[openssl] master update

Dr. Paul Dale pauli at openssl.org
Fri Aug 28 00:20:42 UTC 2020


The branch master has been updated
       via  4516bf7422223a47f98931c1315985bd9dc303af (commit)
      from  edd53e9135d9546e3611ca1d45876bac15047aa8 (commit)


- Log -----------------------------------------------------------------
commit 4516bf7422223a47f98931c1315985bd9dc303af
Author: Pauli <paul.dale at oracle.com>
Date:   Wed Aug 26 14:11:49 2020 +1000

    rand: instantiate the DRBGs upon first use.
    
    Fixes #12714
    
    [skip ci]
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/12717)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/rand_lib.c      |  9 +++++++--
 test/build.info             |  6 +++++-
 test/rand_status_test.c     | 27 +++++++++++++++++++++++++++
 test/recipes/05-test_rand.t |  3 ++-
 4 files changed, 41 insertions(+), 4 deletions(-)
 create mode 100644 test/rand_status_test.c

diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 89277e93c5..a37a575e5b 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -246,7 +246,7 @@ int RAND_status(void)
         return meth->status != NULL ? meth->status() : 0;
 
     if ((rand = RAND_get0_primary(NULL)) == NULL)
-        return EVP_RAND_STATE_UNINITIALISED;
+        return 0;
     return EVP_RAND_state(rand) == EVP_RAND_STATE_READY;
 }
 #else  /* !FIPS_MODULE */
@@ -467,7 +467,12 @@ static EVP_RAND_CTX *rand_new_drbg(OPENSSL_CTX *libctx, EVP_RAND_CTX *parent,
     if (!EVP_RAND_set_ctx_params(ctx, params)) {
         RANDerr(0, RAND_R_ERROR_INITIALISING_DRBG);
         EVP_RAND_CTX_free(ctx);
-        ctx = NULL;
+        return NULL;
+    }
+    if (!EVP_RAND_instantiate(ctx, 0, 0, NULL, 0)) {
+        RANDerr(0, RAND_R_ERROR_INSTANTIATING_DRBG);
+        EVP_RAND_CTX_free(ctx);
+        return NULL;
     }
     return ctx;
 }
diff --git a/test/build.info b/test/build.info
index 134a473195..16ff48e24b 100644
--- a/test/build.info
+++ b/test/build.info
@@ -52,7 +52,7 @@ IF[{- !$disabled{tests} -}]
           cipherbytes_test \
           asn1_encode_test asn1_decode_test asn1_string_table_test \
           x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
-          recordlentest drbgtest sslbuffertest \
+          recordlentest drbgtest rand_status_test sslbuffertest \
           time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
           http_test servername_test ocspapitest fatalerrtest tls13ccstest \
           sysdefaulttest errtest ssl_ctx_test gosttest \
@@ -380,6 +380,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[drbgtest]=../include ../apps/include
   DEPEND[drbgtest]=../libcrypto.a libtestutil.a
 
+  SOURCE[rand_status_test]=rand_status_test.c
+  INCLUDE[rand_status_test]=../include ../apps/include
+  DEPEND[rand_status_test]=../libcrypto libtestutil.a
+
   SOURCE[x509_dup_cert_test]=x509_dup_cert_test.c
   INCLUDE[x509_dup_cert_test]=../include ../apps/include
   DEPEND[x509_dup_cert_test]=../libcrypto libtestutil.a
diff --git a/test/rand_status_test.c b/test/rand_status_test.c
new file mode 100644
index 0000000000..449b523d70
--- /dev/null
+++ b/test/rand_status_test.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rand.h>
+#include "testutil.h"
+
+/*
+ * This needs to be in a test executable all by itself so that it can be
+ * guaranteed to run before any generate calls have been made.
+ */
+
+static int test_rand_status(void)
+{
+    return TEST_true(RAND_status());
+}
+
+int setup_tests(void)
+{
+    ADD_TEST(test_rand_status);
+    return 1;
+}
diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t
index 4a080cb910..750b1a28e8 100644
--- a/test/recipes/05-test_rand.t
+++ b/test/recipes/05-test_rand.t
@@ -11,7 +11,8 @@ use warnings;
 use OpenSSL::Test;
 use OpenSSL::Test::Utils;
 
-plan tests => 1;
+plan tests => 2;
 setup("test_rand");
 
 ok(run(test(["drbgtest"])));
+ok(run(test(["rand_status_test"])));


More information about the openssl-commits mailing list