diff options
| author | Michael Brown | 2012-02-20 22:24:30 +0100 |
|---|---|---|
| committer | Michael Brown | 2012-02-21 13:42:37 +0100 |
| commit | c2668b61ea5ac01279929be6be86cc04fd342ab5 (patch) | |
| tree | 1a7e3434ceda88380366731ecd661423f093444d /src | |
| parent | [rng] Add missing #include <string.h> (diff) | |
| download | ipxe-c2668b61ea5ac01279929be6be86cc04fd342ab5.tar.gz ipxe-c2668b61ea5ac01279929be6be86cc04fd342ab5.tar.xz ipxe-c2668b61ea5ac01279929be6be86cc04fd342ab5.zip | |
[rng] Record validity within DRBG state
Treat an empty (zeroed) DRBG as invalid. This ensures that a DRBG
that has not yet been instantiated (or that has been uninstantiated)
will refuse to attempt to generate random bits.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/drbg.c | 17 | ||||
| -rw-r--r-- | src/include/ipxe/drbg.h | 2 |
2 files changed, 15 insertions, 4 deletions
diff --git a/src/crypto/drbg.c b/src/crypto/drbg.c index 58e8fa7b5..88cf3acde 100644 --- a/src/crypto/drbg.c +++ b/src/crypto/drbg.c @@ -151,6 +151,7 @@ int drbg_instantiate ( struct drbg_state *state, const void *personal, * in-situ.) */ state->reseed_required = 0; + state->valid = 1; /* 12. Return SUCCESS and state_handle. */ return 0; @@ -187,9 +188,13 @@ int drbg_reseed ( struct drbg_state *state, const void *additional, * If state_handle indicates an invalid or empty internal * state, return an ERROR_FLAG. * - * (Nothing to do since the memory holding the internal state - * was passed in by the caller.) + * (Almost nothing to do since the memory holding the internal + * state was passed in by the caller.) */ + if ( ! state->valid ) { + DBGC ( state, "DRBG %p not valid\n", state ); + return -EINVAL; + } /* 2. If prediction_resistance_request is set, and * prediction_resistance_flag is not set, then return an @@ -273,9 +278,13 @@ int drbg_generate ( struct drbg_state *state, const void *additional, * for the instantiation. If state_handle indicates an * invalid or empty internal state, then return an ERROR_FLAG. * - * (Nothing to do since the memory holding the internal state - * was passed in by the caller.) + * (Almost nothing to do since the memory holding the internal + * state was passed in by the caller.) */ + if ( ! state->valid ) { + DBGC ( state, "DRBG %p not valid\n", state ); + return -EINVAL; + } /* 2. If requested_number_of_bits > * max_number_of_bits_per_request, then return an diff --git a/src/include/ipxe/drbg.h b/src/include/ipxe/drbg.h index a09d136dd..3cf4584ac 100644 --- a/src/include/ipxe/drbg.h +++ b/src/include/ipxe/drbg.h @@ -39,6 +39,8 @@ struct drbg_state { struct hmac_drbg_state internal; /** Reseed required flag */ int reseed_required; + /** State is valid */ + int valid; }; /** |