Closed
Bug 318962
Opened 19 years ago
Closed 19 years ago
Implement SHS algorithm tests for FIPS 140-2 validation
Categories
(NSS :: Test, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: glenbeasley, Assigned: glenbeasley)
Details
Attachments
(5 files)
|
11.37 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
|
704 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
|
584 bytes,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
|
918 bytes,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
|
901 bytes,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
|
Assignee | |
Comment 1•19 years ago
|
||
Attachment #205883 -
Flags: review?(wtchang)
|
||
Comment 2•19 years ago
|
||
Comment on attachment 205883 [details] [diff] [review] Added FIPS 140-2 SHA tests and removed FIPS 140-1 SHA tests >+SECStatus sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen) >+{ >+ SECStatus sha_status; sha_status should be initialized to SECFailure. >+SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp) ... >+ char buf[80]; Please add a comment to justify why 80 is big enough. >+void sha_test(char *reqfn) >+{ ... >+ char buf[25608]; /* holds one line from the input REQUEST file.*/ >+ unsigned char msg[12800]; /* message to digest */ These two buffers are quite big. We probably should allocate them in the heap.
Attachment #205883 -
Flags: review?(wtchang) → review+
|
|
Assignee | |
Comment 3•19 years ago
|
||
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.6; previous revision: 1.5 done RCS file: /cvsroot/mozilla/security/nss/cmd/fipstest/sha.sh,v done Checking in sha.sh; /cvsroot/mozilla/security/nss/cmd/fipstest/sha.sh,v <-- sha.sh initial revision: 1.1 done
|
|
Assignee | |
Comment 4•19 years ago
|
||
Attachment #206408 -
Flags: review?(wtchang)
|
|
||
Updated•19 years ago
|
Attachment #206408 -
Flags: review?(wtchang) → review+
|
|
Assignee | |
Comment 5•19 years ago
|
||
checked in on tip and NSS_3_11_BRANCH Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.3; previous revision: 1.3.2.2 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.9; previous revision: 1.8 done
|
|
||
Comment 6•19 years ago
|
||
PORT_Realloc(oldptr, 0) either returns 0 or a fixed non-zero value that can be passed to PORT_Free. On HP-UX, PORT_Realloc(oldptr, 0) returns 0. So that should not be treated as memory allocation failure.
Attachment #206558 -
Flags: review?(glen.beasley)
|
|
||
Comment 7•19 years ago
|
||
It turns out that we free the old 'msg'
pointer and set it to NULL before calling
PORT_Realloc, so
PORT_Realloc(msg, msgLen);
is
PORT_Realloc(NULL, msgLen)
which is equivalent to
PORT_Alloc(msgLen)
Combined with the subsequent memset(msg, 0, msgLen)
call, this becomes PORT_ZAlloc(msgLen). (That memset
call is in the wrong place anyway; it should be after
the test for msg == NULL.)
Attachment #206563 -
Flags: review?(glen.beasley)
|
|
Assignee | |
Updated•19 years ago
|
Attachment #206558 -
Flags: review?(glen.beasley) → review+
|
|
Assignee | |
Updated•19 years ago
|
Attachment #206563 -
Flags: review?(glen.beasley) → review+
|
|
||
Comment 8•19 years ago
|
||
Comment on attachment 206563 [details] [diff] [review] Call PORT_ZAlloc instead of PORT_Realloc Checked in on the tip and the NSS_3_11_BRANCH. Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.13; previous revision: 1.12 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.7; previous revision: 1.3.2.6 done
|
|
Assignee | |
Updated•19 years ago
|
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
||
Comment 9•18 years ago
|
||
To review this patch, you need to verify that it is safe for i and j to be unsigned. i: it's initialized to 2, 3, or 4, and only changed by i++ or i+=2. it's only used as array index (buf[i]). j: it's initialized to 0 and only changed by j++. it's only used as array index (msg[j], seed[j], key[j]).
Attachment #212010 -
Flags: review?(glen.beasley)
|
|
Assignee | |
Comment 10•18 years ago
|
||
Comment on attachment 212010 [details] [diff] [review] Fix signed/unsigned comparison warnings by MSVC the variables i and j are only used as "unsigned int" in sha_test and hmac_test.
Attachment #212010 -
Flags: review?(glen.beasley) → review+
|
|
||
Comment 11•18 years ago
|
||
Comment on attachment 212010 [details] [diff] [review] Fix signed/unsigned comparison warnings by MSVC I checked in the "signed/unsigned compiler warning" patch on the NSS trunk (3.12) and NSS_3_11_BRANCH (3.11.1). Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.24; previous revision: 1.23 done Checking in fipstest.c; /cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c new revision: 1.3.2.17; previous revision: 1.3.2.16 done
You need to log in
before you can comment on or make changes to this bug.
Description
•