diff options
author | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2020-02-17 19:25:55 +0100 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2020-02-25 11:30:00 +0100 |
commit | 75ff4f7404fe53304ad28279923760b61d6c2ace (patch) | |
tree | 6aee1f1d2ab867cdd8c8a8117b797447e5829874 /crypto/err | |
parent | 19ded1a717b6c72c3db241f06787a353f1190755 (diff) |
DRBG: delay initialization of DRBG method until instantiation
Previously, the initialization was done immediately in RAND_DRBG_set(),
which is also called in RAND_DRBG_uninstantiate().
This made it difficult for the FIPS DRBG self test to verify that the
internal state had been zeroized, because it had the side effect that
the drbg->data structure was reinitialized immediately.
To solve the problem, RAND_DRBG_set() has been split in two parts
static int rand_drbg_set(RAND_DRBG *drbg, int type, unsigned int flags);
static int rand_drbg_init_method(RAND_DRBG *drbg);
and only the first part is called from RAND_DRBG_uninstantiate().
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11111)
Diffstat (limited to 'crypto/err')
-rw-r--r-- | crypto/err/openssl.txt | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 47a20e828f..04775f55ac 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1132,6 +1132,7 @@ RAND_F_RAND_DRBG_ENABLE_LOCKING:119:rand_drbg_enable_locking RAND_F_RAND_DRBG_GENERATE:107:RAND_DRBG_generate RAND_F_RAND_DRBG_GET_ENTROPY:120:rand_drbg_get_entropy RAND_F_RAND_DRBG_GET_NONCE:123:rand_drbg_get_nonce +RAND_F_RAND_DRBG_INIT_METHOD:130: RAND_F_RAND_DRBG_INSTANTIATE:108:RAND_DRBG_instantiate RAND_F_RAND_DRBG_NEW:109:RAND_DRBG_new RAND_F_RAND_DRBG_RESEED:110:RAND_DRBG_reseed @@ -3388,8 +3389,8 @@ X509_R_BAD_SELECTOR:133:bad selector X509_R_BAD_X509_FILETYPE:100:bad x509 filetype X509_R_BASE64_DECODE_ERROR:118:base64 decode error X509_R_CANT_CHECK_DH_KEY:114:cant check dh key -X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table X509_R_CERTIFICATE_VERIFICATION_FAILED:139:certificate verification failed +X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table X509_R_CRL_ALREADY_DELTA:127:crl already delta X509_R_CRL_VERIFY_FAILURE:131:crl verify failure X509_R_IDP_MISMATCH:128:idp mismatch |