+/*
+ * A list of the FIPS DRGB types.
+ * Because of the way HMAC DRGBs are implemented, both the NID and flags
+ * are required.
+ */
+static const struct s_drgb_types {
+ int nid;
+ int flags;
+} drgb_types[] = {
+ { NID_aes_128_ctr, 0 },
+ { NID_aes_192_ctr, 0 },
+ { NID_aes_256_ctr, 0 },
+ { NID_sha1, 0 },
+ { NID_sha224, 0 },
+ { NID_sha256, 0 },
+ { NID_sha384, 0 },
+ { NID_sha512, 0 },
+ { NID_sha512_224, 0 },
+ { NID_sha512_256, 0 },
+ { NID_sha3_224, 0 },
+ { NID_sha3_256, 0 },
+ { NID_sha3_384, 0 },
+ { NID_sha3_512, 0 },
+ { NID_sha1, RAND_DRBG_FLAG_HMAC },
+ { NID_sha224, RAND_DRBG_FLAG_HMAC },
+ { NID_sha256, RAND_DRBG_FLAG_HMAC },
+ { NID_sha384, RAND_DRBG_FLAG_HMAC },
+ { NID_sha512, RAND_DRBG_FLAG_HMAC },
+ { NID_sha512_224, RAND_DRBG_FLAG_HMAC },
+ { NID_sha512_256, RAND_DRBG_FLAG_HMAC },
+ { NID_sha3_224, RAND_DRBG_FLAG_HMAC },
+ { NID_sha3_256, RAND_DRBG_FLAG_HMAC },
+ { NID_sha3_384, RAND_DRBG_FLAG_HMAC },
+ { NID_sha3_512, RAND_DRBG_FLAG_HMAC },
+};
+
+/* Six cases for each covers seed sizes up to 32 bytes */
+static const size_t crngt_num_cases = 6;
+
+static size_t crngt_case, crngt_idx;
+
+static int crngt_entropy_cb(unsigned char *buf, unsigned char *md,
+ unsigned int *md_size)
+{
+ size_t i, z;
+
+ if (!TEST_int_lt(crngt_idx, crngt_num_cases))
+ return 0;
+ /* Generate a block of unique data unless this is the duplication point */
+ z = crngt_idx++;
+ if (z > 0 && crngt_case == z)
+ z--;
+ for (i = 0; i < CRNGT_BUFSIZ; i++)
+ buf[i] = (unsigned char)(i + 'A' + z);
+ return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
+}
+
+static int test_crngt(int n)
+{
+ const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases;
+ RAND_DRBG *drbg = NULL;
+ unsigned char buff[100];
+ size_t ent;
+ int res = 0;
+ int expect;
+
+ if (!TEST_true(rand_crngt_single_init()))
+ return 0;
+ rand_crngt_cleanup();
+
+ if (!TEST_ptr(drbg = RAND_DRBG_new(dt->nid, dt->flags, NULL)))
+ return 0;
+ ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ;
+ crngt_case = n % crngt_num_cases;
+ crngt_idx = 0;
+ crngt_get_entropy = &crngt_entropy_cb;
+ if (!TEST_true(rand_crngt_init()))
+ goto err;
+#ifndef FIPS_MODE
+ if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy,
+ &rand_crngt_cleanup_entropy,
+ &rand_drbg_get_nonce,
+ &rand_drbg_cleanup_nonce)))
+ goto err;
+#endif
+ expect = crngt_case == 0 || crngt_case > ent;
+ if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect))
+ goto err;
+ if (!expect)
+ goto fin;
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
+ goto err;
+
+ expect = crngt_case == 0 || crngt_case > 2 * ent;
+ if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect))
+ goto err;
+ if (!expect)
+ goto fin;
+ if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0)))
+ goto err;
+
+fin:
+ res = 1;
+err:
+ if (!res)
+ TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases,
+ crngt_case, crngt_idx);
+ uninstantiate(drbg);
+ RAND_DRBG_free(drbg);
+ crngt_get_entropy = &rand_crngt_get_entropy_cb;
+ return res;
+}
+