mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check that the DRBG's internal state has been zeroized after uninstantiation

Browse Source 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)
This commit is contained in:
Dr. Matthias St. Pierre 2020-02-17 19:39:05 +01:00
parent 75ff4f7404
commit e70452155e
1 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
providers/fips/self_test_kats.c
View File

@ -234,6 +234,7 @@ static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_ST_EVENT *event,
OSSL_PARAM drbg_params[3] = {
OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
};
static const unsigned char zero[sizeof(drbg->data)] = { 0 };
SELF_TEST_EVENT_onbegin(event, OSSL_SELF_TEST_TYPE_DRBG, t->desc);
@ -287,20 +288,11 @@ static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_ST_EVENT *event,
if (!RAND_DRBG_uninstantiate(drbg))
goto err;
/*
* TODO(3.0) : Check that the DRBG data has been zeroed after
* RAND_DRBG_uninstantiate. Its a bit hard currently to do this when
* the drbg->data is reinitialized by this call..
* Check that the DRBG data has been zeroized after RAND_DRBG_uninstantiate.
*/
#if 0
{
size_t i, sz = sizeof(drbg->data);
unsigned char *p = (unsigned char *)&drbg->data;
if (memcmp((unsigned char *)&drbg->data, zero, sizeof(drbg->data)) != 0)
goto err;
for (i = 0; i < sz; ++i)
if (*p++ != 0)
goto err;
}
#endif
ret = 1;
err:
RAND_DRBG_free(drbg);