2 * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include "internal/nelem.h"
12 #include <openssl/crypto.h>
13 #include <openssl/err.h>
14 #include <openssl/rand.h>
15 #include <openssl/obj_mac.h>
16 #include <openssl/evp.h>
17 #include <openssl/aes.h>
18 #include "../crypto/rand/rand_local.h"
19 #include "../include/crypto/rand.h"
20 #include "../include/crypto/evp.h"
21 #include "../providers/implementations/rands/drbg_local.h"
22 #include "../crypto/evp/evp_local.h"
29 # if defined(OPENSSL_TANDEM_FLOSS)
30 # include <floss.h(floss_fork)>
34 #if defined(OPENSSL_SYS_UNIX)
35 # include <sys/types.h>
36 # include <sys/wait.h>
43 * DRBG generate wrappers
45 static int gen_bytes(EVP_RAND_CTX *drbg, unsigned char *buf, int num)
47 const RAND_METHOD *meth = RAND_get_rand_method();
49 if (meth != NULL && meth != RAND_OpenSSL()) {
50 if (meth->bytes != NULL)
51 return meth->bytes(buf, num);
56 return EVP_RAND_generate(drbg, buf, num, 0, 0, NULL, 0);
60 static int rand_bytes(unsigned char *buf, int num)
62 return gen_bytes(RAND_get0_public(NULL), buf, num);
65 static int rand_priv_bytes(unsigned char *buf, int num)
67 return gen_bytes(RAND_get0_private(NULL), buf, num);
71 /* size of random output generated in test_drbg_reseed() */
72 #define RANDOM_SIZE 16
75 * DRBG query functions
77 static int state(EVP_RAND_CTX *drbg)
79 return EVP_RAND_state(drbg);
82 static unsigned int query_rand_uint(EVP_RAND_CTX *drbg, const char *name)
84 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
87 *params = OSSL_PARAM_construct_uint(name, &n);
88 if (EVP_RAND_get_ctx_params(drbg, params))
93 #define DRBG_UINT(name) \
94 static unsigned int name(EVP_RAND_CTX *drbg) \
96 return query_rand_uint(drbg, #name); \
98 DRBG_UINT(reseed_counter)
100 static PROV_DRBG *prov_rand(EVP_RAND_CTX *drbg)
102 return (PROV_DRBG *)drbg->data;
105 static void set_reseed_counter(EVP_RAND_CTX *drbg, unsigned int n)
107 PROV_DRBG *p = prov_rand(drbg);
109 p->reseed_counter = n;
112 static void inc_reseed_counter(EVP_RAND_CTX *drbg)
114 set_reseed_counter(drbg, reseed_counter(drbg) + 1);
117 static time_t reseed_time(EVP_RAND_CTX *drbg)
119 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
122 *params = OSSL_PARAM_construct_time_t(OSSL_DRBG_PARAM_RESEED_TIME, &t);
123 if (EVP_RAND_get_ctx_params(drbg, params))
129 * When building the FIPS module, it isn't possible to disable the continuous
130 * RNG tests. Tests that require this are skipped.
132 static int crngt_skip(void)
142 * Disable CRNG testing if it is enabled.
143 * This stub remains to indicate the calling locations where it is necessary.
144 * Once the RNG infrastructure is able to disable these tests, it should be
147 static int disable_crngt(EVP_RAND_CTX *drbg)
153 * Generates random output using rand_bytes() and rand_priv_bytes()
154 * and checks whether the three shared DRBGs were reseeded as
157 * |expect_success|: expected outcome (as reported by RAND_status())
158 * |primary|, |public|, |private|: pointers to the three shared DRBGs
159 * |public_random|, |private_random|: generated random output
160 * |expect_xxx_reseed| =
161 * 1: it is expected that the specified DRBG is reseeded
162 * 0: it is expected that the specified DRBG is not reseeded
163 * -1: don't check whether the specified DRBG was reseeded or not
164 * |reseed_when|: if nonzero, used instead of time(NULL) to set the
165 * |before_reseed| time.
