[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Fri Aug 28 00:20:42 UTC 2020
The branch master has been updated
via 4516bf7422223a47f98931c1315985bd9dc303af (commit)
from edd53e9135d9546e3611ca1d45876bac15047aa8 (commit)
- Log -----------------------------------------------------------------
commit 4516bf7422223a47f98931c1315985bd9dc303af
Author: Pauli <paul.dale at oracle.com>
Date: Wed Aug 26 14:11:49 2020 +1000
rand: instantiate the DRBGs upon first use.
Fixes #12714
[skip ci]
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12717)
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/rand_lib.c | 9 +++++++--
test/build.info | 6 +++++-
test/rand_status_test.c | 27 +++++++++++++++++++++++++++
test/recipes/05-test_rand.t | 3 ++-
4 files changed, 41 insertions(+), 4 deletions(-)
create mode 100644 test/rand_status_test.c
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 89277e93c5..a37a575e5b 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -246,7 +246,7 @@ int RAND_status(void)
return meth->status != NULL ? meth->status() : 0;
if ((rand = RAND_get0_primary(NULL)) == NULL)
- return EVP_RAND_STATE_UNINITIALISED;
+ return 0;
return EVP_RAND_state(rand) == EVP_RAND_STATE_READY;
}
#else /* !FIPS_MODULE */
@@ -467,7 +467,12 @@ static EVP_RAND_CTX *rand_new_drbg(OPENSSL_CTX *libctx, EVP_RAND_CTX *parent,
if (!EVP_RAND_set_ctx_params(ctx, params)) {
RANDerr(0, RAND_R_ERROR_INITIALISING_DRBG);
EVP_RAND_CTX_free(ctx);
- ctx = NULL;
+ return NULL;
+ }
+ if (!EVP_RAND_instantiate(ctx, 0, 0, NULL, 0)) {
+ RANDerr(0, RAND_R_ERROR_INSTANTIATING_DRBG);
+ EVP_RAND_CTX_free(ctx);
+ return NULL;
}
return ctx;
}
diff --git a/test/build.info b/test/build.info
index 134a473195..16ff48e24b 100644
--- a/test/build.info
+++ b/test/build.info
@@ -52,7 +52,7 @@ IF[{- !$disabled{tests} -}]
cipherbytes_test \
asn1_encode_test asn1_decode_test asn1_string_table_test \
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
- recordlentest drbgtest sslbuffertest \
+ recordlentest drbgtest rand_status_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
http_test servername_test ocspapitest fatalerrtest tls13ccstest \
sysdefaulttest errtest ssl_ctx_test gosttest \
@@ -380,6 +380,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[drbgtest]=../include ../apps/include
DEPEND[drbgtest]=../libcrypto.a libtestutil.a
+ SOURCE[rand_status_test]=rand_status_test.c
+ INCLUDE[rand_status_test]=../include ../apps/include
+ DEPEND[rand_status_test]=../libcrypto libtestutil.a
+
SOURCE[x509_dup_cert_test]=x509_dup_cert_test.c
INCLUDE[x509_dup_cert_test]=../include ../apps/include
DEPEND[x509_dup_cert_test]=../libcrypto libtestutil.a
diff --git a/test/rand_status_test.c b/test/rand_status_test.c
new file mode 100644
index 0000000000..449b523d70
--- /dev/null
+++ b/test/rand_status_test.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rand.h>
+#include "testutil.h"
+
+/*
+ * This needs to be in a test executable all by itself so that it can be
+ * guaranteed to run before any generate calls have been made.
+ */
+
+static int test_rand_status(void)
+{
+ return TEST_true(RAND_status());
+}
+
+int setup_tests(void)
+{
+ ADD_TEST(test_rand_status);
+ return 1;
+}
diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t
index 4a080cb910..750b1a28e8 100644
--- a/test/recipes/05-test_rand.t
+++ b/test/recipes/05-test_rand.t
@@ -11,7 +11,8 @@ use warnings;
use OpenSSL::Test;
use OpenSSL::Test::Utils;
-plan tests => 1;
+plan tests => 2;
setup("test_rand");
ok(run(test(["drbgtest"])));
+ok(run(test(["rand_status_test"])));
More information about the openssl-commits
mailing list