diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2011-11-02 16:35:24 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2011-11-02 16:35:24 +0000 |
| commit | 8ab0d50c4369b95fea3e806c3a07540e6781889f (patch) | |
| tree | d04b7cf85f75aaf75444d58c0e7eb13b18c0e413 /fips | |
| parent | cb47a7107f26bfcfba680cf9dfd450ceea9d5ead (diff) | |
Remove duplicate test from health check. Fix memory leaks by uninstantiating
DRBG before reinitialising it.
Diffstat (limited to 'fips')
| -rw-r--r-- | fips/rand/fips_drbg_selftest.c | 29 |
1 files changed, 11 insertions, 18 deletions
diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index ee0561bcbe..a787323d6d 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -582,7 +582,6 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) } dctx->iflags &= ~DRBG_FLAG_NOERR; - if (!FIPS_drbg_uninstantiate(dctx)) { FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); @@ -617,28 +616,20 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - /* Explicit reseed tests */ - - /* Test explicit reseed with too large additional input */ - if (!do_drbg_init(dctx, td, &t)) - goto err; - - dctx->iflags |= DRBG_FLAG_NOERR; - - if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) + dctx->iflags &= ~DRBG_FLAG_NOERR; + if (!FIPS_drbg_uninstantiate(dctx)) { - FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); goto err; } - /* Test explicit reseed with entropy source failure */ - /* Check prediction resistance request fails if entropy source * failure. */ t.entlen = 0; + dctx->iflags |= DRBG_FLAG_NOERR; if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, td->adin, td->adinlen)) { @@ -680,6 +671,13 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } + dctx->iflags &= ~DRBG_FLAG_NOERR; + if (!FIPS_drbg_uninstantiate(dctx)) + { + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); + goto err; + } + /* Explicit reseed tests */ /* Test explicit reseed with too large additional input */ @@ -696,11 +694,6 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) /* Test explicit reseed with entropy source failure */ - if (!do_drbg_init(dctx, td, &t)) - goto err; - - dctx->iflags |= DRBG_FLAG_NOERR; - t.entlen = 0; if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0) |