diff options
| author | Vitezslav Cizek <vcizek@suse.com> | 2020-06-01 11:45:09 +0200 |
|---|---|---|
| committer | Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com> | 2020-07-23 01:12:48 +0200 |
| commit | 9fb6692c1b129fa61277ae0482975a935274c6fd (patch) | |
| tree | cd42c67ccab0f75e0ab4f661bfba43a1ecd43351 | |
| parent | 11a6d6fd706d1fa095122d65d3076fb38f2c739c (diff) | |
Fix DRBG reseed counter condition.
The reseed counter condition was broken since a93ba40, where the
initial value was wrongly changed from one to zero.
Commit 8bf3665 fixed the initialization, but also adjusted the check,
so the problem remained.
This change restores original (OpenSSL-fips-2_0-stable) behavior.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11195)
| -rw-r--r-- | providers/implementations/rands/drbg.c | 2 | ||||
| -rw-r--r-- | test/drbgtest.c | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index 3394271835..929b32e708 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -742,7 +742,7 @@ int PROV_DRBG_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen, } if (drbg->reseed_interval > 0) { - if (drbg->reseed_gen_counter > drbg->reseed_interval) + if (drbg->reseed_gen_counter >= drbg->reseed_interval) reseed_required = 1; } if (drbg->reseed_time_interval > 0) { diff --git a/test/drbgtest.c b/test/drbgtest.c index 5486813dc7..118677c2ed 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -515,7 +515,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; reseed_counter_tmp = reseed_counter(drbg); - set_reseed_counter(drbg, reseed_requests(drbg) + 1); + set_reseed_counter(drbg, reseed_requests(drbg)); /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; @@ -540,7 +540,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) if (!instantiate(drbg, td, &t)) goto err; reseed_counter_tmp = reseed_counter(drbg); - set_reseed_counter(drbg, reseed_requests(drbg) + 1); + set_reseed_counter(drbg, reseed_requests(drbg)); /* Generate output and check entropy has been requested for reseed */ t.entropycnt = 0; |