[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Oct 26 10:03:20 UTC 2021
The branch master has been updated
via d4dfd983e32b32b633aaa9edec422cc30419c6f7 (commit)
from e2e3f84fa5e96eb97b3cde46a213867fa79f235c (commit)
- Log -----------------------------------------------------------------
commit d4dfd983e32b32b633aaa9edec422cc30419c6f7
Author: Pauli <pauli at openssl.org>
Date: Mon Oct 25 12:01:11 2021 +1000
test-rand: return failure on not enough data, allow parent
The test-rand RNG was returning success when it had some but insufficient data.
Now, it returns failure and doesn't advance the data pointer.
The test-rand RNG was failing when a parent was specified. This case is now
ignored.
Fixes #16785
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16905)
-----------------------------------------------------------------------
Summary of changes:
doc/man7/EVP_RAND-TEST-RAND.pod | 5 ++-
providers/implementations/rands/test_rng.c | 14 ++------
test/build.info | 6 +++-
test/rand_test.c | 56 ++++++++++++++++++++++++++++++
test/recipes/05-test_rand.t | 3 +-
5 files changed, 68 insertions(+), 16 deletions(-)
create mode 100644 test/rand_test.c
diff --git a/doc/man7/EVP_RAND-TEST-RAND.pod b/doc/man7/EVP_RAND-TEST-RAND.pod
index 56e9d755e3..a70015345b 100644
--- a/doc/man7/EVP_RAND-TEST-RAND.pod
+++ b/doc/man7/EVP_RAND-TEST-RAND.pod
@@ -52,9 +52,8 @@ they can all be set as well as read.
=item "test_entropy" (B<OSSL_RAND_PARAM_TEST_ENTROPY>) <octet string>
Sets the bytes returned when the test generator is sent an entropy request.
-When entropy is requested, these bytes are treated as a cyclic buffer and they
-are repeated as required. The current position is remembered across generate
-calls.
+The current position is remembered across generate calls.
+If there are insufficient data present to satisfy a call, an error is returned.
=item "test_nonce" (B<OSSL_RAND_PARAM_TEST_NONCE>) <octet string>
diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c
index bdad7ac9ac..4e7fed0fc7 100644
--- a/providers/implementations/rands/test_rng.c
+++ b/providers/implementations/rands/test_rng.c
@@ -52,9 +52,6 @@ static void *test_rng_new(void *provctx, void *parent,
{
PROV_TEST_RNG *t;
- if (parent != NULL)
- return NULL;
-
t = OPENSSL_zalloc(sizeof(*t));
if (t == NULL)
return NULL;
@@ -107,16 +104,11 @@ static int test_rng_generate(void *vtest, unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adin_len)
{
PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
- size_t i;
- if (strength > t->strength)
+ if (strength > t->strength || t->entropy_len - t->entropy_pos < outlen)
return 0;
-
- for (i = 0; i < outlen; i++) {
- out[i] = t->entropy[t->entropy_pos++];
- if (t->entropy_pos >= t->entropy_len)
- break;
- }
+ memcpy(out, t->entropy + t->entropy_pos, outlen);
+ t->entropy_pos += outlen;
return 1;
}
diff --git a/test/build.info b/test/build.info
index 2e209b45c7..1e4205ddb3 100644
--- a/test/build.info
+++ b/test/build.info
@@ -62,7 +62,7 @@ IF[{- !$disabled{tests} -}]
context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
bio_readbuffer_test user_property_test pkcs7_test upcallstest \
- provfetchtest prov_config_test
+ provfetchtest prov_config_test rand_test
IF[{- !$disabled{'deprecated-3.0'} -}]
PROGRAMS{noinst}=enginetest
@@ -84,6 +84,10 @@ IF[{- !$disabled{tests} -}]
INCLUDE[sanitytest]=../include ../apps/include
DEPEND[sanitytest]=../libcrypto libtestutil.a
+ SOURCE[rand_test]=rand_test.c
+ INCLUDE[rand_test]=../include ../apps/include
+ DEPEND[rand_test]=../libcrypto libtestutil.a
+
SOURCE[rsa_complex]=rsa_complex.c
INCLUDE[rsa_complex]=../include ../apps/include
diff --git a/test/rand_test.c b/test/rand_test.c
new file mode 100644
index 0000000000..864f3cdb51
--- /dev/null
+++ b/test/rand_test.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the >License>). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/core_names.h>
+#include "testutil.h"
+
+static int test_rand(void)
+{
+ EVP_RAND_CTX *privctx;
+ OSSL_PARAM params[2], *p = params;
+ unsigned char entropy1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
+ unsigned char entropy2[] = { 0xff, 0xfe, 0xfd };
+ unsigned char outbuf[3];
+
+ if (!TEST_ptr(privctx = RAND_get0_private(NULL)))
+ return 0;
+
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
+ entropy1, sizeof(entropy1));
+ *p = OSSL_PARAM_construct_end();
+
+ if (!TEST_ptr(privctx = RAND_get0_private(NULL))
+ || !TEST_true(EVP_RAND_CTX_set_params(privctx, params))
+ || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0)
+ || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy1, sizeof(outbuf))
+ || !TEST_int_le(RAND_priv_bytes(outbuf, sizeof(outbuf) + 1), 0)
+ || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0)
+ || !TEST_mem_eq(outbuf, sizeof(outbuf),
+ entropy1 + sizeof(outbuf), sizeof(outbuf)))
+ return 0;
+
+ *params = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
+ entropy2, sizeof(entropy2));
+ if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params))
+ || !TEST_int_gt(RAND_priv_bytes(outbuf, sizeof(outbuf)), 0)
+ || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf)))
+ return 0;
+ return 1;
+}
+
+int setup_tests(void)
+{
+ if (!TEST_true(RAND_set_DRBG_type(NULL, "TEST-RAND", NULL, NULL, NULL)))
+ return 0;
+ ADD_TEST(test_rand);
+ return 1;
+}
diff --git a/test/recipes/05-test_rand.t b/test/recipes/05-test_rand.t
index 750b1a28e8..f37b7bcb98 100644
--- a/test/recipes/05-test_rand.t
+++ b/test/recipes/05-test_rand.t
@@ -11,8 +11,9 @@ use warnings;
use OpenSSL::Test;
use OpenSSL::Test::Utils;
-plan tests => 2;
+plan tests => 3;
setup("test_rand");
+ok(run(test(["rand_test"])));
ok(run(test(["drbgtest"])));
ok(run(test(["rand_status_test"])));
More information about the openssl-commits
mailing list