generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix couple of bugs in CTR DRBG implementation.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2011-03-06 13:10:37 +00:00
parent 868f12988c
commit ff4a19a471
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
fips/rand/fips_drbg_ctr.c
View File

@ -360,12 +360,15 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
{ {
case NID_aes_128_ctr: case NID_aes_128_ctr:
keylen = 16; keylen = 16;
break;
case NID_aes_192_ctr: case NID_aes_192_ctr:
keylen = 24; keylen = 24;
break;
case NID_aes_256_ctr: case NID_aes_256_ctr:
keylen = 32; keylen = 32;
break;
default: default:
return -2; return -2;
@ -394,6 +397,15 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
/* Set key schedule for df_key */ /* Set key schedule for df_key */
AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks); AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks);
dctx->min_entropy = cctx->keylen;
dctx->max_entropy = DRBG_MAX_ENTROPY;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->max_nonce = DRBG_MAX_NONCE;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
}
else
{
dctx->min_entropy = dctx->seedlen; dctx->min_entropy = dctx->seedlen;
dctx->max_entropy = dctx->seedlen; dctx->max_entropy = dctx->seedlen;
/* Nonce not used */ /* Nonce not used */
@ -402,15 +414,6 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx)
dctx->max_pers = dctx->seedlen; dctx->max_pers = dctx->seedlen;
dctx->max_adin = dctx->seedlen; dctx->max_adin = dctx->seedlen;
} }
else
{
dctx->min_entropy = cctx->keylen;
dctx->max_entropy = DRBG_MAX_ENTROPY;
dctx->min_nonce = dctx->min_entropy / 2;
dctx->max_nonce = DRBG_MAX_NONCE;
dctx->max_pers = DRBG_MAX_LENGTH;
dctx->max_adin = DRBG_MAX_LENGTH;
}
dctx->max_request = 1<<19; dctx->max_request = 1<<19;
dctx->reseed_counter = DRBG_MAX_LENGTH; dctx->reseed_counter = DRBG_MAX_LENGTH;