Closed
Bug 318962
Opened 20 years ago
Closed 20 years ago
Implement SHS algorithm tests for FIPS 140-2 validation
Categories
(NSS :: Test, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.1
People
(Reporter: glenbeasley, Assigned: glenbeasley)
Details
Attachments
(5 files)
|
11.37 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
|
704 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
|
584 bytes,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
|
918 bytes,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
|
901 bytes,
patch
|
glenbeasley
:
review+
|
Details | Diff | Splinter Review |
| Assignee | ||
Comment 1•20 years ago
|
||
Attachment #205883 -
Flags: review?(wtchang)
Comment 2•20 years ago
|
||
Comment on attachment 205883 [details] [diff] [review]
Added FIPS 140-2 SHA tests and removed FIPS 140-1 SHA tests
>+SECStatus sha_calcMD(unsigned char *MD, unsigned int MDLen, unsigned char *msg, unsigned int msgLen)
>+{
>+ SECStatus sha_status;
sha_status should be initialized to SECFailure.
>+SECStatus sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp)
...
>+ char buf[80];
Please add a comment to justify why 80 is big enough.
>+void sha_test(char *reqfn)
>+{
...
>+ char buf[25608]; /* holds one line from the input REQUEST file.*/
>+ unsigned char msg[12800]; /* message to digest */
These two buffers are quite big. We probably should
allocate them in the heap.
Attachment #205883 -
Flags: review?(wtchang) → review+
| Assignee | ||
Comment 3•20 years ago
|
||
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c
new revision: 1.6; previous revision: 1.5
done
RCS file: /cvsroot/mozilla/security/nss/cmd/fipstest/sha.sh,v
done
Checking in sha.sh;
/cvsroot/mozilla/security/nss/cmd/fipstest/sha.sh,v <-- sha.sh
initial revision: 1.1
done
| Assignee | ||
Comment 4•20 years ago
|
||
Attachment #206408 -
Flags: review?(wtchang)
Updated•20 years ago
|
Attachment #206408 -
Flags: review?(wtchang) → review+
| Assignee | ||
Comment 5•20 years ago
|
||
checked in on tip and NSS_3_11_BRANCH
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c
new revision: 1.3.2.3; previous revision: 1.3.2.2
done
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c
new revision: 1.9; previous revision: 1.8
done
Comment 6•20 years ago
|
||
PORT_Realloc(oldptr, 0) either returns 0 or a fixed
non-zero value that can be passed to PORT_Free. On
HP-UX, PORT_Realloc(oldptr, 0) returns 0. So that
should not be treated as memory allocation failure.
Attachment #206558 -
Flags: review?(glen.beasley)
Comment 7•20 years ago
|
||
It turns out that we free the old 'msg'
pointer and set it to NULL before calling
PORT_Realloc, so
PORT_Realloc(msg, msgLen);
is
PORT_Realloc(NULL, msgLen)
which is equivalent to
PORT_Alloc(msgLen)
Combined with the subsequent memset(msg, 0, msgLen)
call, this becomes PORT_ZAlloc(msgLen). (That memset
call is in the wrong place anyway; it should be after
the test for msg == NULL.)
Attachment #206563 -
Flags: review?(glen.beasley)
| Assignee | ||
Updated•20 years ago
|
Attachment #206558 -
Flags: review?(glen.beasley) → review+
| Assignee | ||
Updated•20 years ago
|
Attachment #206563 -
Flags: review?(glen.beasley) → review+
Comment 8•20 years ago
|
||
Comment on attachment 206563 [details] [diff] [review]
Call PORT_ZAlloc instead of PORT_Realloc
Checked in on the tip and the NSS_3_11_BRANCH.
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c
new revision: 1.13; previous revision: 1.12
done
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c
new revision: 1.3.2.7; previous revision: 1.3.2.6
done
| Assignee | ||
Updated•20 years ago
|
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Comment 9•20 years ago
|
||
To review this patch, you need to verify that it is
safe for i and j to be unsigned.
i: it's initialized to 2, 3, or 4, and only changed
by i++ or i+=2.
it's only used as array index (buf[i]).
j: it's initialized to 0 and only changed by j++.
it's only used as array index (msg[j], seed[j], key[j]).
Attachment #212010 -
Flags: review?(glen.beasley)
| Assignee | ||
Comment 10•20 years ago
|
||
Comment on attachment 212010 [details] [diff] [review]
Fix signed/unsigned comparison warnings by MSVC
the variables i and j are
only used as "unsigned int"
in sha_test and hmac_test.
Attachment #212010 -
Flags: review?(glen.beasley) → review+
Comment 11•20 years ago
|
||
Comment on attachment 212010 [details] [diff] [review]
Fix signed/unsigned comparison warnings by MSVC
I checked in the "signed/unsigned compiler warning"
patch on the NSS trunk (3.12) and NSS_3_11_BRANCH
(3.11.1).
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c
new revision: 1.24; previous revision: 1.23
done
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/cmd/fipstest/fipstest.c,v <-- fipstest.c
new revision: 1.3.2.17; previous revision: 1.3.2.16
done
You need to log in
before you can comment on or make changes to this bug.
Description
•