From: Dr. Stephen Henson Date: Fri, 21 Oct 2011 00:12:53 +0000 (+0000) Subject: Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX. X-Git-Tag: OpenSSL-fips-2_0-rc1~16 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=af4bfa151c27d70c94272e3ae53b8a50d648b81d;p=openssl Check for uninitialised DRBG_CTX and don't free up default DRBG_CTX. --- diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c index 39c007f6bb..32e4b83c5e 100644 --- a/fips/rand/fips_drbg_lib.c +++ b/fips/rand/fips_drbg_lib.c @@ -135,8 +135,18 @@ void FIPS_drbg_free(DRBG_CTX *dctx) { if (dctx->uninstantiate) dctx->uninstantiate(dctx); - OPENSSL_cleanse(&dctx->d, sizeof(dctx->d)); - OPENSSL_free(dctx); + /* Don't free up default DRBG */ + if (dctx == FIPS_get_default_drbg()) + { + memset(dctx, 0, sizeof(DRBG_CTX)); + dctx->type = 0; + dctx->status = DRBG_STATUS_UNINITIALISED; + } + else + { + OPENSSL_cleanse(&dctx->d, sizeof(dctx->d)); + OPENSSL_free(dctx); + } } static size_t fips_get_entropy(DRBG_CTX *dctx, unsigned char **pout, @@ -194,6 +204,7 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx, FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_ENTROPY); FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_ERROR_RETRIEVING_NONCE); FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_INSTANTIATE_ERROR); + FIPSerr(FIPS_F_FIPS_DRBG_INSTANTIATE, FIPS_R_DRBG_NOT_INITIALISED); #endif int r = 0; @@ -204,6 +215,12 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx, goto end; } + if (!dctx->instantiate) + { + r = FIPS_R_DRBG_NOT_INITIALISED; + goto end; + } + if (dctx->status != DRBG_STATUS_UNINITIALISED) { if (dctx->status == DRBG_STATUS_ERROR)