167 static int test_drbg_reseed(int expect_success,
168 EVP_RAND_CTX *primary,
169 EVP_RAND_CTX *public,
170 EVP_RAND_CTX *private,
171 unsigned char *public_random,
172 unsigned char *private_random,
173 int expect_primary_reseed,
174 int expect_public_reseed,
175 int expect_private_reseed,
179 time_t before_reseed, after_reseed;
180 int expected_state = (expect_success ? DRBG_READY : DRBG_ERROR);
181 unsigned int primary_reseed, public_reseed, private_reseed;
182 unsigned char dummy[RANDOM_SIZE];
184 if (public_random == NULL)
185 public_random = dummy;
187 if (private_random == NULL)
188 private_random = dummy;
191 * step 1: check preconditions
194 /* Test whether seed propagation is enabled */
195 if (!TEST_int_ne(primary_reseed = reseed_counter(primary), 0)
196 || !TEST_int_ne(public_reseed = reseed_counter(public), 0)
197 || !TEST_int_ne(private_reseed = reseed_counter(private), 0))
201 * step 2: generate random output
204 if (reseed_when == 0)
205 reseed_when = time(NULL);
207 /* Generate random output from the public and private DRBG */
208 before_reseed = expect_primary_reseed == 1 ? reseed_when : 0;
209 if (!TEST_int_eq(rand_bytes((unsigned char*)public_random,
210 RANDOM_SIZE), expect_success)
211 || !TEST_int_eq(rand_priv_bytes((unsigned char*) private_random,
212 RANDOM_SIZE), expect_success))
214 after_reseed = time(NULL);
218 * step 3: check postconditions
221 /* Test whether reseeding succeeded as expected */
222 if (!TEST_int_eq(state(primary), expected_state)
223 || !TEST_int_eq(state(public), expected_state)
224 || !TEST_int_eq(state(private), expected_state))
227 if (expect_primary_reseed >= 0) {
228 /* Test whether primary DRBG was reseeded as expected */
229 if (!TEST_int_ge(reseed_counter(primary), primary_reseed))
233 if (expect_public_reseed >= 0) {
234 /* Test whether public DRBG was reseeded as expected */
235 if (!TEST_int_ge(reseed_counter(public), public_reseed)
236 || !TEST_uint_ge(reseed_counter(public),
237 reseed_counter(primary)))
241 if (expect_private_reseed >= 0) {
242 /* Test whether public DRBG was reseeded as expected */
243 if (!TEST_int_ge(reseed_counter(private), private_reseed)
244 || !TEST_uint_ge(reseed_counter(private),
245 reseed_counter(primary)))
249 if (expect_success == 1) {
250 /* Test whether reseed time of primary DRBG is set correctly */
251 if (!TEST_time_t_le(before_reseed, reseed_time(primary))
252 || !TEST_time_t_le(reseed_time(primary), after_reseed))
255 /* Test whether reseed times of child DRBGs are synchronized with primary */
256 if (!TEST_time_t_ge(reseed_time(public), reseed_time(primary))
257 || !TEST_time_t_ge(reseed_time(private), reseed_time(primary)))
267 #if defined(OPENSSL_SYS_UNIX)
268 /* number of children to fork */
269 #define DRBG_FORK_COUNT 9
270 /* two results per child, two for the parent */
271 #define DRBG_FORK_RESULT_COUNT (2 * (DRBG_FORK_COUNT + 1))
273 typedef struct drbg_fork_result_st {
275 unsigned char random[RANDOM_SIZE]; /* random output */
277 int pindex; /* process index (0: parent, 1,2,3...: children)*/
278 pid_t pid; /* process id */
279 int private; /* true if the private drbg was used */
280 char name[10]; /* 'parent' resp. 'child 1', 'child 2', ... */
284 * Sort the drbg_fork_result entries in lexicographical order
286 * This simplifies finding duplicate random output and makes
287 * the printout in case of an error more readable.
289 static int compare_drbg_fork_result(const void * left, const void * right)
292 const drbg_fork_result *l = left;
293 const drbg_fork_result *r = right;
295 /* separate public and private results */
296 result = l->private - r->private;
299 result = memcmp(l->random, r->random, RANDOM_SIZE);
302 result = l->pindex - r->pindex;
308 * Sort two-byte chunks of random data
310 * Used for finding collisions in two-byte chunks
312 static int compare_rand_chunk(const void * left, const void * right)
314 return memcmp(left, right, 2);
318 * Test whether primary, public and private DRBG are reseeded
319 * in the child after forking the process. Collect the random
320 * output of the public and private DRBG and send it back to
321 * the parent process.
