Closed Bug 499385 Opened 15 years ago Closed 15 years ago

DRBG Reseed function needs to be tested on POST

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Version:
3.12.4
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.4

People

(Reporter: rrelyea, Assigned: rrelyea)

Details

(Whiteboard: FIPS Thaw)

Attachments

(1 file)

Add reseed tests.
5.92 KB, patch
nelson
: review+
Details | Diff | Splinter Review 
In FIPS mode, the DRBG reseed function needs to be tested on Powerup along with the other functions.
Whiteboard: FIPS Thaw

        Attachment #384170 -
        Flags: review?(nelson)
Priority: -- → P1

    
    

    
  
Comment on attachment 384170 [details] [diff] [review]
Add reseed tests.

Bob, here is a question for you about your intention for this patch.
Please answer this question with re-reading the patch first. :)

Given that the size of the array entropy[]          is 80 bytes,
           the size of the array reseed_entropy[]   is 32 bytes, 
           the size of the array additional_input[] is 32 bytes, 
what sizes did you intend for these arrays?:
           rng_known_result[]
           rng_reseed_result[]
           result[] 

Did you intend them to be 64?  32?  a power of 2?  a multiple of 8? 

Would you be surprised to learn that it is an ODD number, and 
is not merely one greater or one less than a power of 2?  

(Answer that now, and then go look at the patch.)

If you actually intended for those result arrays to have length of 
fifty five bytes, then this patch is OK, otherwise ...

Please advise.

    
    

    
  
result rng_known_result and rng_reseed_result are 440 bits (the length of the internal state of the prng).

The original inputs were taken from a standard sha256 sample test given to us by the lab. That test had an output of 3000 some bits. When I added the prng I shrunk that down to 440 since I was adding a second test, and I figured 440 is enough bits to be confident the internal state was really correct.

440 buts are 55 bytes, so thus the odd number

bob

    
    

    
  
Comment on attachment 384170 [details] [diff] [review]
Add reseed tests.

ok, thanks.  r=nelson

        Attachment #384170 -
        Flags: review?(nelson) → review+

    
    

    
  
Checking in fipstest.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstest.c,v  <--  fipstest.c
new revision: 1.27; previous revision: 1.26
done

    
    

    
  
arg, I forgot to mark it closed...
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: