From 8ab0d50c4369b95fea3e806c3a07540e6781889f Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 2 Nov 2011 16:35:24 +0000 Subject: [PATCH] Remove duplicate test from health check. Fix memory leaks by uninstantiating DRBG before reinitialising it. --- fips/rand/fips_drbg_selftest.c | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index ee0561bcbe..a787323d6d 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -582,7 +582,6 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) } dctx->iflags &= ~DRBG_FLAG_NOERR; - if (!FIPS_drbg_uninstantiate(dctx)) { FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); @@ -617,28 +616,20 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - /* Explicit reseed tests */ - - /* Test explicit reseed with too large additional input */ - if (!do_drbg_init(dctx, td, &t)) - goto err; - - dctx->iflags |= DRBG_FLAG_NOERR; - - if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) + dctx->iflags &= ~DRBG_FLAG_NOERR; + if (!FIPS_drbg_uninstantiate(dctx)) { - FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); goto err; } - /* Test explicit reseed with entropy source failure */ - /* Check prediction resistance request fails if entropy source * failure. */ t.entlen = 0; + dctx->iflags |= DRBG_FLAG_NOERR; if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, td->adin, td->adinlen)) { @@ -680,6 +671,13 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } + dctx->iflags &= ~DRBG_FLAG_NOERR; + if (!FIPS_drbg_uninstantiate(dctx)) + { + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); + goto err; + } + /* Explicit reseed tests */ /* Test explicit reseed with too large additional input */ @@ -696,11 +694,6 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) /* Test explicit reseed with entropy source failure */ - if (!do_drbg_init(dctx, td, &t)) - goto err; - - dctx->iflags |= DRBG_FLAG_NOERR; - t.entlen = 0; if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)