Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX.

This commit is contained in:
Dr. Stephen Henson 2011-10-21 00:12:53 +00:00
parent 3b5930442d
commit af4bfa151c

View File

@ -135,8 +135,18 @@ void FIPS_drbg_free(DRBG_CTX *dctx)
{ {
if (dctx->uninstantiate) if (dctx->uninstantiate)
dctx->uninstantiate(dctx); dctx->uninstantiate(dctx);
OPENSSL_cleanse(&dctx->d, sizeof(dctx->d)); /* Don't free up default DRBG */
OPENSSL_free(dctx); if (dctx == FIPS_get_default_drbg())
{
memset(dctx, 0, sizeof(DRBG_CTX));
dctx->type = 0;
dctx->status = DRBG_STATUS_UNINITIALISED;
}
else
{
OPENSSL_cleanse(&dctx->d, sizeof(dctx->d));
OPENSSL_free(dctx);
}
} }
static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout, static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout,
@ -194,6 +204,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY); FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE); FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR); FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR);
FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED);
#endif #endif
int r = 0; int r = 0;
@ -204,6 +215,12 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
goto end; goto end;
} }
if (!dctx->instantiate)
{
r = FIPS_R_DRBG_NOT_INITIALISED;
goto end;
}
if (dctx->status != DRBG_STATUS_UNINITIALISED) if (dctx->status != DRBG_STATUS_UNINITIALISED)
{ {
if (dctx->status == DRBG_STATUS_ERROR) if (dctx->status == DRBG_STATUS_ERROR)