From e06de4dd3597374ab67281736be8dee0e2552bcd Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Thu, 31 Mar 2011 17:23:12 +0000 Subject: Remove redundant definitions. Give error code if DRBG sefltest fails. --- fips/fips.h | 1 + fips/rand/fips_drbg_selftest.c | 2 ++ fips/rand/fips_rand_lcl.h | 6 ------ 3 files changed, 3 insertions(+), 6 deletions(-) (limited to 'fips') diff --git a/fips/fips.h b/fips/fips.h index 110ee3c5b4..2c71041a70 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -203,6 +203,7 @@ void ERR_load_FIPS_strings(void); #define FIPS_F_FIPS_DRBG_INSTANTIATE 133 #define FIPS_F_FIPS_DRBG_NEW 134 #define FIPS_F_FIPS_DRBG_RESEED 135 +#define FIPS_F_FIPS_DRBG_SINGLE_KAT 140 #define FIPS_F_FIPS_DSA_CHECK 107 #define FIPS_F_FIPS_MODE_SET 108 #define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109 diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index a3732c1a4a..c46fe58521 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -797,6 +797,8 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) rv = 1; err: + if (rv == 0) + FIPSerr(FIPS_F_FIPS_DRBG_SINGLE_KAT, FIPS_R_SELFTEST_FAILED); FIPS_drbg_uninstantiate(dctx); return rv; diff --git a/fips/rand/fips_rand_lcl.h b/fips/rand/fips_rand_lcl.h index b3962260ed..a946ac1ed8 100644 --- a/fips/rand/fips_rand_lcl.h +++ b/fips/rand/fips_rand_lcl.h @@ -97,10 +97,6 @@ struct drbg_ctr_ctx_st /* fatal error condition */ #define DRBG_STATUS_ERROR 3 -/* Maximum values for temp entropy and nonce */ -#define DRBG_MAX_ENTROPY 1024 -#define DRBG_MAX_NONCE 1024 - /* A default maximum length: larger than any reasonable value used in pratice */ #define DRBG_MAX_LENGTH 0x7ffffff0 @@ -159,8 +155,6 @@ struct drbg_ctx_st /* Indicates we have finished with entropy buffer */ void (*cleanup_entropy)(DRBG_CTX *ctx, unsigned char *out, size_t olen); - unsigned char nonce[DRBG_MAX_NONCE]; - /* nonce gathering function */ size_t (*get_nonce)(DRBG_CTX *ctx, unsigned char **pout, int entropy, size_t min_len, size_t max_len); -- cgit v1.2.3