From: Dr. Matthias St. Pierre Date: Sat, 4 Jul 2020 10:29:14 +0000 (+0200) Subject: test/drbgtest.c: Remove error check for large generate requests X-Git-Tag: openssl-3.0.0-alpha6~73 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e3e1dfeaaa4130e2bf1951d21a0615b7ce72c8f;p=thirdparty%2Fopenssl.git test/drbgtest.c: Remove error check for large generate requests The behaviour of RAND_DRBG_generate() has changed. Previously, it would fail for requests larger than max_request, now it automatically splits large input into chunks (which was previously done only by RAND_DRBG_bytes() before calling RAND_DRBG_generate()). So this test has not only become obsolete, the fact that it succeeded unexpectedly also caused a buffer overflow that terminated the test. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11195) --- diff --git a/test/drbgtest.c b/test/drbgtest.c index 118677c2edb..058b0a4050b 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -176,7 +176,6 @@ DRBG_SIZE_T(min_noncelen) DRBG_SIZE_T(max_noncelen) DRBG_SIZE_T(max_perslen) DRBG_SIZE_T(max_adinlen) -DRBG_SIZE_T(max_request) #define DRBG_UINT(name) \ static unsigned int name(RAND_DRBG *drbg) \ @@ -491,11 +490,6 @@ static int error_check(DRBG_SELFTEST_DATA *td) td->adin, td->adinlen))) goto err; - /* Request too much data for one request */ - if (!TEST_false(RAND_DRBG_generate(drbg, buff, max_request(drbg) + 1, 0, - td->adin, td->adinlen))) - goto err; - /* Try too large additional input */ if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 0, td->adin, max_adinlen(drbg) + 1)))