X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Frand%2Ffips_drbg_ctr.c;h=4483681f633085306eaeec3c9d82f608a3c00679;hp=738abdd835e15f530070283d210f37ccc12e7cf5;hb=4420b3b17acf19f78f4fdea1a69d5f0a644c8154;hpb=e45c6c4e2537434f087793e5c51a5cb70af9d82e

diff --git a/fips/rand/fips_drbg_ctr.c b/fips/rand/fips_drbg_ctr.c
index 738abdd835..4483681f63 100644
--- a/fips/rand/fips_drbg_ctr.c
+++ b/fips/rand/fips_drbg_ctr.c
@@ -54,8 +54,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/aes.h>
 #include <openssl/fips.h>
 #include <openssl/fips_rand.h>
 #include "fips_rand_lcl.h"
@@ -265,7 +263,7 @@ static void ctr_Update(DRBG_CTX *dctx,
 		memcpy(cctx->V, cctx->K + 24, 8);
 		}
 
-	if (dctx->flags & DRBG_FLAG_CTR_USE_DF)
+	if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
 		{
 		/* If no input reuse existing derived value */
 		if (in1 || nonce || in2)
@@ -318,7 +316,7 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,
 		{
 		ctr_Update(dctx, adin, adinlen, NULL, 0, NULL, 0);
 		/* This means we reuse derived value */
-		if (dctx->flags & DRBG_FLAG_CTR_USE_DF)
+		if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
 			{
 			adin = NULL;
 			adinlen = 1;
@@ -330,14 +328,24 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,
 	for (;;)
 		{
 		inc_128(cctx);
+		if (!(dctx->xflags & DRBG_FLAG_TEST) && !dctx->lb_valid)
+			{
+			AES_encrypt(cctx->V, dctx->lb, &cctx->ks);
+			dctx->lb_valid = 1;
+			continue;
+			}
 		if (outlen < 16)
 			{
 			/* Use K as temp space as it will be updated */
 			AES_encrypt(cctx->V, cctx->K, &cctx->ks);
+			if (!fips_drbg_cprng_test(dctx, cctx->K))
+				return 0;
 			memcpy(out, cctx->K, outlen);
 			break;
 			}
 		AES_encrypt(cctx->V, out, &cctx->ks);
+		if (!fips_drbg_cprng_test(dctx, out))
+			return 0;
 		out += 16;
 		outlen -= 16;
 		if (outlen == 0)
@@ -352,7 +360,7 @@ static int drbg_ctr_generate(DRBG_CTX *dctx,
 
 static int drbg_ctr_uninstantiate(DRBG_CTX *dctx)
 	{
-	OPENSSL_cleanse(&dctx->d.ctr, sizeof(DRBG_CTR_CTX));
+	memset(&dctx->d.ctr, 0, sizeof(DRBG_CTR_CTX));
 	return 1;
 	}
 
@@ -385,13 +393,12 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
 	dctx->generate = drbg_ctr_generate;
 	dctx->uninstantiate = drbg_ctr_uninstantiate;
 
-
 	cctx->keylen = keylen;
 	dctx->strength = keylen * 8;
 	dctx->blocklength = 16;
 	dctx->seedlen = keylen + 16;
 
-	if (dctx->flags & DRBG_FLAG_CTR_USE_DF)
+	if (dctx->xflags & DRBG_FLAG_CTR_USE_DF)
 		{
 		/* df initialisation */
 		static unsigned char df_key[32] =
@@ -405,9 +412,9 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
 		AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
 
 		dctx->min_entropy = cctx->keylen;
-		dctx->max_entropy = DRBG_MAX_ENTROPY;
+		dctx->max_entropy = DRBG_MAX_LENGTH;
 		dctx->min_nonce = dctx->min_entropy / 2;
-		dctx->max_nonce = DRBG_MAX_NONCE;
+		dctx->max_nonce = DRBG_MAX_LENGTH;
 		dctx->max_pers = DRBG_MAX_LENGTH;
 		dctx->max_adin = DRBG_MAX_LENGTH;
 		}
@@ -422,8 +429,8 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
 		dctx->max_adin = dctx->seedlen;
 		}
 
-	dctx->max_request = 1<<19;
-	dctx->reseed_counter = DRBG_MAX_LENGTH;
+	dctx->max_request = 1<<16;
+	dctx->reseed_interval = 1<<24;
 
 	return 1;
 	}