323 static int test_drbg_reseed_in_child(EVP_RAND_CTX *primary,
324 EVP_RAND_CTX *public,
325 EVP_RAND_CTX *private,
326 drbg_fork_result result[2])
331 unsigned char random[2 * RANDOM_SIZE];
333 if (!TEST_int_ge(pipe(fd), 0))
336 if (!TEST_int_ge(pid = fork(), 0)) {
340 } else if (pid > 0) {
342 /* I'm the parent; close the write end */
345 /* wait for children to terminate and collect their random output */
346 if (TEST_int_eq(waitpid(pid, &status, 0), pid)
347 && TEST_int_eq(status, 0)
348 && TEST_true(read(fd[0], &random[0], sizeof(random))
349 == sizeof(random))) {
351 /* random output of public drbg */
353 result[0].private = 0;
354 memcpy(result[0].random, &random[0], RANDOM_SIZE);
356 /* random output of private drbg */
358 result[1].private = 1;
359 memcpy(result[1].random, &random[RANDOM_SIZE], RANDOM_SIZE);
364 /* close the read end */
371 /* I'm the child; close the read end */
374 /* check whether all three DRBGs reseed and send output to parent */
375 if (TEST_true(test_drbg_reseed(1, primary, public, private,
376 &random[0], &random[RANDOM_SIZE],
378 && TEST_true(write(fd[1], random, sizeof(random))
379 == sizeof(random))) {
384 /* close the write end */
387 /* convert boolean to exit code */
392 static int test_rand_reseed_on_fork(EVP_RAND_CTX *primary,
393 EVP_RAND_CTX *public,
394 EVP_RAND_CTX *private)
397 pid_t pid = getpid();
398 int verbose = (getenv("V") != NULL);
400 int duplicate[2] = {0, 0};
401 unsigned char random[2 * RANDOM_SIZE];
402 unsigned char sample[DRBG_FORK_RESULT_COUNT * RANDOM_SIZE];
403 unsigned char *psample = &sample[0];
404 drbg_fork_result result[DRBG_FORK_RESULT_COUNT];
405 drbg_fork_result *presult = &result[2];
407 memset(&result, 0, sizeof(result));
409 for (i = 1 ; i <= DRBG_FORK_COUNT ; ++i) {
411 presult[0].pindex = presult[1].pindex = i;
413 sprintf(presult[0].name, "child %d", i);
414 strcpy(presult[1].name, presult[0].name);
416 /* collect the random output of the children */
417 if (!TEST_true(test_drbg_reseed_in_child(primary,
426 /* collect the random output of the parent */
427 if (!TEST_true(test_drbg_reseed(1,
428 primary, public, private,
429 &random[0], &random[RANDOM_SIZE],
433 strcpy(result[0].name, "parent");
434 strcpy(result[1].name, "parent");
436 /* output of public drbg */
438 result[0].private = 0;
439 memcpy(result[0].random, &random[0], RANDOM_SIZE);
441 /* output of private drbg */
443 result[1].private = 1;
444 memcpy(result[1].random, &random[RANDOM_SIZE], RANDOM_SIZE);
446 /* collect all sampled random data in a single buffer */
447 for (i = 0 ; i < DRBG_FORK_RESULT_COUNT ; ++i) {
448 memcpy(psample, &result[i].random[0], RANDOM_SIZE);
449 psample += RANDOM_SIZE;
452 /* sort the results... */
453 qsort(result, DRBG_FORK_RESULT_COUNT, sizeof(drbg_fork_result),
454 compare_drbg_fork_result);
456 /* ...and count duplicate prefixes by looking at the first byte only */
457 for (i = 1 ; i < DRBG_FORK_RESULT_COUNT ; ++i) {
458 if (result[i].random[0] == result[i-1].random[0]) {
459 /* count public and private duplicates separately */
460 ++duplicate[result[i].private];
464 if (duplicate[0] >= DRBG_FORK_COUNT - 1) {
465 /* just too many duplicates to be a coincidence */
466 TEST_note("ERROR: %d duplicate prefixes in public random output", duplicate[0]);
470 if (duplicate[1] >= DRBG_FORK_COUNT - 1) {
471 /* just too many duplicates to be a coincidence */
472 TEST_note("ERROR: %d duplicate prefixes in private random output", duplicate[1]);
478 /* sort the two-byte chunks... */
479 qsort(sample, sizeof(sample)/2, 2, compare_rand_chunk);
