Make i2r_sctlist static.

[openssl.git] / fips / rand / fips_drbg_lib.c

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index b5aed0177e8d98af1be40021d88b6251c174629e..ee162d05eb0281d42548ec0365262ae79631943b 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -135,8 +135,18 @@ void FIPS_drbg_free(DRBG_CTX *dctx)
        {
        if (dctx->uninstantiate)
                dctx->uninstantiate(dctx);
-       OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
-       OPENSSL_free(dctx);
+       /* Don't free up default DRBG */
+       if (dctx == FIPS_get_default_drbg())
+               {
+               memset(dctx, 0, sizeof(DRBG_CTX));
+               dctx->type = 0;
+               dctx->status = DRBG_STATUS_UNINITIALISED;
+               }
+       else
+               {
+               OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
+               OPENSSL_free(dctx);
+               }
        }
 
 static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
@@ -144,6 +154,8 @@ static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
        {
        unsigned char *tout, *p;
        size_t bl = dctx->entropy_blocklen, rv;
+       if (!dctx->get_entropy)
+               return 0;
        if (dctx->xflags & DRBG_FLAG_TEST || !bl)
                return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
        rv = dctx->get_entropy(dctx, &tout, entropy + bl,
@@ -194,6 +206,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
        FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
        FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
        FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
+       FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
 #endif
 
        int r = 0;
@@ -204,6 +217,12 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
                goto end;
                }
 
+       if (!dctx->instantiate)
+               {
+               r = FIPS_R_DRBG_NOT_INITIALISED;
+               goto end;
+               }
+
        if (dctx->status != DRBG_STATUS_UNINITIALISED)
                {
                if (dctx->status == DRBG_STATUS_ERROR)
@@ -224,7 +243,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
                goto end;
                }
 
-       if (dctx->max_nonce > 0)
+       if (dctx->max_nonce > 0 && dctx->get_nonce)
                {
                noncelen = dctx->get_nonce(dctx, &nonce,
                                        dctx->strength / 2,
@@ -274,12 +293,12 @@ static int drbg_reseed(DRBG_CTX *dctx,
                        const unsigned char *adin, size_t adinlen, int hcheck)
        {
        unsigned char *entropy = NULL;
-       size_t entlen;
+       size_t entlen = 0;
        int r = 0;
 
 #if 0
-       FIPSerr(FIPS_F_FIPS_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
-       FIPSerr(FIPS_F_FIPS_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
+       FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_NOT_INSTANTIATED);
+       FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
 #endif
        if (dctx->status != DRBG_STATUS_READY
                && dctx->status != DRBG_STATUS_RESEED)
@@ -336,7 +355,7 @@ static int drbg_reseed(DRBG_CTX *dctx,
                return 1;
 
        if (r && !(dctx->iflags & DRBG_FLAG_NOERR))
-               FIPSerr(FIPS_F_FIPS_DRBG_RESEED, r);
+               FIPSerr(FIPS_F_DRBG_RESEED, r);
 
        return 0;
        }
@@ -369,6 +388,12 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
        {
        int r = 0;
 
+       if (FIPS_selftest_failed())
+               {
+               FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
+               return 0;
+               }
+
        if (!fips_drbg_check(dctx))
                return 0;
 
@@ -521,9 +546,9 @@ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
 
 static int drbg_stick = 0;
 
-void FIPS_drbg_stick(void)
+void FIPS_drbg_stick(int onoff)
        {
-       drbg_stick = 1;
+       drbg_stick = onoff;
        }
 
 /* Continuous DRBG utility function */