From: Dr. Stephen Henson Date: Wed, 2 Nov 2011 16:58:17 +0000 (+0000) Subject: Remove duplicate test from health check. X-Git-Tag: master-pre-reformat~2067 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=12cc43782c06a4ad821328bbc4d3f79fc5fa2c88;p=openssl Remove duplicate test from health check. Fix memory leaks by uninstantiating DRBG before reinitialising it. --- diff --git a/fips/rand/fips_drbg_selftest.c b/fips/rand/fips_drbg_selftest.c index ee0561bcbe..a787323d6d 100644 --- a/fips/rand/fips_drbg_selftest.c +++ b/fips/rand/fips_drbg_selftest.c @@ -582,7 +582,6 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) } dctx->iflags &= ~DRBG_FLAG_NOERR; - if (!FIPS_drbg_uninstantiate(dctx)) { FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); @@ -617,28 +616,20 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } - /* Explicit reseed tests */ - - /* Test explicit reseed with too large additional input */ - if (!do_drbg_init(dctx, td, &t)) - goto err; - - dctx->iflags |= DRBG_FLAG_NOERR; - - if (FIPS_drbg_reseed(dctx, td->adin, dctx->max_adin + 1) > 0) + dctx->iflags &= ~DRBG_FLAG_NOERR; + if (!FIPS_drbg_uninstantiate(dctx)) { - FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_ADDITIONAL_INPUT_ERROR_UNDETECTED); + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); goto err; } - /* Test explicit reseed with entropy source failure */ - /* Check prediction resistance request fails if entropy source * failure. */ t.entlen = 0; + dctx->iflags |= DRBG_FLAG_NOERR; if (FIPS_drbg_generate(dctx, randout, td->katlen, 1, td->adin, td->adinlen)) { @@ -680,6 +671,13 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) goto err; } + dctx->iflags &= ~DRBG_FLAG_NOERR; + if (!FIPS_drbg_uninstantiate(dctx)) + { + FIPSerr(FIPS_F_FIPS_DRBG_ERROR_CHECK, FIPS_R_UNINSTANTIATE_ERROR); + goto err; + } + /* Explicit reseed tests */ /* Test explicit reseed with too large additional input */ @@ -696,11 +694,6 @@ static int fips_drbg_error_check(DRBG_CTX *dctx, DRBG_SELFTEST_DATA *td) /* Test explicit reseed with entropy source failure */ - if (!do_drbg_init(dctx, td, &t)) - goto err; - - dctx->iflags |= DRBG_FLAG_NOERR; - t.entlen = 0; if (FIPS_drbg_reseed(dctx, td->adin, td->adinlen) > 0)