[openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Wed Jul 22 23:13:03 UTC 2020


The branch master has been updated
       via  a27cb956c02220c502449176a8834b1d9643ac23 (commit)
       via  d1768e8298a35fcd8e6e19575e4a9b2e93e4d788 (commit)
       via  8e3e1dfeaaa4130e2bf1951d21a0615b7ce72c8f (commit)
       via  9fb6692c1b129fa61277ae0482975a935274c6fd (commit)
       via  11a6d6fd706d1fa095122d65d3076fb38f2c739c (commit)
      from  dcb71e1c21ad46bc9258d388b98156ae48de0af4 (commit)


- Log -----------------------------------------------------------------
commit a27cb956c02220c502449176a8834b1d9643ac23
Author: Dr. Matthias St. Pierre <matthias.st.pierre at ncp-e.com>
Date:   Mon Jul 20 23:21:37 2020 +0200

    Fix: uninstantiation breaks the RAND_DRBG callback mechanism
    
    The RAND_DRBG callbacks are wrappers around the EVP_RAND callbacks.
    During uninstantiation, the EVP_RAND callbacks got lost while the
    RAND_DRBG callbacks remained, because RAND_DRBG_uninstantiate()
    calls RAND_DRBG_set(), which recreates the EVP_RAND object.
    This was causing drbgtest failures.
    
    This commit fixes the problem by adding code to RAND_DRBG_set() for
    saving and restoring the EVP_RAND callbacks.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11195)

commit d1768e8298a35fcd8e6e19575e4a9b2e93e4d788
Author: Dr. Matthias St. Pierre <matthias.st.pierre at ncp-e.com>
Date:   Mon Jul 13 02:02:15 2020 +0200

    test/drbgtest.c: set the correct counter to trigger reseeding
    
    It's the generate counter (drbg->reseed_gen_counter), not the
    reseed counter which needs to be raised above the reseed_interval.
    This mix-up was partially caused by some recent renamings of DRBG
    members variables, but that will be dealt with in a separate commit.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11195)

commit 8e3e1dfeaaa4130e2bf1951d21a0615b7ce72c8f
Author: Dr. Matthias St. Pierre <matthias.st.pierre at ncp-e.com>
Date:   Sat Jul 4 12:29:14 2020 +0200

    test/drbgtest.c: Remove error check for large generate requests
    
    The behaviour of RAND_DRBG_generate() has changed. Previously, it
    would fail for requests larger than max_request, now it automatically
    splits large input into chunks (which was previously done only
    by RAND_DRBG_bytes() before calling RAND_DRBG_generate()).
    
    So this test has not only become obsolete, the fact that it succeeded
    unexpectedly also caused a buffer overflow that terminated the test.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11195)

commit 9fb6692c1b129fa61277ae0482975a935274c6fd
Author: Vitezslav Cizek <vcizek at suse.com>
Date:   Mon Jun 1 11:45:09 2020 +0200

    Fix DRBG reseed counter condition.
    
    The reseed counter condition was broken since a93ba40, where the
    initial value was wrongly changed from one to zero.
    Commit 8bf3665 fixed the initialization, but also adjusted the check,
    so the problem remained.
    This change restores original (OpenSSL-fips-2_0-stable) behavior.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/11195)

commit 11a6d6fd706d1fa095122d65d3076fb38f2c739c
Author: Vitezslav Cizek <vcizek at suse.com>
Date:   Thu Feb 27 15:37:43 2020 +0100

    test/drbgtest.c: Fix error check test
    
    The condition in test_error_checks() was inverted, so it succeeded
    as long as error_check() failed. Incidently, error_check() contained
    several bugs that assured it always failed, thus giving overall drbg
    test success.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/11195)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/drbg_lib.c                 | 13 +++++++++
 providers/implementations/rands/drbg.c |  2 +-
 test/drbgtest.c                        | 53 +++++++++++++++++++---------------
 3 files changed, 43 insertions(+), 25 deletions(-)

diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 4b5d832df2..d2566920cd 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -296,6 +296,11 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
     EVP_RAND_CTX *pctx;
     int use_df;
 
