From dcb8283cfb0855ceba1e3ffef107ec936ee8ca17 Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 5 Jun 2025 09:50:20 +1000 Subject: [PATCH] rand: add unit test exhibiting memory overrun MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Tom Cosgrove Reviewed-by: Saša Nedvědický Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27766) (cherry picked from commit 6d490a92fe49ea6e41cb7874086dbad5462078c6) --- test/rand_test.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/rand_test.c b/test/rand_test.c index d3dca252d5c..711cafa76ef 100644 --- a/test/rand_test.c +++ b/test/rand_test.c @@ -23,6 +23,7 @@ static int test_rand(void) OSSL_PARAM params[2], *p = params; unsigned char entropy1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 }; unsigned char entropy2[] = { 0xff, 0xfe, 0xfd }; + unsigned char nonce[] = { 0x00, 0x01, 0x02, 0x03, 0x04 }; unsigned char outbuf[3]; *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, @@ -46,6 +47,13 @@ static int test_rand(void) || !TEST_mem_eq(outbuf, sizeof(outbuf), entropy2, sizeof(outbuf))) return 0; + *params = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_NONCE, + nonce, sizeof(nonce)); + if (!TEST_true(EVP_RAND_CTX_set_params(privctx, params)) + || !TEST_true(EVP_RAND_nonce(privctx, outbuf, sizeof(outbuf))) + || !TEST_mem_eq(outbuf, sizeof(outbuf), nonce, sizeof(outbuf))) + return 0; + if (fips_provider_version_lt(NULL, 3, 4, 0)) { /* Skip the rest and pass the test */ return 1; -- 2.47.2