From ff4a19a471bfcb80ddd11b491b181589e324a52f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 6 Mar 2011 13:10:37 +0000 Subject: [PATCH] Fix couple of bugs in CTR DRBG implementation. --- fips/rand/fips_drbg_ctr.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/fips/rand/fips_drbg_ctr.c b/fips/rand/fips_drbg_ctr.c index 212bcf8df6..2b2d226c53 100644 --- a/fips/rand/fips_drbg_ctr.c +++ b/fips/rand/fips_drbg_ctr.c @@ -360,12 +360,15 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx) { case NID_aes_128_ctr: keylen = 16; + break; case NID_aes_192_ctr: keylen = 24; + break; case NID_aes_256_ctr: keylen = 32; + break; default: return -2; @@ -394,6 +397,15 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx) /* Set key schedule for df_key */ AES_set_encrypt_key(df_key, dctx->strength, &cctx->df_ks); + dctx->min_entropy = cctx->keylen; + dctx->max_entropy = DRBG_MAX_ENTROPY; + dctx->min_nonce = dctx->min_entropy / 2; + dctx->max_nonce = DRBG_MAX_NONCE; + dctx->max_pers = DRBG_MAX_LENGTH; + dctx->max_adin = DRBG_MAX_LENGTH; + } + else + { dctx->min_entropy = dctx->seedlen; dctx->max_entropy = dctx->seedlen; /* Nonce not used */ @@ -402,15 +414,6 @@ int fips_drbg_ctr_init(DRBG_CTX *dctx) dctx->max_pers = dctx->seedlen; dctx->max_adin = dctx->seedlen; } - else - { - dctx->min_entropy = cctx->keylen; - dctx->max_entropy = DRBG_MAX_ENTROPY; - dctx->min_nonce = dctx->min_entropy / 2; - dctx->max_nonce = DRBG_MAX_NONCE; - dctx->max_pers = DRBG_MAX_LENGTH; - dctx->max_adin = DRBG_MAX_LENGTH; - } dctx->max_request = 1<<19; dctx->reseed_counter = DRBG_MAX_LENGTH; -- 2.25.1