X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fips%2Frand%2Ffips_drbg_lib.c;h=ee162d05eb0281d42548ec0365262ae79631943b;hp=39c007f6bbbf16d70f489ce5fdbfe2cd30b06351;hb=85a1a836a2b865cb0ff8ee15647e5c5a8c7e464f;hpb=43760a2cf02a6d710d40bd6ed43c7bf61918fadd

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index 39c007f6bb..ee162d05eb 100644
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -135,8 +135,18 @@ void FIPS_drbg_free(DRBG_CTX *dctx)
 	{
 	if (dctx->uninstantiate)
 		dctx->uninstantiate(dctx);
-	OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
-	OPENSSL_free(dctx);
+	/* Don't free up default DRBG */
+	if (dctx == FIPS_get_default_drbg())
+		{
+		memset(dctx, 0, sizeof(DRBG_CTX));
+		dctx->type = 0;
+		dctx->status = DRBG_STATUS_UNINITIALISED;
+		}
+	else
+		{
+		OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
+		OPENSSL_free(dctx);
+		}
 	}
 
 static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
@@ -144,6 +154,8 @@ static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
 	{
 	unsigned char *tout, *p;
 	size_t bl = dctx->entropy_blocklen, rv;
+	if (!dctx->get_entropy)
+		return 0;
 	if (dctx->xflags & DRBG_FLAG_TEST || !bl)
 		return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
 	rv = dctx->get_entropy(dctx, &tout, entropy + bl,
@@ -194,6 +206,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
 	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
 	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
 	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
+	FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
 #endif
 
 	int r = 0;
@@ -204,6 +217,12 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
 		goto end;
 		}
 
+	if (!dctx->instantiate)
+		{
+		r = FIPS_R_DRBG_NOT_INITIALISED;
+		goto end;
+		}
+
 	if (dctx->status != DRBG_STATUS_UNINITIALISED)
 		{
 		if (dctx->status == DRBG_STATUS_ERROR)
@@ -224,7 +243,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
 		goto end;
 		}
 
-	if (dctx->max_nonce > 0)
+	if (dctx->max_nonce > 0 && dctx->get_nonce)
 		{
 		noncelen = dctx->get_nonce(dctx, &nonce,
 					dctx->strength / 2,
@@ -369,6 +388,12 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
 	{
 	int r = 0;
 
+	if (FIPS_selftest_failed())
+		{
+		FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_SELFTEST_FAILED);
+		return 0;
+		}
+
 	if (!fips_drbg_check(dctx))
 		return 0;
 
@@ -521,9 +546,9 @@ void FIPS_drbg_set_reseed_interval(DRBG_CTX *dctx, int interval)
 
 static int drbg_stick = 0;
 
-void FIPS_drbg_stick(void)
+void FIPS_drbg_stick(int onoff)
 	{
-	drbg_stick = 1;
+	drbg_stick = onoff;
 	}
 
 /* Continuous DRBG utility function */