481 /* ...and count duplicate chunks */
482 for (i = 2, psample = sample + 2 ; i < sizeof(sample) ; i += 2, psample += 2) {
483 if (compare_rand_chunk(psample - 2, psample) == 0)
487 if (duplicate[0] >= DRBG_FORK_COUNT - 1) {
488 /* just too many duplicates to be a coincidence */
489 TEST_note("ERROR: %d duplicate chunks in random output", duplicate[0]);
493 if (verbose || !success) {
495 for (i = 0 ; i < DRBG_FORK_RESULT_COUNT ; ++i) {
496 char *rand_hex = OPENSSL_buf2hexstr(result[i].random, RANDOM_SIZE);
498 TEST_note(" random: %s, pid: %d (%s, %s)",
502 result[i].private ? "private" : "public"
505 OPENSSL_free(rand_hex);
512 static int test_rand_fork_safety(int i)
515 unsigned char random[1];
516 EVP_RAND_CTX *primary, *public, *private;
518 /* All three DRBGs should be non-null */
519 if (!TEST_ptr(primary = RAND_get0_primary(NULL))
520 || !TEST_ptr(public = RAND_get0_public(NULL))
521 || !TEST_ptr(private = RAND_get0_private(NULL)))
524 /* run the actual test */
525 if (!TEST_true(test_rand_reseed_on_fork(primary, public, private)))
528 /* request a single byte from each of the DRBGs before the next run */
529 if (!TEST_true(RAND_bytes(random, 1) && RAND_priv_bytes(random, 1)))
537 * Test whether the default rand_method (RAND_OpenSSL()) is
538 * setup correctly, in particular whether reseeding works
541 static int test_rand_reseed(void)
543 EVP_RAND_CTX *primary, *public, *private;
544 unsigned char rand_add_buf[256];
546 time_t before_reseed;
549 return TEST_skip("CRNGT cannot be disabled");
551 /* Check whether RAND_OpenSSL() is the default method */
552 if (!TEST_ptr_eq(RAND_get_rand_method(), RAND_OpenSSL()))
555 /* All three DRBGs should be non-null */
556 if (!TEST_ptr(primary = RAND_get0_primary(NULL))
557 || !TEST_ptr(public = RAND_get0_public(NULL))
558 || !TEST_ptr(private = RAND_get0_private(NULL)))
561 /* There should be three distinct DRBGs, two of them chained to primary */
562 if (!TEST_ptr_ne(public, private)
563 || !TEST_ptr_ne(public, primary)
564 || !TEST_ptr_ne(private, primary)
565 || !TEST_ptr_eq(prov_rand(public)->parent, prov_rand(primary))
566 || !TEST_ptr_eq(prov_rand(private)->parent, prov_rand(primary)))
569 /* Disable CRNG testing for the primary DRBG */
570 if (!TEST_true(disable_crngt(primary)))
573 /* uninstantiate the three global DRBGs */
574 EVP_RAND_uninstantiate(primary);
575 EVP_RAND_uninstantiate(private);
576 EVP_RAND_uninstantiate(public);
580 * Test initial seeding of shared DRBGs
582 if (!TEST_true(test_drbg_reseed(1,
583 primary, public, private,
590 * Test initial state of shared DRBGs
592 if (!TEST_true(test_drbg_reseed(1,
593 primary, public, private,
599 * Test whether the public and private DRBG are both reseeded when their
600 * reseed counters differ from the primary's reseed counter.
602 inc_reseed_counter(primary);
603 if (!TEST_true(test_drbg_reseed(1,
604 primary, public, private,
610 * Test whether the public DRBG is reseeded when its reseed counter differs
611 * from the primary's reseed counter.
613 inc_reseed_counter(primary);
614 inc_reseed_counter(private);
615 if (!TEST_true(test_drbg_reseed(1,
616 primary, public, private,
622 * Test whether the private DRBG is reseeded when its reseed counter differs
623 * from the primary's reseed counter.
625 inc_reseed_counter(primary);
626 inc_reseed_counter(public);
627 if (!TEST_true(test_drbg_reseed(1,
628 primary, public, private,
633 /* fill 'randomness' buffer with some arbitrary data */
634 memset(rand_add_buf, 'r', sizeof(rand_add_buf));
638 * Test whether all three DRBGs are reseeded by RAND_add().
