Ensure seed does not match key and fixup error codes.

author Dr. Stephen Henson <steve@openssl.org>

Tue, 14 Aug 2007 13:17:28 +0000 (13:17 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Tue, 14 Aug 2007 13:17:28 +0000 (13:17 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Tue, 14 Aug 2007 13:17:28 +0000 (13:17 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Tue, 14 Aug 2007 13:17:28 +0000 (13:17 +0000)
diff --git a/fips-1.0/rand/fips_rand.c b/fips-1.0/rand/fips_rand.c

index 9735394aafdf88b0a46f763b479eb9bb9cd1d850..b4e83bca9eae4f647b4a9b6716d08ae9b8c7ab8d 100644 (file)
--- a/fips-1.0/rand/fips_rand.c
+++ b/fips-1.0/rand/fips_rand.c
@@ -97,6 +97,8 @@ typedef struct
         unsigned long counter;
         AES_KEY ks;
         int vpos;
+       /* Temporary storage for key if it equals seed length */
+       unsigned char tmp_key[AES_BLOCK_LENGTH];
         unsigned char V[AES_BLOCK_LENGTH];
         unsigned char DT[AES_BLOCK_LENGTH];
         unsigned char last[AES_BLOCK_LENGTH];
@@ -128,7 +130,13 @@ static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
                 return 0;
                 }
         AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
-       ctx->keyed = 1;
+       if (keylen == 16)
+               {
+               memcpy(ctx->tmp_key, key, 16);
+               ctx->keyed = 2;
+               }
+       else
+               ctx->keyed = 1;
         ctx->seeded = 0;
         ctx->second = 0;
         return 1;
@@ -156,6 +164,20 @@ static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
                 if (ctx->vpos == AES_BLOCK_LENGTH)
                         {
                         ctx->vpos = 0;
+                       /* Special case if first seed and key length equals
+                        * block size check key and seed do not match.
+                        */ 
+                       if (ctx->keyed == 2)
+                               {
+                               if (!memcmp(ctx->tmp_key, ctx->V, 16))
+                                       {
+                                       RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
+                                               RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
+                                       return 0;
+                                       }
+                               OPENSSL_cleanse(ctx->tmp_key, 16);
+                               ctx->keyed = 1;
+                               }
                         ctx->seeded = 1;
                         }
                 }
@@ -182,7 +204,7 @@ int FIPS_rand_set_dt(unsigned char *dt)
         {
         if (!sctx.test_mode)
                 {
-               RANDerr(RAND_F_FIPS_SET_DT,RAND_R_NOT_IN_TEST_MODE);
+               RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE);
                 return 0;
                 }
         memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
author	Dr. Stephen Henson <steve@openssl.org>
	Tue, 14 Aug 2007 13:17:28 +0000 (13:17 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Tue, 14 Aug 2007 13:17:28 +0000 (13:17 +0000)