Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
cb71870d
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
cb71870d
编写于
13年前
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Use function name FIPS_drbg_health_check() for health check function.
Add explanatory comments to health check code.
上级
456d883a
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
40 addition
and
20 deletion
+40
-20
CHANGES
CHANGES
+2
-2
fips/rand/fips_drbg_lib.c
fips/rand/fips_drbg_lib.c
+3
-8
fips/rand/fips_drbg_selftest.c
fips/rand/fips_drbg_selftest.c
+34
-9
fips/rand/fips_rand.h
fips/rand/fips_rand.h
+1
-1
未找到文件。
CHANGES
浏览文件 @
cb71870d
...
...
@@ -5,8 +5,8 @@
Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
*) Use separate DRBG fields for internal and external flags. New function
FIPS_drbg_
test() to perform on demand health checking. Add generation
tests to fips_test_suite with reduced health check interval to
FIPS_drbg_
health_check() to perform on demand health checking. Add
generation
tests to fips_test_suite with reduced health check interval to
demonstrate periodic health checking. Add "nodh" option to
fips_test_suite to skip very slow DH test.
[Steve Henson]
...
...
This diff is collapsed.
Click to expand it.
fips/rand/fips_drbg_lib.c
浏览文件 @
cb71870d
/* fips/rand/fips_drbg_lib.c */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
...
...
@@ -95,11 +94,9 @@ int FIPS_drbg_init(DRBG_CTX *dctx, int type, unsigned int flags)
if
(
!
(
dctx
->
xflags
&
DRBG_FLAG_TEST
))
{
DRBG_CTX
tctx
;
if
(
!
fips_drbg_kat
(
&
tctx
,
type
,
flags
|
DRBG_FLAG_TEST
))
if
(
!
FIPS_drbg_health_check
(
dctx
))
{
FIPSerr
(
FIPS_F_FIPS_DRBG_INIT
,
FIPS_R_SELFTEST_FAILURE
);
dctx
->
status
=
DRBG_STATUS_ERROR
;
return
0
;
}
}
...
...
@@ -308,7 +305,7 @@ static int drbg_reseed(DRBG_CTX *dctx,
*/
if
(
hcheck
&&
!
(
dctx
->
xflags
&
DRBG_FLAG_TEST
))
{
if
(
!
FIPS_drbg_
test
(
dctx
))
if
(
!
FIPS_drbg_
health_check
(
dctx
))
{
r
=
FIPS_R_SELFTEST_FAILURE
;
goto
end
;
...
...
@@ -357,13 +354,11 @@ static int fips_drbg_check(DRBG_CTX *dctx)
dctx
->
health_check_cnt
++
;
if
(
dctx
->
health_check_cnt
>=
dctx
->
health_check_interval
)
{
if
(
!
FIPS_drbg_
test
(
dctx
))
if
(
!
FIPS_drbg_
health_check
(
dctx
))
{
FIPSerr
(
FIPS_F_FIPS_DRBG_CHECK
,
FIPS_R_SELFTEST_FAILURE
);
dctx
->
status
=
DRBG_STATUS_ERROR
;
return
0
;
}
dctx
->
health_check_cnt
=
0
;
}
return
1
;
}
...
...
This diff is collapsed.
Click to expand it.
fips/rand/fips_drbg_selftest.c
浏览文件 @
cb71870d
...
...
@@ -206,6 +206,10 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
/* Initial test without PR */
/* Instantiate DRBG with test entropy, nonce and personalisation
* string.
*/
if
(
!
FIPS_drbg_init
(
dctx
,
td
->
nid
,
td
->
flags
))
return
0
;
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
0
,
test_nonce
,
0
))
...
...
@@ -231,6 +235,8 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
adinlen
=
td
->
adinlen
/
2
;
else
adinlen
=
td
->
adinlen
;
/* Generate with no PR and verify output matches expected data */
if
(
!
FIPS_drbg_generate
(
dctx
,
randout
,
td
->
katlen
,
0
,
td
->
adin
,
adinlen
))
goto
err
;
...
...
@@ -240,19 +246,20 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
FIPSerr
(
FIPS_F_FIPS_DRBG_SINGLE_KAT
,
FIPS_R_NOPR_TEST1_FAILURE
);
goto
err2
;
}
/* If abbreviated POST end of test */
if
(
quick
)
{
rv
=
1
;
goto
err
;
}
/* Reseed DRBG with test entropy and additional input */
t
.
ent
=
td
->
entreseed
;
t
.
entlen
=
td
->
entreseedlen
;
if
(
!
FIPS_drbg_reseed
(
dctx
,
td
->
adinreseed
,
td
->
adinreseedlen
))
goto
err
;
/* Generate with no PR and verify output matches expected data */
if
(
!
