/* * SP 800-90 requires we rerun our health tests on reseed */ static SECStatus prng_reseed_test(RNGContext *rng, const PRUint8 *entropy, unsigned int entropy_len, const PRUint8 *additional_input, unsigned int additional_input_len) { SECStatus rv; /* do health checks in FIPS mode */ rv = PRNGTEST_RunHealthTests(); if (rv != SECSuccess) { /* error set by PRNGTEST_RunHealTests() */ rng->isValid = PR_FALSE; return SECFailure; } return prng_reseed(rng, entropy, entropy_len, additional_input, additional_input_len); }
SECStatus PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len, const PRUint8 *additional, unsigned int additional_len) { if (!testContext.isValid) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } /* This magic input tells us to set the reseed count to it's max count, * so we can simulate PRNGTEST_Generate reaching max reseed count */ if ((entropy == NULL) && (entropy_len == 0) && (additional == NULL) && (additional_len == 0)) { testContext.reseed_counter[0] = RESEED_VALUE; return SECSuccess; } return prng_reseed(&testContext, entropy, entropy_len, additional, additional_len); }
SECStatus PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len, const PRUint8 *additional, unsigned int additional_len) { SECStatus rv; if (!testContext.isValid) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } /* replicate reseed test from prng_GenerateGlobalRandomBytes */ if (testContext.reseed_counter[0] >= RESEED_VALUE) { rv = prng_reseed(&testContext, NULL, 0, NULL, 0); if (rv != SECSuccess) { return rv; } } return prng_generateNewBytes(&testContext, bytes, bytes_len, additional, additional_len); }