639 * The before_reseed time has to be measured here and passed into the
640 * test_drbg_reseed() test, because the primary DRBG gets already reseeded
641 * in RAND_add(), whence the check for the condition
642 * before_reseed <= reseed_time(primary) will fail if the time value happens
643 * to increase between the RAND_add() and the test_drbg_reseed() call.
645 before_reseed = time(NULL);
646 RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
647 if (!TEST_true(test_drbg_reseed(1,
648 primary, public, private,
653 #else /* FIPS_MODULE */
655 * In FIPS mode, random data provided by the application via RAND_add()
656 * is not considered a trusted entropy source. It is only treated as
657 * additional_data and no reseeding is forced. This test assures that
658 * no reseeding occurs.
660 before_reseed = time(NULL);
661 RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
662 if (!TEST_true(test_drbg_reseed(1,
663 primary, public, private,
676 #if defined(OPENSSL_THREADS)
677 static int multi_thread_rand_bytes_succeeded = 1;
678 static int multi_thread_rand_priv_bytes_succeeded = 1;
680 static int set_reseed_time_interval(EVP_RAND_CTX *drbg, int t)
682 OSSL_PARAM params[2];
684 params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL,
686 params[1] = OSSL_PARAM_construct_end();
687 return EVP_RAND_set_ctx_params(drbg, params);
690 static void run_multi_thread_test(void)
692 unsigned char buf[256];
693 time_t start = time(NULL);
694 EVP_RAND_CTX *public = NULL, *private = NULL;
696 if (!TEST_ptr(public = RAND_get0_public(NULL))
697 || !TEST_ptr(private = RAND_get0_private(NULL))
698 || !TEST_true(set_reseed_time_interval(private, 1))
699 || !TEST_true(set_reseed_time_interval(public, 1))) {
700 multi_thread_rand_bytes_succeeded = 0;
705 if (rand_bytes(buf, sizeof(buf)) <= 0)
706 multi_thread_rand_bytes_succeeded = 0;
707 if (rand_priv_bytes(buf, sizeof(buf)) <= 0)
708 multi_thread_rand_priv_bytes_succeeded = 0;
710 while (time(NULL) - start < 5);
713 # if defined(OPENSSL_SYS_WINDOWS)
715 typedef HANDLE thread_t;
717 static DWORD WINAPI thread_run(LPVOID arg)
719 run_multi_thread_test();
721 * Because we're linking with a static library, we must stop each
722 * thread explicitly, or so says OPENSSL_thread_stop(3)
724 OPENSSL_thread_stop();
728 static int run_thread(thread_t *t)
730 *t = CreateThread(NULL, 0, thread_run, NULL, 0, NULL);
734 static int wait_for_thread(thread_t thread)
736 return WaitForSingleObject(thread, INFINITE) == 0;
741 typedef pthread_t thread_t;
743 static void *thread_run(void *arg)
745 run_multi_thread_test();
747 * Because we're linking with a static library, we must stop each
748 * thread explicitly, or so says OPENSSL_thread_stop(3)
750 OPENSSL_thread_stop();
754 static int run_thread(thread_t *t)
756 return pthread_create(t, NULL, thread_run, NULL) == 0;
759 static int wait_for_thread(thread_t thread)
761 return pthread_join(thread, NULL) == 0;
767 * The main thread will also run the test, so we'll have THREADS+1 parallel
772 static int test_multi_thread(void)
777 for (i = 0; i < THREADS; i++)
779 run_multi_thread_test();
780 for (i = 0; i < THREADS; i++)
781 wait_for_thread(t[i]);
783 if (!TEST_true(multi_thread_rand_bytes_succeeded))
785 if (!TEST_true(multi_thread_rand_priv_bytes_succeeded))
792 static EVP_RAND_CTX *new_drbg(EVP_RAND_CTX *parent)
794 OSSL_PARAM params[2];
