diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-06-03 14:37:11 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2015-06-04 13:41:18 +0200 |
| commit | 9c38e8bf442367b86f49a71d16175a28a68930db (patch) | |
| tree | f8d583531e43f4beaac9ae146db8063c73c38a99 | |
| parent | cff06753bb64980212331df8f3a0868f0022b61c (diff) | |
| download | gnutls-9c38e8bf442367b86f49a71d16175a28a68930db.tar.gz | |
fips140: added more checks on the reseed and generate function
| -rw-r--r-- | lib/nettle/int/drbg-aes-self-test.c | 59 |
1 files changed, 49 insertions, 10 deletions
diff --git a/lib/nettle/int/drbg-aes-self-test.c b/lib/nettle/int/drbg-aes-self-test.c index 9c87453c0b..3d0b30362d 100644 --- a/lib/nettle/int/drbg-aes-self-test.c +++ b/lib/nettle/int/drbg-aes-self-test.c @@ -104,7 +104,8 @@ int drbg_aes_self_test(void) struct drbg_aes_ctx test_ctx; struct drbg_aes_ctx test_ctx2; struct priv_st priv; - int ret; + int ret, saved; + uint8_t *tmp; unsigned char result[16]; memset(&priv, 0, sizeof(priv)); @@ -119,26 +120,32 @@ int drbg_aes_self_test(void) return 0; } + tmp = gnutls_malloc(MAX_DRBG_AES_GENERATE_SIZE+1); + if (tmp == NULL) { + gnutls_assert(); + return 0; + } + for (i = 0; i < sizeof(tv) / sizeof(tv[0]); i++) { /* Setup the key. */ ret = drbg_aes_init(&test_ctx, DRBG_AES_SEED_SIZE, tv[i].entropy, strlen(tv[i].pstring), (void *)tv[i].pstring); if (ret == 0) - return 0; + goto fail; if (drbg_aes_is_seeded(&test_ctx) == 0) - return 0; + goto fail; /* Get and compare the first three results. */ for (j = 0; j < 3; j++) { /* Compute the next value. */ if (drbg_aes_random(&test_ctx, 16, result) == 0) - return 0; + goto fail; /* Compare it to the known value. */ if (memcmp(result, tv[i].res[j], 16) != 0) { - return 0; + goto fail; } } @@ -146,20 +153,35 @@ int drbg_aes_self_test(void) drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE, tv[i].entropy, 0, NULL); if (ret == 0) - return 0; + goto fail; if (drbg_aes_random(&test_ctx, 16, result) == 0) - return 0; + goto fail; if (memcmp(result, tv[i].res[3], 16) != 0) { - return 0; + goto fail; } /* test the error handling of drbg_aes_random() */ + saved = test_ctx.reseed_counter; test_ctx.reseed_counter = DRBG_AES_RESEED_TIME+1; if (drbg_aes_random(&test_ctx, 16, result) != 0) { gnutls_assert(); - return 0; + goto fail; + } + test_ctx.reseed_counter = saved; + + ret = drbg_aes_random(&test_ctx, MAX_DRBG_AES_GENERATE_SIZE+1, tmp); + if (ret == 0) { + gnutls_assert(); + goto fail; + } + + /* test the low-level function */ + ret = drbg_aes_generate(&test_ctx, MAX_DRBG_AES_GENERATE_SIZE+1, tmp, 0, NULL); + if (ret != 0) { + gnutls_assert(); + goto fail; } /* test deinit, which is zeroize_key() */ @@ -167,9 +189,26 @@ int drbg_aes_self_test(void) zeroize_key(&test_ctx, sizeof(test_ctx)); if (memcmp(&test_ctx, &test_ctx2, sizeof(test_ctx)) == 0) { gnutls_assert(); - return 0; + goto fail; } + + /* Test of the reseed function for error handling */ + ret = + drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE*2, + (uint8_t*)tv, 0, NULL); + if (ret != 0) + goto fail; + + ret = + drbg_aes_reseed(&test_ctx, DRBG_AES_SEED_SIZE, + (uint8_t*)tv, DRBG_AES_SEED_SIZE*2, (uint8_t*)tv); + if (ret != 0) + goto fail; } + free(tmp); return 1; + fail: + free(tmp); + return 0; } |