Remove redundant definitions. Give error code if DRBG sefltest fails.

diff --git a/crypto/fips_err.h b/crypto/fips_err.h
index 81acb47eb4c10675bae575e75e27de2b9bae3a47..c808c888644c460c214c40e6330cc0228350515b 100644 (file)
--- a/crypto/fips_err.h
+++ b/crypto/fips_err.h
@@ -90,12 +90,13 @@ static ERR_STRING_DATA FIPS_str_functs[]=
 {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE),       "FIPS_drbg_instantiate"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW),       "FIPS_drbg_new"},
 {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED),    "FIPS_drbg_reseed"},
+{ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT),        "FIPS_DRBG_SINGLE_KAT"},
 {ERR_FUNC(FIPS_F_FIPS_DSA_CHECK),      "FIPS_DSA_CHECK"},
 {ERR_FUNC(FIPS_F_FIPS_MODE_SET),       "FIPS_mode_set"},
 {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST),    "fips_pkey_signature_test"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES),   "FIPS_selftest_aes"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM),       "FIPS_selftest_aes_gcm"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC),  "FIPS_SELFTEST_CMAC"},
+{ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC),  "FIPS_selftest_cmac"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES),   "FIPS_selftest_des"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA),   "FIPS_selftest_dsa"},
 {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"},

diff --git a/fips/fips.h b/fips/fips.h
index 110ee3c5b49072e31ce47fa6ce66b974f7d1efb0..2c71041a70ab21d4758155cd802a50cb6c8c0c52 100644 (file)
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -203,6 +203,7 @@ void ERR_load_FIPS_strings(void);
 #define FIPS_F_FIPS_DRBG_INSTANTIATE                    133
 #define FIPS_F_FIPS_DRBG_NEW                            134
 #define FIPS_F_FIPS_DRBG_RESEED                                 135
+#define FIPS_F_FIPS_DRBG_SINGLE_KAT                     140
 #define FIPS_F_FIPS_DSA_CHECK                           107
 #define FIPS_F_FIPS_MODE_SET                            108
 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST                         109

diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c
index a3732c1a4abf0aaeefe279b4ff68ab95449621c2..c46fe58521c706a6bd5cbd4dd671d7be1e56097f 100644 (file)
--- a/fips/rand/fips_drbg_selftest.c
+++ b/fips/rand/fips_drbg_selftest.c
@@ -797,6 +797,8 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td)
        rv = 1;
 
        err:
+       if (rv == 0)
+               FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED);
        FIPS_drbg_uninstantiate(dctx);
        
        return rv;

diff --git a/fips/rand/fips_rand_lcl.h b/fips/rand/fips_rand_lcl.h
index b3962260ed0df49c2d3fdab3890fe94d5e474665..a946ac1ed89b5202130ede9d5869020aebb72838 100644 (file)
--- a/fips/rand/fips_rand_lcl.h
+++ b/fips/rand/fips_rand_lcl.h
@@ -97,10 +97,6 @@ struct drbg_ctr_ctx_st
 /* fatal error condition */
 #define DRBG_STATUS_ERROR              3
 
-/* Maximum values for temp entropy and nonce */
-#define DRBG_MAX_ENTROPY               1024
-#define DRBG_MAX_NONCE                 1024
-
 /* A default maximum length: larger than any reasonable value used in pratice */
 
 #define DRBG_MAX_LENGTH                        0x7ffffff0
@@ -159,8 +155,6 @@ struct drbg_ctx_st
        /* Indicates we have finished with entropy buffer */
        void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen);
 
-       unsigned char nonce[DRBG_MAX_NONCE];
-
        /* nonce gathering function */
        size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout,
                                int entropy, size_t min_len, size_t max_len);