generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only zeroise sensitive parts of DRBG context, so the type and flags

Browse Source 
are undisturbed.

Allow setting of "rand" callbacks for DRBG.
This commit is contained in:
Dr. Stephen Henson 2011-04-01 17:49:45 +00:00
parent 8cf88778ea
commit e5cadaf8db
3 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
fips/rand/fips_drbg_lib.c
View File

@ -114,7 +114,7 @@ void FIPS_drbg_free(DRBG_CTX *dctx)
{ {
if (dctx->uninstantiate) if (dctx->uninstantiate)
dctx->uninstantiate(dctx); dctx->uninstantiate(dctx);
OPENSSL_cleanse(dctx, sizeof(DRBG_CTX)); OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
OPENSSL_free(dctx); OPENSSL_free(dctx);
} }
@ -403,7 +403,8 @@ int FIPS_drbg_uninstantiate(DRBG_CTX *dctx)
/* Although we'd like to cleanse here we can't because we have to /* Although we'd like to cleanse here we can't because we have to
* test the uninstantiate really zeroes the data. * test the uninstantiate really zeroes the data.
*/ */
memset(dctx, 0, sizeof(DRBG_CTX)); memset(&dctx->d, 0, sizeof(dctx->d));
dctx->status = DRBG_STATUS_UNINITIALISED;
/* If method has problems uninstantiating, return error */ /* If method has problems uninstantiating, return error */
return rv; return rv;
} }
@ -425,6 +426,22 @@ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
return 1; return 1;
} }
int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
int (*rand_add_cb)(DRBG_CTX *ctx,
const void *buf, int num, double entropy))
{
if (dctx->status != DRBG_STATUS_UNINITIALISED)
return 0;
dctx->get_adin = get_adin;
dctx->cleanup_adin = cleanup_adin;
dctx->rand_seed_cb = rand_seed_cb;
dctx->rand_add_cb = rand_add_cb;
return 1;
}
void *FIPS_drbg_get_app_data(DRBG_CTX *dctx) void *FIPS_drbg_get_app_data(DRBG_CTX *dctx)
{ {
return dctx->app_data; return dctx->app_data;

4
fips/rand/fips_drbg_selftest.c
View File

@ -954,11 +954,11 @@ static int fips_drbg_health_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
} }
FIPS_drbg_uninstantiate(dctx); FIPS_drbg_uninstantiate(dctx);
p = (unsigned char *)dctx; p = (unsigned char *)&dctx->d;
/* Standard says we have to check uninstantiate really zeroes /* Standard says we have to check uninstantiate really zeroes
* the data... * the data...
*/ */
for (i = 0; i < sizeof(DRBG_CTX); i++) for (i = 0; i < sizeof(dctx->d); i++)
{ {
if (*p != 0) if (*p != 0)
{ {

7
fips/rand/fips_rand.h
View File

@ -97,6 +97,13 @@ int FIPS_drbg_set_callbacks(DRBG_CTX *dctx,
int entropy, size_t min_len, size_t max_len), int entropy, size_t min_len, size_t max_len),
void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen)); void (*cleanup_nonce)(DRBG_CTX *ctx, unsigned char *out, size_t olen));
int FIPS_drbg_set_rand_callbacks(DRBG_CTX *dctx,
size_t (*get_adin)(DRBG_CTX *ctx, unsigned char **pout),
void (*cleanup_adin)(DRBG_CTX *ctx, unsigned char *out, size_t olen),
int (*rand_seed_cb)(DRBG_CTX *ctx, const void *buf, int num),
int (*rand_add_cb)(DRBG_CTX *ctx,
const void *buf, int num, double entropy));
void *FIPS_drbg_get_app_data(DRBG_CTX *ctx); void *FIPS_drbg_get_app_data(DRBG_CTX *ctx);
void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data); void FIPS_drbg_set_app_data(DRBG_CTX *ctx, void *app_data);
size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx); size_t FIPS_drbg_get_blocklength(DRBG_CTX *dctx);