*/
static int state(EVP_RAND_CTX *drbg)
{
- return EVP_RAND_state(drbg);
+ return EVP_RAND_get_state(drbg);
}
static unsigned int query_rand_uint(EVP_RAND_CTX *drbg, const char *name)
unsigned int n;
*params = OSSL_PARAM_construct_uint(name, &n);
- if (EVP_RAND_get_ctx_params(drbg, params))
+ if (EVP_RAND_CTX_get_params(drbg, params))
return n;
return 0;
}
static PROV_DRBG *prov_rand(EVP_RAND_CTX *drbg)
{
- return (PROV_DRBG *)drbg->data;
+ return (PROV_DRBG *)drbg->algctx;
}
static void set_reseed_counter(EVP_RAND_CTX *drbg, unsigned int n)
time_t t;
*params = OSSL_PARAM_construct_time_t(OSSL_DRBG_PARAM_RESEED_TIME, &t);
- if (EVP_RAND_get_ctx_params(drbg, params))
+ if (EVP_RAND_CTX_get_params(drbg, params))
return t;
return 0;
}
/*
* When building the FIPS module, it isn't possible to disable the continuous
- * RNG tests. Tests that require this are skipped.
+ * RNG tests. Tests that require this are skipped and this means a detection
+ * mechanism for the FIPS provider being in use.
*/
-static int crngt_skip(void)
+static int using_fips_rng(void)
{
-#ifdef FIPS_MODULE
- return 1;
-#else
- return 0;
-#endif
+ EVP_RAND_CTX *primary = RAND_get0_primary(NULL);
+ const OSSL_PROVIDER *prov;
+ const char *name;
+
+ if (!TEST_ptr(primary))
+ return 0;
+
+ prov = EVP_RAND_get0_provider(EVP_RAND_CTX_get0_rand(primary));
+ if (!TEST_ptr(prov))
+ return 0;
+ name = OSSL_PROVIDER_get0_name(prov);
+ return strcmp(name, "OpenSSL FIPS Provider") == 0;
}
/*
success = 0;
/* request a single byte from each of the DRBGs before the next run */
- if (!TEST_true(RAND_bytes(random, 1) && RAND_priv_bytes(random, 1)))
+ if (!TEST_int_gt(RAND_bytes(random, 1), 0) || !TEST_int_gt(RAND_priv_bytes(random, 1), 0))
success = 0;
return success;
/*
* Test whether the default rand_method (RAND_OpenSSL()) is
- * setup correctly, in particular whether reseeding works
+ * setup correctly, in particular whether reseeding works
* as designed.
*/
static int test_rand_reseed(void)
int rv = 0;
time_t before_reseed;
- if (crngt_skip())
+ if (using_fips_rng())
return TEST_skip("CRNGT cannot be disabled");
#ifndef OPENSSL_NO_DEPRECATED_3_0
EVP_RAND_uninstantiate(private);
EVP_RAND_uninstantiate(public);
-
/*
* Test initial seeding of shared DRBGs
*/
1, 1, 1, 0)))
goto error;
-
/*
* Test initial state of shared DRBGs
*/
/* fill 'randomness' buffer with some arbitrary data */
memset(rand_add_buf, 'r', sizeof(rand_add_buf));
-#ifndef FIPS_MODULE
/*
* Test whether all three DRBGs are reseeded by RAND_add().
* The before_reseed time has to be measured here and passed into the
1, 1, 1,
before_reseed)))
goto error;
-#else /* FIPS_MODULE */
- /*
- * In FIPS mode, random data provided by the application via RAND_add()
- * is not considered a trusted entropy source. It is only treated as
- * additional_data and no reseeding is forced. This test assures that
- * no reseeding occurs.
- */
- before_reseed = time(NULL);
- RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
- if (!TEST_true(test_drbg_reseed(1,
- primary, public, private,
- NULL, NULL,
- 0, 0, 0,
- before_reseed)))
- goto error;
-#endif
rv = 1;
params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL,
&t);
params[1] = OSSL_PARAM_construct_end();
- return EVP_RAND_set_ctx_params(drbg, params);
+ return EVP_RAND_CTX_set_params(drbg, params);
}
static void run_multi_thread_test(void)
if (!TEST_ptr(rand = EVP_RAND_fetch(NULL, "CTR-DRBG", NULL))
|| !TEST_ptr(drbg = EVP_RAND_CTX_new(rand, parent))
- || !TEST_true(EVP_RAND_set_ctx_params(drbg, params))) {
+ || !TEST_true(EVP_RAND_CTX_set_params(drbg, params))) {
EVP_RAND_CTX_free(drbg);
drbg = NULL;
}
unsigned char buf1[51], buf2[sizeof(buf1)];
int ret = 0, xreseed, yreseed, zreseed;
- if (crngt_skip())
+ if (using_fips_rng())
return TEST_skip("CRNGT cannot be disabled");
/* Initialise a three long DRBG chain */
projects / thirdparty / openssl.git / blobdiff