Browse Source

[rng] Record validity within DRBG state

Treat an empty (zeroed) DRBG as invalid.  This ensures that a DRBG
that has not yet been instantiated (or that has been uninstantiated)
will refuse to attempt to generate random bits.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 12 years ago
parent
commit
c2668b61ea
2 changed files with 15 additions and 4 deletions
  1. 13
    4
      src/crypto/drbg.c
  2. 2
    0
      src/include/ipxe/drbg.h

+ 13
- 4
src/crypto/drbg.c View File

151
 	 * in-situ.)
151
 	 * in-situ.)
152
 	 */
152
 	 */
153
 	state->reseed_required = 0;
153
 	state->reseed_required = 0;
154
+	state->valid = 1;
154
 
155
 
155
 	/* 12.  Return SUCCESS and state_handle. */
156
 	/* 12.  Return SUCCESS and state_handle. */
156
 	return 0;
157
 	return 0;
187
 	 *     If state_handle indicates an invalid or empty internal
188
 	 *     If state_handle indicates an invalid or empty internal
188
 	 *     state, return an ERROR_FLAG.
189
 	 *     state, return an ERROR_FLAG.
189
 	 *
190
 	 *
190
-	 * (Nothing to do since the memory holding the internal state
191
-	 * was passed in by the caller.)
191
+	 * (Almost nothing to do since the memory holding the internal
192
+	 * state was passed in by the caller.)
192
 	 */
193
 	 */
194
+	if ( ! state->valid ) {
195
+		DBGC ( state, "DRBG %p not valid\n", state );
196
+		return -EINVAL;
197
+	}
193
 
198
 
194
 	/* 2.  If prediction_resistance_request is set, and
199
 	/* 2.  If prediction_resistance_request is set, and
195
 	 *     prediction_resistance_flag is not set, then return an
200
 	 *     prediction_resistance_flag is not set, then return an
273
 	 *     for the instantiation.  If state_handle indicates an
278
 	 *     for the instantiation.  If state_handle indicates an
274
 	 *     invalid or empty internal state, then return an ERROR_FLAG.
279
 	 *     invalid or empty internal state, then return an ERROR_FLAG.
275
 	 *
280
 	 *
276
-	 * (Nothing to do since the memory holding the internal state
277
-	 * was passed in by the caller.)
281
+	 * (Almost nothing to do since the memory holding the internal
282
+	 * state was passed in by the caller.)
278
 	 */
283
 	 */
284
+	if ( ! state->valid ) {
285
+		DBGC ( state, "DRBG %p not valid\n", state );
286
+		return -EINVAL;
287
+	}
279
 
288
 
280
 	/* 2.  If requested_number_of_bits >
289
 	/* 2.  If requested_number_of_bits >
281
 	 *     max_number_of_bits_per_request, then return an
290
 	 *     max_number_of_bits_per_request, then return an

+ 2
- 0
src/include/ipxe/drbg.h View File

39
 	struct hmac_drbg_state internal;
39
 	struct hmac_drbg_state internal;
40
 	/** Reseed required flag */
40
 	/** Reseed required flag */
41
 	int reseed_required;
41
 	int reseed_required;
42
+	/** State is valid */
43
+	int valid;
42
 };
44
 };
43
 
45
 
44
 /**
46
 /**

Loading…
Cancel
Save