+    RAND_DRBG_get_entropy_fn get_entropy = drbg->get_entropy;
+    RAND_DRBG_cleanup_entropy_fn cleanup_entropy = drbg->cleanup_entropy;
+    RAND_DRBG_get_nonce_fn get_nonce = drbg->get_nonce;
+    RAND_DRBG_cleanup_nonce_fn cleanup_nonce = drbg->cleanup_nonce;
+
     if (type == 0 && flags == 0) {
         type = rand_drbg_type[RAND_DRBG_TYPE_PRIMARY];
         flags = rand_drbg_flags[RAND_DRBG_TYPE_PRIMARY];
@@ -344,6 +349,14 @@ int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
         RANDerr(0, RAND_R_ERROR_INITIALISING_DRBG);
         goto err;
     }
+
+    if (!RAND_DRBG_set_callbacks(drbg,
+                                 get_entropy, cleanup_entropy,
+                                 get_nonce, cleanup_nonce)) {
+        RANDerr(0, RAND_R_ERROR_INITIALISING_DRBG);
+        goto err;
+    }
+
     return 1;
 err:
     EVP_RAND_CTX_free(drbg->rand);
diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
index 3394271835..929b32e708 100644
--- a/providers/implementations/rands/drbg.c
+++ b/providers/implementations/rands/drbg.c
@@ -742,7 +742,7 @@ int PROV_DRBG_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
     }
 
     if (drbg->reseed_interval > 0) {
-        if (drbg->reseed_gen_counter > drbg->reseed_interval)
+        if (drbg->reseed_gen_counter >= drbg->reseed_interval)
             reseed_required = 1;
     }
     if (drbg->reseed_time_interval > 0) {
diff --git a/test/drbgtest.c b/test/drbgtest.c
index f9e65757c2..3107ccaaf4 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -176,7 +176,6 @@ DRBG_SIZE_T(min_noncelen)
 DRBG_SIZE_T(max_noncelen)
 DRBG_SIZE_T(max_perslen)
 DRBG_SIZE_T(max_adinlen)
-DRBG_SIZE_T(max_request)
 
 #define DRBG_UINT(name)                                 \
     static unsigned int name(RAND_DRBG *drbg)           \
@@ -191,6 +190,13 @@ static PROV_DRBG *prov_rand(RAND_DRBG *drbg)
     return (PROV_DRBG *)drbg->rand->data;
 }
 
+static void set_generate_counter(RAND_DRBG *drbg, unsigned int n)
+{
+    PROV_DRBG *p = prov_rand(drbg);
+
+    p->reseed_gen_counter = n;
+}
+
 static void set_reseed_counter(RAND_DRBG *drbg, unsigned int n)
 {
     PROV_DRBG *p = prov_rand(drbg);
@@ -427,7 +433,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
 
     /* Test detection of too large personalisation string */
     if (!init(drbg, td, &t)
-            || RAND_DRBG_instantiate(drbg, td->pers, max_perslen(drbg) + 1) > 0)
+            || !TEST_false(RAND_DRBG_instantiate(drbg, td->pers, max_perslen(drbg) + 1)))
         goto err;
 
     /*
@@ -436,7 +442,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
 
     /* Test entropy source failure detection: i.e. returns no data */
     t.entropylen = 0;
-    if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0))
+    if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)))
         goto err;
 
     /* Try to generate output from uninstantiated DRBG */
@@ -446,16 +452,18 @@ static int error_check(DRBG_SELFTEST_DATA *td)
         goto err;
 
     /* Test insufficient entropy */
+    if (!init(drbg, td, &t))
+        goto err;
     t.entropylen = min_entropylen(drbg) - 1;
-    if (!init(drbg, td, &t)
-            || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
+    if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
             || !uninstantiate(drbg))
         goto err;
 
