Check we recognise DRBG type in fips_drbgvs.c initialised DRBG_CTX if we
authorDr. Stephen Henson <steve@openssl.org>
Mon, 12 Sep 2011 12:56:20 +0000 (12:56 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 12 Sep 2011 12:56:20 +0000 (12:56 +0000)
don't set type in FIPS_drbg_new().

fips/rand/fips_drbg_lib.c
fips/rand/fips_drbgvs.c

index 114f78e..ddbb99d 100644 (file)
@@ -115,8 +115,14 @@ DRBG_CTX *FIPS_drbg_new(int type, unsigned int flags)
                FIPSerr(FIPS_F_FIPS_DRBG_NEW, ERR_R_MALLOC_FAILURE);
                return NULL;
                }
+
        if (type == 0)
+               {
+               memset(dctx, 0, sizeof(DRBG_CTX));
+               dctx->type = 0;
+               dctx->status = DRBG_STATUS_UNINITIALISED;
                return dctx;
+               }
 
        if (FIPS_drbg_init(dctx, type, flags) <= 0)
                {
index db05d40..4d84884 100644 (file)
@@ -314,6 +314,11 @@ int main(int argc,char **argv)
                if (!strcmp(keyword, "PersonalizationString"))
                        {
                        pers = hex2bin_m(value, &perslen);
+                       if (nid == 0)
+                               {
+                               fprintf(stderr, "DRBG type not recognised!\n");
+                               exit (1);
+                               }
                        dctx = FIPS_drbg_new(nid, df | DRBG_FLAG_TEST);
                        if (!dctx)
                                exit (1);