/*
- * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* https://www.openssl.org/source/license.html
*/
-/*
- * RAND_DRBG_set is deprecated for public use, but still ok for
- * internal use.
- */
-#include "internal/deprecated.h"
+/* We need to use some deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
#include <string.h>
#include "internal/nelem.h"
#include <openssl/aes.h>
#include "../crypto/rand/rand_local.h"
#include "../include/crypto/rand.h"
+#include "../include/crypto/evp.h"
#include "../providers/implementations/rands/drbg_local.h"
#include "../crypto/evp/evp_local.h"
# include <windows.h>
#endif
-
#if defined(OPENSSL_SYS_UNIX)
# include <sys/types.h>
# include <sys/wait.h>
#endif
#include "testutil.h"
-#include "drbgtest.h"
/*
* DRBG generate wrappers
*/
static int gen_bytes(EVP_RAND_CTX *drbg, unsigned char *buf, int num)
{
+#ifndef OPENSSL_NO_DEPRECATED_3_0
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth != NULL && meth != RAND_OpenSSL()) {
return meth->bytes(buf, num);
return -1;
}
+#endif
if (drbg != NULL)
return EVP_RAND_generate(drbg, buf, num, 0, 0, NULL, 0);
*/
static int state(EVP_RAND_CTX *drbg)
{
- return EVP_RAND_state(drbg);
+ return EVP_RAND_get_state(drbg);
}
static unsigned int query_rand_uint(EVP_RAND_CTX *drbg, const char *name)
unsigned int n;
*params = OSSL_PARAM_construct_uint(name, &n);
- if (EVP_RAND_get_ctx_params(drbg, params))
+ if (EVP_RAND_CTX_get_params(drbg, params))
return n;
return 0;
}
static PROV_DRBG *prov_rand(EVP_RAND_CTX *drbg)
{
- return (PROV_DRBG *)drbg->data;
+ return (PROV_DRBG *)drbg->algctx;
}
static void set_reseed_counter(EVP_RAND_CTX *drbg, unsigned int n)
time_t t;
*params = OSSL_PARAM_construct_time_t(OSSL_DRBG_PARAM_RESEED_TIME, &t);
- if (EVP_RAND_get_ctx_params(drbg, params))
+ if (EVP_RAND_CTX_get_params(drbg, params))
return t;
return 0;
}
/*
* When building the FIPS module, it isn't possible to disable the continuous
- * RNG tests. Tests that require this are skipped.
+ * RNG tests. Tests that require this are skipped and this means a detection
+ * mechanism for the FIPS provider being in use.
*/
-static int crngt_skip(void)
+static int using_fips_rng(void)
{
-#ifdef FIPS_MODULE
- return 1;
-#else
- return 0;
-#endif
+ EVP_RAND_CTX *primary = RAND_get0_primary(NULL);
+ const OSSL_PROVIDER *prov;
+ const char *name;
+
+ if (!TEST_ptr(primary))
+ return 0;
+
+ prov = EVP_RAND_get0_provider(EVP_RAND_CTX_get0_rand(primary));
+ if (!TEST_ptr(prov))
+ return 0;
+ name = OSSL_PROVIDER_get0_name(prov);
+ return strcmp(name, "OpenSSL FIPS Provider") == 0;
}
/*
}
-#if defined(OPENSSL_SYS_UNIX)
+#if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_RAND_SEED_EGD)
/* number of children to fork */
#define DRBG_FORK_COUNT 9
/* two results per child, two for the parent */
* This simplifies finding duplicate random output and makes
* the printout in case of an error more readable.
*/
-static int compare_drbg_fork_result(const void * left, const void * right)
+static int compare_drbg_fork_result(const void *left, const void *right)
{
int result;
const drbg_fork_result *l = left;
*
* Used for finding collisions in two-byte chunks
*/
-static int compare_rand_chunk(const void * left, const void * right)
+static int compare_rand_chunk(const void *left, const void *right)
{
return memcmp(left, right, 2);
}
success = 0;
/* request a single byte from each of the DRBGs before the next run */
- if (!TEST_true(RAND_bytes(random, 1) && RAND_priv_bytes(random, 1)))
+ if (!TEST_int_gt(RAND_bytes(random, 1), 0) || !TEST_int_gt(RAND_priv_bytes(random, 1), 0))
success = 0;
return success;
/*
* Test whether the default rand_method (RAND_OpenSSL()) is
- * setup correctly, in particular whether reseeding works
+ * setup correctly, in particular whether reseeding works
* as designed.
