/*
* SP 800-90 requires we rerun our health tests on reseed
*/
static SECStatus
prng_reseed_test(RNGContext *rng, const PRUint8 *entropy,
unsigned int entropy_len, const PRUint8 *additional_input,
unsigned int additional_input_len)
{
SECStatus rv;
/* do health checks in FIPS mode */
rv = PRNGTEST_RunHealthTests();
if (rv != SECSuccess) {
/* error set by PRNGTEST_RunHealTests() */
rng->isValid = PR_FALSE;
return SECFailure;
}
return prng_reseed(rng, entropy, entropy_len,
additional_input, additional_input_len);
}
SECStatus
PRNGTEST_Reseed(const PRUint8 *entropy, unsigned int entropy_len,
const PRUint8 *additional, unsigned int additional_len)
{
if (!testContext.isValid) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* This magic input tells us to set the reseed count to it's max count,
* so we can simulate PRNGTEST_Generate reaching max reseed count */
if ((entropy == NULL) && (entropy_len == 0) &&
(additional == NULL) && (additional_len == 0)) {
testContext.reseed_counter[0] = RESEED_VALUE;
return SECSuccess;
}
return prng_reseed(&testContext, entropy, entropy_len, additional,
additional_len);
}
SECStatus
PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len,
const PRUint8 *additional, unsigned int additional_len)
{
SECStatus rv;
if (!testContext.isValid) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
/* replicate reseed test from prng_GenerateGlobalRandomBytes */
if (testContext.reseed_counter[0] >= RESEED_VALUE) {
rv = prng_reseed(&testContext, NULL, 0, NULL, 0);
if (rv != SECSuccess) {
return rv;
}
}
return prng_generateNewBytes(&testContext, bytes, bytes_len,
additional, additional_len);
}
