Closed
Bug 499385
Opened 16 years ago
Closed 16 years ago
DRBG Reseed function needs to be tested on POST
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.4
People
(Reporter: rrelyea, Assigned: rrelyea)
Details
(Whiteboard: FIPS Thaw)
Attachments
(1 file)
5.92 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
In FIPS mode, the DRBG reseed function needs to be tested on Powerup along with the other functions.
Assignee | ||
Updated•16 years ago
|
Whiteboard: FIPS Thaw
Assignee | ||
Comment 1•16 years ago
|
||
Updated•16 years ago
|
Attachment #384170 -
Flags: review?(nelson)
Updated•16 years ago
|
Priority: -- → P1
Comment 2•16 years ago
|
||
Comment on attachment 384170 [details] [diff] [review]
Add reseed tests.
Bob, here is a question for you about your intention for this patch.
Please answer this question with re-reading the patch first. :)
Given that the size of the array entropy[] is 80 bytes,
the size of the array reseed_entropy[] is 32 bytes,
the size of the array additional_input[] is 32 bytes,
what sizes did you intend for these arrays?:
rng_known_result[]
rng_reseed_result[]
result[]
Did you intend them to be 64? 32? a power of 2? a multiple of 8?
Would you be surprised to learn that it is an ODD number, and
is not merely one greater or one less than a power of 2?
(Answer that now, and then go look at the patch.)
If you actually intended for those result arrays to have length of
fifty five bytes, then this patch is OK, otherwise ...
Please advise.
Assignee | ||
Comment 3•16 years ago
|
||
result rng_known_result and rng_reseed_result are 440 bits (the length of the internal state of the prng).
The original inputs were taken from a standard sha256 sample test given to us by the lab. That test had an output of 3000 some bits. When I added the prng I shrunk that down to 440 since I was adding a second test, and I figured 440 is enough bits to be confident the internal state was really correct.
440 buts are 55 bytes, so thus the odd number
bob
Comment 4•16 years ago
|
||
Comment on attachment 384170 [details] [diff] [review]
Add reseed tests.
ok, thanks. r=nelson
Attachment #384170 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 5•16 years ago
|
||
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstest.c,v <-- fipstest.c
new revision: 1.27; previous revision: 1.26
done
Assignee | ||
Comment 6•16 years ago
|
||
arg, I forgot to mark it closed...
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•