*/
static int test_rand_reseed(void)
int rv = 0;
time_t before_reseed;
- if (crngt_skip())
+ if (using_fips_rng())
return TEST_skip("CRNGT cannot be disabled");
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/* Check whether RAND_OpenSSL() is the default method */
if (!TEST_ptr_eq(RAND_get_rand_method(), RAND_OpenSSL()))
return 0;
+#endif
/* All three DRBGs should be non-null */
if (!TEST_ptr(primary = RAND_get0_primary(NULL))
EVP_RAND_uninstantiate(private);
EVP_RAND_uninstantiate(public);
-
/*
* Test initial seeding of shared DRBGs
*/
1, 1, 1, 0)))
goto error;
-
/*
* Test initial state of shared DRBGs
*/
/* fill 'randomness' buffer with some arbitrary data */
memset(rand_add_buf, 'r', sizeof(rand_add_buf));
-#ifndef FIPS_MODULE
/*
* Test whether all three DRBGs are reseeded by RAND_add().
* The before_reseed time has to be measured here and passed into the
1, 1, 1,
before_reseed)))
goto error;
-#else /* FIPS_MODULE */
- /*
- * In FIPS mode, random data provided by the application via RAND_add()
- * is not considered a trusted entropy source. It is only treated as
- * additional_data and no reseeding is forced. This test assures that
- * no reseeding occurs.
- */
- before_reseed = time(NULL);
- RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
- if (!TEST_true(test_drbg_reseed(1,
- primary, public, private,
- NULL, NULL,
- 0, 0, 0,
- before_reseed)))
- goto error;
-#endif
rv = 1;
params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL,
&t);
params[1] = OSSL_PARAM_construct_end();
- return EVP_RAND_set_ctx_params(drbg, params);
+ return EVP_RAND_CTX_set_params(drbg, params);
}
static void run_multi_thread_test(void)
if (!TEST_ptr(rand = EVP_RAND_fetch(NULL, "CTR-DRBG", NULL))
|| !TEST_ptr(drbg = EVP_RAND_CTX_new(rand, parent))
- || !TEST_true(EVP_RAND_set_ctx_params(drbg, params))) {
+ || !TEST_true(EVP_RAND_CTX_set_params(drbg, params))) {
EVP_RAND_CTX_free(drbg);
drbg = NULL;
}
unsigned char buf1[51], buf2[sizeof(buf1)];
int ret = 0, xreseed, yreseed, zreseed;
- if (crngt_skip())
+ if (using_fips_rng())
return TEST_skip("CRNGT cannot be disabled");
/* Initialise a three long DRBG chain */
if (!TEST_ptr(x = new_drbg(NULL))
|| !TEST_true(disable_crngt(x))
- || !TEST_true(EVP_RAND_instantiate(x, 0, 0, NULL, 0))
+ || !TEST_true(EVP_RAND_instantiate(x, 0, 0, NULL, 0, NULL))
|| !TEST_ptr(y = new_drbg(x))
- || !TEST_true(EVP_RAND_instantiate(y, 0, 0, NULL, 0))
+ || !TEST_true(EVP_RAND_instantiate(y, 0, 0, NULL, 0, NULL))
|| !TEST_ptr(z = new_drbg(y))
- || !TEST_true(EVP_RAND_instantiate(z, 0, 0, NULL, 0)))
+ || !TEST_true(EVP_RAND_instantiate(z, 0, 0, NULL, 0, NULL)))
goto err;
/*
int setup_tests(void)
{
ADD_TEST(test_rand_reseed);
-#if defined(OPENSSL_SYS_UNIX)
+#if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_RAND_SEED_EGD)
ADD_ALL_TESTS(test_rand_fork_safety, RANDOM_SIZE);
#endif
ADD_TEST(test_rand_prediction_resistance);
projects / openssl.git / blobdiff