From e06de4dd3597374ab67281736be8dee0e2552bcd Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 31 Mar 2011 17:23:12 +0000 Subject: [PATCH] Remove redundant definitions. Give error code if DRBG sefltest fails. --- crypto/fips_err.h | 3 ++- fips/fips.h | 1 + fips/rand/fips_drbg_selftest.c | 2 ++ fips/rand/fips_rand_lcl.h | 6 ------ 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/crypto/fips_err.h b/crypto/fips_err.h index 81acb47eb4..c808c88864 100644 --- a/crypto/fips_err.h +++ b/crypto/fips_err.h @@ -90,12 +90,13 @@ static ERR_STRING_DATA FIPS_str_functs[]= {ERR_FUNC(FIPS_F_FIPS_DRBG_INSTANTIATE), "FIPS_drbg_instantiate"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_NEW), "FIPS_drbg_new"}, {ERR_FUNC(FIPS_F_FIPS_DRBG_RESEED), "FIPS_drbg_reseed"}, +{ERR_FUNC(FIPS_F_FIPS_DRBG_SINGLE_KAT), "FIPS_DRBG_SINGLE_KAT"}, {ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_DSA_CHECK"}, {ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"}, {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES_GCM), "FIPS_selftest_aes_gcm"}, -{ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_SELFTEST_CMAC"}, +{ERR_FUNC(FIPS_F_FIPS_SELFTEST_CMAC), "FIPS_selftest_cmac"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"}, {ERR_FUNC(FIPS_F_FIPS_SELFTEST_ECDSA), "FIPS_selftest_ecdsa"}, diff --git a/fips/fips.h b/fips/fips.h index 110ee3c5b4..2c71041a70 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -203,6 +203,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_FIPS_DRBG_INSTANTIATE 133 #define FIPS_F_FIPS_DRBG_NEW 134 #define FIPS_F_FIPS_DRBG_RESEED 135 +#define FIPS_F_FIPS_DRBG_SINGLE_KAT 140 #define FIPS_F_FIPS_DSA_CHECK 107 #define FIPS_F_FIPS_MODE_SET 108 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index a3732c1a4a..c46fe58521 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -797,6 +797,8 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) rv = 1; err: + if (rv == 0) + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED); FIPS_drbg_uninstantiate(dctx); return rv; diff --git a/fips/rand/fips_rand_lcl.h b/fips/rand/fips_rand_lcl.h index b3962260ed..a946ac1ed8 100644 --- a/fips/rand/fips_rand_lcl.h +++ b/fips/rand/fips_rand_lcl.h @@ -97,10 +97,6 @@ struct drbg_ctr_ctx_st /* fatal error condition */ #define DRBG_STATUS_ERROR 3 -/* Maximum values for temp entropy and nonce */ -#define DRBG_MAX_ENTROPY 1024 -#define DRBG_MAX_NONCE 1024 - /* A default maximum length: larger than any reasonable value used in pratice */ #define DRBG_MAX_LENGTH 0x7ffffff0 @@ -159,8 +155,6 @@ struct drbg_ctx_st /* Indicates we have finished with entropy buffer */ void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen); - unsigned char nonce[DRBG_MAX_NONCE]; - /* nonce gathering function */ size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len); -- 2.34.1