Closed Bug 499385 Opened 11 years ago Closed 11 years ago
DRBG Reseed function needs to be tested on POST
In FIPS mode, the DRBG reseed function needs to be tested on Powerup along with the other functions.
Attachment #384170 - Flags: review?(nelson)
Comment on attachment 384170 [details] [diff] [review] Add reseed tests. Bob, here is a question for you about your intention for this patch. Please answer this question with re-reading the patch first. :) Given that the size of the array entropy is 80 bytes, the size of the array reseed_entropy is 32 bytes, the size of the array additional_input is 32 bytes, what sizes did you intend for these arrays?: rng_known_result rng_reseed_result result Did you intend them to be 64? 32? a power of 2? a multiple of 8? Would you be surprised to learn that it is an ODD number, and is not merely one greater or one less than a power of 2? (Answer that now, and then go look at the patch.) If you actually intended for those result arrays to have length of fifty five bytes, then this patch is OK, otherwise ... Please advise.
result rng_known_result and rng_reseed_result are 440 bits (the length of the internal state of the prng). The original inputs were taken from a standard sha256 sample test given to us by the lab. That test had an output of 3000 some bits. When I added the prng I shrunk that down to 440 since I was adding a second test, and I figured 440 is enough bits to be confident the internal state was really correct. 440 buts are 55 bytes, so thus the odd number bob
Comment on attachment 384170 [details] [diff] [review] Add reseed tests. ok, thanks. r=nelson
Attachment #384170 - Flags: review?(nelson) → review+
Checking in fipstest.c; /cvsroot/mozilla/security/nss/lib/softoken/fipstest.c,v <-- fipstest.c new revision: 1.27; previous revision: 1.26 done
arg, I forgot to mark it closed...
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.