From: Dr. Stephen Henson Date: Sun, 6 Mar 2011 13:10:37 +0000 (+0000) Subject: Fix couple of bugs in CTR DRBG implementation. X-Git-Tag: OpenSSL-fips-2_0-rc1~690 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ff4a19a471bfcb80ddd11b491b181589e324a52f;p=oweals%2Fopenssl.git Fix couple of bugs in CTR DRBG implementation. --- diff --git a/fips/rand/fips_drbg_ctr.c b/fips/rand/fips_drbg_ctr.c index 212bcf8df6..2b2d226c53 100644 --- a/fips/rand/fips_drbg_ctr.c +++ b/fips/rand/fips_drbg_ctr.c @@ -360,12 +360,15 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx) { case NID_aes_128_ctr: keylen = 16; + break; case NID_aes_192_ctr: keylen = 24; + break; case NID_aes_256_ctr: keylen = 32; + break; default: return -2; @@ -394,6 +397,15 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx) /* Set key schedule for df_key */ AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks); + dctx->min_entropy = cctx->keylen; + dctx->max_entropy = DRBG_MAX_ENTROPY; + dctx->min_nonce = dctx->min_entropy / 2; + dctx->max_nonce = DRBG_MAX_NONCE; + dctx->max_pers = DRBG_MAX_LENGTH; + dctx->max_adin = DRBG_MAX_LENGTH; + } + else + { dctx->min_entropy = dctx->seedlen; dctx->max_entropy = dctx->seedlen; /* Nonce not used */ @@ -402,15 +414,6 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx) dctx->max_pers = dctx->seedlen; dctx->max_adin = dctx->seedlen; } - else - { - dctx->min_entropy = cctx->keylen; - dctx->max_entropy = DRBG_MAX_ENTROPY; - dctx->min_nonce = dctx->min_entropy / 2; - dctx->max_nonce = DRBG_MAX_NONCE; - dctx->max_pers = DRBG_MAX_LENGTH; - dctx->max_adin = DRBG_MAX_LENGTH; - } dctx->max_request = 1<<19; dctx->reseed_counter = DRBG_MAX_LENGTH;