From e70452155e7d93118d33f4dde964a67d4ac1b505 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Mon, 17 Feb 2020 19:39:05 +0100 Subject: [PATCH] Check that the DRBG's internal state has been zeroized after uninstantiation Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11111) --- providers/fips/self_test_kats.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c index 128e2aa118..06f12a1ead 100644 --- a/providers/fips/self_test_kats.c +++ b/providers/fips/self_test_kats.c @@ -234,6 +234,7 @@ static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_ST_EVENT *event, OSSL_PARAM drbg_params[3] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; + static const unsigned char zero[sizeof(drbg->data)] = { 0 }; SELF_TEST_EVENT_onbegin(event, OSSL_SELF_TEST_TYPE_DRBG, t->desc); @@ -287,20 +288,11 @@ static int self_test_drbg(const ST_KAT_DRBG *t, OSSL_ST_EVENT *event, if (!RAND_DRBG_uninstantiate(drbg)) goto err; /* - * TODO(3.0) : Check that the DRBG data has been zeroed after - * RAND_DRBG_uninstantiate. Its a bit hard currently to do this when - * the drbg->data is reinitialized by this call.. + * Check that the DRBG data has been zeroized after RAND_DRBG_uninstantiate. */ -#if 0 - { - size_t i, sz = sizeof(drbg->data); - unsigned char *p = (unsigned char *)&drbg->data; - - for (i = 0; i < sz; ++i) - if (*p++ != 0) - goto err; - } -#endif + if (memcmp((unsigned char *)&drbg->data, zero, sizeof(drbg->data)) != 0) + goto err; + ret = 1; err: RAND_DRBG_free(drbg); -- 2.25.1