generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only zeroise sensitive parts of DRBG context, so the type and flags

Browse Source 
are undisturbed.

Allow setting of "rand" callbacks for DRBG.
This commit is contained in:
Dr. Stephen Henson
2011-04-01 17:49:45 +00:00
parent 8cf88778ea
commit e5cadaf8db
3 changed files with 29 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fips/rand/fips_drbg_selftest.c
View File

@@ -954,11 +954,11 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
}
FIPS_drbg_uninstantiate(dctx);
p = (unsigned char *)dctx;
p = (unsigned char *)&dctx->d;
/* Standard says we have to check uninstantiate really zeroes
* the data...
*/
for (i = 0; i < sizeof(DRBG_CTX); i++)
for (i = 0; i < sizeof(dctx->d); i++)
{
if (*p != 0)
{
@@ -980,7 +980,7 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
return 0;
}
int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
{