Perform health check on all reseed operations not associated with

prediction resistance requests. Although SP 800-90 is arguably unclear
on whether this is necessary adding an additional check has minimal
penalty (very few applications will make an explicit reseed request).

diff --git a/fips/rand/fips_drbg_lib.c b/fips/rand/fips_drbg_lib.c
index c2e42896d1abc6d8b4785b5e434eed97d5ecf6f0..9873742c4535967abebd6947ac80c589d0469a56 100644 (file)
--- a/fips/rand/fips_drbg_lib.c
+++ b/fips/rand/fips_drbg_lib.c
@@ -273,8 +273,8 @@ int FIPS_drbg_instantiate(DRBG_CTX *dctx,
 
        }
 
-int FIPS_drbg_reseed(DRBG_CTX *dctx,
-                       const unsigned char *adin, size_t adinlen)
+static int drbg_reseed(DRBG_CTX *dctx,
+                       const unsigned char *adin, size_t adinlen, int hcheck)
        {
        unsigned char *entropy = NULL;
        size_t entlen;
@@ -303,6 +303,17 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
                }
 
        dctx->status = DRBG_STATUS_ERROR;
+       /* Peform health check on all reseed operations if not a prediction
+        * resistance request and not in test mode.
+        */
+       if (hcheck && !(dctx->xflags & DRBG_FLAG_TEST))
+               {
+               if (!FIPS_drbg_test(dctx))
+                       {
+                       r = FIPS_R_SELFTEST_FAILURE;
+                       goto end;
+                       }
+               }
 
        entlen = fips_get_entropy(dctx, &entropy, dctx->strength,
                                dctx->min_entropy, dctx->max_entropy);
@@ -333,6 +344,12 @@ int FIPS_drbg_reseed(DRBG_CTX *dctx,
        return 0;
        }
 
+int FIPS_drbg_reseed(DRBG_CTX *dctx,
+                       const unsigned char *adin, size_t adinlen)
+       {
+       return drbg_reseed(dctx, adin, adinlen, 1);
+       }
+
 static int fips_drbg_check(DRBG_CTX *dctx)
        {
        if (dctx->xflags & DRBG_FLAG_TEST)
@@ -340,7 +357,7 @@ static int fips_drbg_check(DRBG_CTX *dctx)
        dctx->health_check_cnt++;
        if (dctx->health_check_cnt >= dctx->health_check_interval)
                {
-               if (FIPS_drbg_test(dctx) <= 0)
+               if (!FIPS_drbg_test(dctx))
                        {
                        FIPSerr(FIPS_F_FIPS_DRBG_CHECK, FIPS_R_SELFTEST_FAILURE);
                        dctx->status = DRBG_STATUS_ERROR;
@@ -389,7 +406,10 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
 
        if (dctx->status == DRBG_STATUS_RESEED || prediction_resistance)
                {
-               if (!FIPS_drbg_reseed(dctx, adin, adinlen))
+               /* If prediction resistance request don't do health check */
+               int hcheck = prediction_resistance ? 0 : 1;
+               
+               if (!drbg_reseed(dctx, adin, adinlen, hcheck))
                        {
                        r = FIPS_R_RESEED_ERROR;
                        goto end;

diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c
index 76667a0167e4d6302b1e69a3175b0e35d36f450a..3bc7eab95ca77ddd9305de8f8be206c547eb0358 100644 (file)
--- a/fips/rand/fips_drbg_selftest.c
+++ b/fips/rand/fips_drbg_selftest.c
@@ -772,9 +772,8 @@ int fips_drbg_kat(DRBG_CTX *dctx, int nid, unsigned int flags)
                {
                if (td->nid == nid && td->flags == flags)
                        {
-                       rv = fips_drbg_single_kat(dctx, td, 0);
-                       if (rv <= 0)
-                               return rv;
+                       if (!fips_drbg_single_kat(dctx, td, 0))
+                               return 0;
                        return fips_drbg_health_check(dctx, td);
                        }
                }