     /* Test too much entropy */
+    if (!init(drbg, td, &t))
+        goto err;
     t.entropylen = max_entropylen(drbg) + 1;
-    if (!init(drbg, td, &t)
-            || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
+    if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
             || !uninstantiate(drbg))
         goto err;
 
@@ -465,18 +473,20 @@ static int error_check(DRBG_SELFTEST_DATA *td)
 
     /* Test too small nonce */
     if (min_noncelen(drbg) != 0) {
+        if (!init(drbg, td, &t))
+            goto err;
         t.noncelen = min_noncelen(drbg) - 1;
-        if (!init(drbg, td, &t)
-                || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
+        if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
                 || !uninstantiate(drbg))
             goto err;
     }
 
     /* Test too large nonce */
     if (max_noncelen(drbg) != 0) {
+        if (!init(drbg, td, &t))
+            goto err;
         t.noncelen = max_noncelen(drbg) + 1;
-        if (!init(drbg, td, &t)
-                || RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
+        if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
                 || !uninstantiate(drbg))
             goto err;
     }
@@ -487,11 +497,6 @@ static int error_check(DRBG_SELFTEST_DATA *td)
                                              td->adin, td->adinlen)))
         goto err;
 
-    /* Request too much data for one request */
-    if (!TEST_false(RAND_DRBG_generate(drbg, buff, max_request(drbg) + 1, 0,
-                                       td->adin, td->adinlen)))
-        goto err;
-
     /* Try too large additional input */
     if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
                                        td->adin, max_adinlen(drbg) + 1)))
@@ -502,7 +507,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
      * failure.
      */
     t.entropylen = 0;
-    if (TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1,
+    if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1,
                                       td->adin, td->adinlen))
             || !uninstantiate(drbg))
         goto err;
@@ -511,7 +516,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     if (!instantiate(drbg, td, &t))
         goto err;
     reseed_counter_tmp = reseed_counter(drbg);
-    set_reseed_counter(drbg, reseed_requests(drbg));
+    set_generate_counter(drbg, reseed_requests(drbg));
 
     /* Generate output and check entropy has been requested for reseed */
     t.entropycnt = 0;
@@ -536,7 +541,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     if (!instantiate(drbg, td, &t))
         goto err;
     reseed_counter_tmp = reseed_counter(drbg);
-    set_reseed_counter(drbg, reseed_requests(drbg));
+    set_generate_counter(drbg, reseed_requests(drbg));
 
     /* Generate output and check entropy has been requested for reseed */
     t.entropycnt = 0;
@@ -553,12 +558,12 @@ static int error_check(DRBG_SELFTEST_DATA *td)
 
     /* Test explicit reseed with too large additional input */
     if (!instantiate(drbg, td, &t)
-            || RAND_DRBG_reseed(drbg, td->adin, max_adinlen(drbg) + 1, 0) > 0)
+            || !TEST_false(RAND_DRBG_reseed(drbg, td->adin, max_adinlen(drbg) + 1, 0)))
         goto err;
 
     /* Test explicit reseed with entropy source failure */
     t.entropylen = 0;
-    if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
+    if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0))
             || !uninstantiate(drbg))
         goto err;
 
@@ -566,7 +571,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     if (!instantiate(drbg, td, &t))
         goto err;
     t.entropylen = max_entropylen(drbg) + 1;
-    if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
+    if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0))
             || !uninstantiate(drbg))
         goto err;
 
@@ -574,7 +579,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
     if (!instantiate(drbg, td, &t))
         goto err;
     t.entropylen = min_entropylen(drbg) - 1;
-    if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
+    if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0))
             || !uninstantiate(drbg))
         goto err;
 
@@ -611,7 +616,7 @@ static int test_error_checks(int i)
     if (crngt_skip())
         return TEST_skip("CRNGT cannot be disabled");
 
-    if (error_check(td))
+    if (!error_check(td))
         goto err;
     rv = 1;
 


More information about the openssl-commits mailing list