795 EVP_RAND *rand = NULL;
796 EVP_RAND_CTX *drbg = NULL;
798 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER,
800 params[1] = OSSL_PARAM_construct_end();
802 if (!TEST_ptr(rand = EVP_RAND_fetch(NULL, "CTR-DRBG", NULL))
803 || !TEST_ptr(drbg = EVP_RAND_CTX_new(rand, parent))
804 || !TEST_true(EVP_RAND_set_ctx_params(drbg, params))) {
805 EVP_RAND_CTX_free(drbg);
812 static int test_rand_prediction_resistance(void)
814 EVP_RAND_CTX *x = NULL, *y = NULL, *z = NULL;
815 unsigned char buf1[51], buf2[sizeof(buf1)];
816 int ret = 0, xreseed, yreseed, zreseed;
819 return TEST_skip("CRNGT cannot be disabled");
821 /* Initialise a three long DRBG chain */
822 if (!TEST_ptr(x = new_drbg(NULL))
823 || !TEST_true(disable_crngt(x))
824 || !TEST_true(EVP_RAND_instantiate(x, 0, 0, NULL, 0))
825 || !TEST_ptr(y = new_drbg(x))
826 || !TEST_true(EVP_RAND_instantiate(y, 0, 0, NULL, 0))
827 || !TEST_ptr(z = new_drbg(y))
828 || !TEST_true(EVP_RAND_instantiate(z, 0, 0, NULL, 0)))
832 * During a normal reseed, only the last DRBG in the chain should
835 inc_reseed_counter(y);
836 xreseed = reseed_counter(x);
837 yreseed = reseed_counter(y);
838 zreseed = reseed_counter(z);
839 if (!TEST_true(EVP_RAND_reseed(z, 0, NULL, 0, NULL, 0))
840 || !TEST_int_eq(reseed_counter(x), xreseed)
841 || !TEST_int_eq(reseed_counter(y), yreseed)
842 || !TEST_int_gt(reseed_counter(z), zreseed))
846 * When prediction resistance is requested, the request should be
847 * propagated to the primary, so that the entire DRBG chain reseeds.
849 zreseed = reseed_counter(z);
850 if (!TEST_true(EVP_RAND_reseed(z, 1, NULL, 0, NULL, 0))
851 || !TEST_int_gt(reseed_counter(x), xreseed)
852 || !TEST_int_gt(reseed_counter(y), yreseed)
853 || !TEST_int_gt(reseed_counter(z), zreseed))
857 * During a normal generate, only the last DRBG should be reseed */
858 inc_reseed_counter(y);
859 xreseed = reseed_counter(x);
860 yreseed = reseed_counter(y);
861 zreseed = reseed_counter(z);
862 if (!TEST_true(EVP_RAND_generate(z, buf1, sizeof(buf1), 0, 0, NULL, 0))
863 || !TEST_int_eq(reseed_counter(x), xreseed)
864 || !TEST_int_eq(reseed_counter(y), yreseed)
865 || !TEST_int_gt(reseed_counter(z), zreseed))
869 * When a prediction resistant generate is requested, the request
870 * should be propagated to the primary, reseeding the entire DRBG chain.
872 zreseed = reseed_counter(z);
873 if (!TEST_true(EVP_RAND_generate(z, buf2, sizeof(buf2), 0, 1, NULL, 0))
874 || !TEST_int_gt(reseed_counter(x), xreseed)
875 || !TEST_int_gt(reseed_counter(y), yreseed)
876 || !TEST_int_gt(reseed_counter(z), zreseed)
877 || !TEST_mem_ne(buf1, sizeof(buf1), buf2, sizeof(buf2)))
880 /* Verify that a normal reseed still only reseeds the last DRBG */
881 inc_reseed_counter(y);
882 xreseed = reseed_counter(x);
883 yreseed = reseed_counter(y);
884 zreseed = reseed_counter(z);
885 if (!TEST_true(EVP_RAND_reseed(z, 0, NULL, 0, NULL, 0))
886 || !TEST_int_eq(reseed_counter(x), xreseed)
887 || !TEST_int_eq(reseed_counter(y), yreseed)
888 || !TEST_int_gt(reseed_counter(z), zreseed))
893 EVP_RAND_CTX_free(z);
894 EVP_RAND_CTX_free(y);
895 EVP_RAND_CTX_free(x);
899 int setup_tests(void)
901 ADD_TEST(test_rand_reseed);
902 #if defined(OPENSSL_SYS_UNIX)
903 ADD_ALL_TESTS(test_rand_fork_safety, RANDOM_SIZE);
905 ADD_TEST(test_rand_prediction_resistance);
906 #if defined(OPENSSL_THREADS)
907 ADD_TEST(test_multi_thread);