FIPS_drbg_generate
(
dctx
,
randout
,
td
->
kat2len
,
0
,
td
->
adin2
,
td
->
adin2len
))
goto
err
;
...
...
@@ -266,6 +273,10 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
FIPS_drbg_uninstantiate
(
dctx
);
/* Now test with PR */
/* Instantiate DRBG with test entropy, nonce and personalisation
* string.
*/
if
(
!
FIPS_drbg_init
(
dctx
,
td
->
nid
,
td
->
flags
))
return
0
;
if
(
!
FIPS_drbg_set_callbacks
(
dctx
,
test_entropy
,
0
,
0
,
test_nonce
,
0
))
...
...
@@ -283,6 +294,10 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
if
(
!
FIPS_drbg_instantiate
(
dctx
,
td
->
pers_pr
,
td
->
perslen_pr
))
goto
err
;
/* Now generate with PR: we need to supply entropy as this will
* perform a reseed operation. Check output matches expected value.
*/
t
.
ent
=
td
->
entpr_pr
;
t
.
entlen
=
td
->
entprlen_pr
;
...
...
@@ -304,6 +319,10 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
goto
err2
;
}
/* Now generate again with PR: supply new entropy again.
* Check output matches expected value.
*/
t
.
ent
=
td
->
entg_pr
;
t
.
entlen
=
td
->
entglen_pr
;
...
...
@@ -316,7 +335,7 @@ static int fips_drbg_single_kat(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
FIPSerr
(
FIPS_F_FIPS_DRBG_SINGLE_KAT
,
FIPS_R_PR_TEST2_FAILURE
);
goto
err2
;
}
/* All OK, test complete */
rv
=
1
;
err:
...
...
@@ -363,11 +382,13 @@ static int do_drbg_instantiate(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td,
return
1
;
}
/* This is the "health check" function required by SP800-90. Induce several
* failure modes and check an error condition is set.
/* This function performd extensive error checking as required by SP800-90.
* Induce several failure modes and check an error condition is set.
* This function along with fips_drbg_single_kat peforms the health checking
* operation.
*/
static
int
fips_drbg_
health
_check
(
DRBG_CTX
*
dctx
,
DRBG_SELFTEST_DATA
*
td
)
static
int
fips_drbg_
error
_check
(
DRBG_CTX
*
dctx
,
DRBG_SELFTEST_DATA
*
td
)
{
unsigned
char
randout
[
1024
];
TEST_ENT
t
;
...
...
@@ -773,13 +794,13 @@ int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
{
if
(
!
fips_drbg_single_kat
(
dctx
,
td
,
0
))
return
0
;
return
fips_drbg_
health
_check
(
dctx
,
td
);
return
fips_drbg_
error
_check
(
dctx
,
td
);
}
}
return
0
;
}
int
FIPS_drbg_
test
(
DRBG_CTX
*
dctx
)
int
FIPS_drbg_
health_check
(
DRBG_CTX
*
dctx
)
{
int
rv
;
DRBG_CTX
*
tctx
=
NULL
;
...
...
@@ -794,6 +815,10 @@ int FIPS_drbg_test(DRBG_CTX *dctx)
fips_post_success
(
FIPS_TEST_DRBG
,
dctx
->
type
,
&
dctx
->
xflags
);
else
fips_post_failed
(
FIPS_TEST_DRBG
,
dctx
->
type
,
&
dctx
->
xflags
);
if
(
!
rv
)
dctx
->
status
=
DRBG_STATUS_ERROR
;
else
dctx
->
health_check_cnt
=
0
;
return
rv
;
}
...
...
@@ -843,7 +868,7 @@ int FIPS_selftest_drbg_all(void)
rv
=
0
;
continue
;
}
if
(
!
fips_drbg_
health
_check
(
dctx
,
td
))
if
(
!
fips_drbg_
error
_check
(
dctx
,
td
))
{
fips_post_failed
(
FIPS_TEST_DRBG
,
td
->
nid
,
&
td
->
flags
);
rv
=
0
;
...
...
This diff is collapsed.
Click to expand it.
fips/rand/fips_rand.h
浏览文件 @
cb71870d
...
...
@@ -115,7 +115,7 @@ int FIPS_drbg_get_strength(DRBG_CTX *dctx);
void
FIPS_drbg_set_check_interval
(
DRBG_CTX
*
dctx
,
int
interval
);
void
FIPS_drbg_set_reseed_interval
(
DRBG_CTX
*
dctx
,
int
interval
);
int
FIPS_drbg_
test
(
DRBG_CTX
*
dctx
);
int
FIPS_drbg_
health_check
(
DRBG_CTX
*
dctx
);
DRBG_CTX
*
FIPS_get_default_drbg
(
void
);
const
RAND_METHOD
*
FIPS_drbg_method
(
void
);
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
新手
引导
客服
返回
顶部