaeec3c9d82f608a3c00679 100644
(file)
--- a/
fips/rand/fips_drbg_ctr.c
+++ b/
fips/rand/fips_drbg_ctr.c
@@
-54,8
+54,6
@@
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include "fips_rand_lcl.h"
@@
-265,7
+263,7
@@
static void ctr_Update(DRBG_CTX *dctx,
memcpy(cctx->V, cctx->K + 24, 8);
}
memcpy(cctx->V, cctx->K + 24, 8);
}
- if (dctx->flags & DRBG_FLAG_CTR_USE_DF)
+ if (dctx->
x
flags & DRBG_FLAG_CTR_USE_DF)
{
/* If no input reuse existing derived value */
if (in1 || nonce || in2)
{
/* If no input reuse existing derived value */
if (in1 || nonce || in2)
@@
-318,7
+316,7
@@
static int drbg_ctr_generate(DRBG_CTX *dctx,
{
ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
/* This means we reuse derived value */
{
ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
/* This means we reuse derived value */
- if (dctx->flags & DRBG_FLAG_CTR_USE_DF)
+ if (dctx->
x
flags & DRBG_FLAG_CTR_USE_DF)
{
adin = NULL;
adinlen = 1;
{
adin = NULL;
adinlen = 1;
@@
-330,14
+328,24
@@
static int drbg_ctr_generate(DRBG_CTX *dctx,
for (;;)
{
inc_128(cctx);
for (;;)
{
inc_128(cctx);
+ if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
+ {
+ AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
+ dctx->lb_valid = 1;
+ continue;
+ }
if (outlen < 16)
{
/* Use K as temp space as it will be updated */
AES_encrypt(cctx->V, cctx->K, &cctx->ks);
if (outlen < 16)
{
/* Use K as temp space as it will be updated */
AES_encrypt(cctx->V, cctx->K, &cctx->ks);
+ if (!fips_drbg_cprng_test(dctx, cctx->K))
+ return 0;
memcpy(out, cctx->K, outlen);
break;
}
AES_encrypt(cctx->V, out, &cctx->ks);
memcpy(out, cctx->K, outlen);
break;
}
AES_encrypt(cctx->V, out, &cctx->ks);
+ if (!fips_drbg_cprng_test(dctx, out))
+ return 0;
out += 16;
outlen -= 16;
if (outlen == 0)
out += 16;
outlen -= 16;
if (outlen == 0)
@@
-390,7
+398,7
@@
int fips_drbg_ctr_init(DRBG_CTX *dctx)
dctx->blocklength = 16;
dctx->seedlen = keylen + 16;
dctx->blocklength = 16;
dctx->seedlen = keylen + 16;
- if (dctx->flags & DRBG_FLAG_CTR_USE_DF)
+ if (dctx->
x
flags & DRBG_FLAG_CTR_USE_DF)
{
/* df initialisation */
static unsigned char df_key[32] =
{
/* df initialisation */
static unsigned char df_key[32] =
@@
-404,9
+412,9
@@
int fips_drbg_ctr_init(DRBG_CTX *dctx)
AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
dctx->min_entropy = cctx->keylen;
AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
dctx->min_entropy = cctx->keylen;
- dctx->max_entropy = DRBG_MAX_
ENTROPY
;
+ dctx->max_entropy = DRBG_MAX_
LENGTH
;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->min_nonce = dctx->min_entropy / 2;
- dctx->max_nonce = DRBG_MAX_
NONCE
;
+ dctx->max_nonce = DRBG_MAX_
LENGTH
;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
}
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
}
@@
-421,7
+429,7
@@
int fips_drbg_ctr_init(DRBG_CTX *dctx)
dctx->max_adin = dctx->seedlen;
}
dctx->max_adin = dctx->seedlen;
}
- dctx->max_request = 1<<1
9
;
+ dctx->max_request = 1<<1
6
;
dctx->reseed_interval = 1<<24;
return 1;
dctx->reseed_interval = 1<<24;
return 1;