DRBG: add check for XOF so these can be disallowed by the DRBGs

author Pauli <paul.dale@oracle.com>

Fri, 1 Nov 2019 11:07:08 +0000 (21:07 +1000)

committer Pauli <paul.dale@oracle.com>

Sat, 2 Nov 2019 05:10:54 +0000 (15:10 +1000)
author Pauli <paul.dale@oracle.com>
Fri, 1 Nov 2019 11:07:08 +0000 (21:07 +1000)
committer Pauli <paul.dale@oracle.com>
Sat, 2 Nov 2019 05:10:54 +0000 (15:10 +1000)
diff --git a/crypto/rand/drbg_hash.c b/crypto/rand/drbg_hash.c

index 5ff1d117c94f688d2174130be10dcfacf71a43ac..f087d889655fbfa254fce849d78c9e07fc3299fb 100644 (file)
--- a/crypto/rand/drbg_hash.c
+++ b/crypto/rand/drbg_hash.c
@@ -317,6 +317,8 @@ int drbg_hash_init(RAND_DRBG *drbg)
      if (md == NULL)
          return 0;
  
+    if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0)
+        return 0;
  
      drbg->meth = &drbg_hash_meth;
  
diff --git a/crypto/rand/drbg_hmac.c b/crypto/rand/drbg_hmac.c

index 0047d8c0946c8aee1070e93d78dfe25a4a4eb520..3bda6c0d050d68c30d5077f736e5ac10763008c1 100644 (file)
--- a/crypto/rand/drbg_hmac.c
+++ b/crypto/rand/drbg_hmac.c
@@ -211,6 +211,9 @@ int drbg_hmac_init(RAND_DRBG *drbg)
      if (md == NULL)
          return 0;
  
+    if ((EVP_MD_flags(md) & EVP_MD_FLAG_XOF) != 0)
+        return 0;
+
      drbg->meth = &drbg_hmac_meth;
  
      if (hmac->ctx == NULL) {
author	Pauli <paul.dale@oracle.com>
	Fri, 1 Nov 2019 11:07:08 +0000 (21:07 +1000)
committer	Pauli <paul.dale@oracle.com>
	Sat, 2 Nov 2019 05:10:54 +0000 (15:10 +1000)
crypto/rand/drbg_hash.c		patch \| blob \| history
crypto/rand/drbg_hmac.c		patch \| blob \| history