diff options
| author | Robert Relyea <rrelyea@redhat.com> | 2015-08-31 14:34:18 -0700 |
|---|---|---|
| committer | Robert Relyea <rrelyea@redhat.com> | 2015-08-31 14:34:18 -0700 |
| commit | 7adc9ed826ee4e1a5174b4b1d3f1f2ebf381ffb2 (patch) | |
| tree | eb018f83be021da1799d6c492617959538d0230c /lib/freebl/ctr.c | |
| parent | 5aeac8e0722ed2a5fd9cbb849579fbb70dfeebc3 (diff) | |
| download | nss-hg-7adc9ed826ee4e1a5174b4b1d3f1f2ebf381ffb2.tar.gz | |
Pick up FIPS-140 certification work.
This consists of the following:
1)Move FIPS integrity and post tests to dll load time.
2) Extra data clearing of CPS, change to the prime check requirements.
3) Allow FIPS level 1. This is detected by whether or not there is a password on the database.
4) Update fipstest to handle new tests and the latest formats used by NIST. Also make running of the tests automated.
bob
Diffstat (limited to 'lib/freebl/ctr.c')
| -rw-r--r-- | lib/freebl/ctr.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/freebl/ctr.c b/lib/freebl/ctr.c index 1cbf30c28..accd55b48 100644 --- a/lib/freebl/ctr.c +++ b/lib/freebl/ctr.c @@ -30,6 +30,7 @@ CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher, } /* Invariant: 0 < ctr->bufPtr <= blocksize */ + ctr->checkWrap = PR_FALSE; ctr->bufPtr = blocksize; /* no unused data in the buffer */ ctr->cipher = cipher; ctr->context = context; @@ -40,6 +41,10 @@ CTR_InitContext(CTRContext *ctr, void *context, freeblCipherFunc cipher, return SECFailure; } PORT_Memcpy(ctr->counter, ctrParams->cb, blocksize); + if (ctr->counterBits < 64) { + PORT_Memcpy(ctr->counterFirst, ctr->counter, blocksize); + ctr->checkWrap = PR_TRUE; + } return SECSuccess; } @@ -147,6 +152,12 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, ctr->counter, blocksize, blocksize); ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); + if (ctr->checkWrap) { + if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + } if (rv != SECSuccess) { return SECFailure; } @@ -162,6 +173,12 @@ CTR_Update(CTRContext *ctr, unsigned char *outbuf, rv = (*ctr->cipher)(ctr->context, ctr->buffer, &tmp, blocksize, ctr->counter, blocksize, blocksize); ctr_GetNextCtr(ctr->counter, ctr->counterBits, blocksize); + if (ctr->checkWrap) { + if (PORT_Memcmp(ctr->counter, ctr->counterFirst, blocksize) == 0) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + } if (rv != SECSuccess) { return SECFailure; } |