mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix DRBG reseed counter condition.

Browse Source 
The reseed counter condition was broken since a93ba40, where the
initial value was wrongly changed from one to zero.
Commit 8bf3665 fixed the initialization, but also adjusted the check,
so the problem remained.
This change restores original (OpenSSL-fips-2_0-stable) behavior.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11195)
This commit is contained in:
Vitezslav Cizek 2020-06-01 11:45:09 +02:00 committed by Dr. Matthias St. Pierre
parent 11a6d6fd70
commit 9fb6692c1b
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
providers/implementations/rands/drbg.c
View File

@ -742,7 +742,7 @@ int PROV_DRBG_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
}
if (drbg->reseed_interval > 0) {
if (drbg->reseed_gen_counter > drbg->reseed_interval)
if (drbg->reseed_gen_counter >= drbg->reseed_interval)
reseed_required = 1;
}
if (drbg->reseed_time_interval > 0) {

4
test/drbgtest.c
View File

@ -515,7 +515,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
if (!instantiate(drbg, td, &t))
goto err;
reseed_counter_tmp = reseed_counter(drbg);
set_reseed_counter(drbg, reseed_requests(drbg) + 1);
set_reseed_counter(drbg, reseed_requests(drbg));
/* Generate output and check entropy has been requested for reseed */
t.entropycnt = 0;
@ -540,7 +540,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
if (!instantiate(drbg, td, &t))
goto err;
reseed_counter_tmp = reseed_counter(drbg);
set_reseed_counter(drbg, reseed_requests(drbg) + 1);
set_reseed_counter(drbg, reseed_requests(drbg));
/* Generate output and check entropy has been requested for reseed */
t.entropycnt = 0;