The branch master has been updated via 86f4e260262aad7524cd6a097592530fc818d3d4 (commit) via 005505fbf84a93e6f1871c70cfc60bd1f3b86101 (commit) from 11bac1b4c40464850c96225f92a9dc8ac54c35de (commit)
- Log ----------------------------------------------------------------- commit 86f4e260262aad7524cd6a097592530fc818d3d4 Author: Matt Caswell <m...@openssl.org> Date: Wed Jun 16 16:57:18 2021 +0100 Add a test for a custom rand provider Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15810) commit 005505fbf84a93e6f1871c70cfc60bd1f3b86101 Author: Matt Caswell <m...@openssl.org> Date: Thu Jun 17 11:44:10 2021 +0100 Ensure we remove libctx DRBG state before removing the provider store Otherwise a heap use-after-free can result. Fixes #15766 Reviewed-by: Tomas Mraz <to...@openssl.org> Reviewed-by: Paul Dale <pa...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15810) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_lib.c | 2 +- test/provfetchtest.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 102 insertions(+), 2 deletions(-) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index 62bd1d6796..8f76c8a5f0 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -492,7 +492,7 @@ static void rand_ossl_ctx_free(void *vdgbl) } static const OSSL_LIB_CTX_METHOD rand_drbg_ossl_ctx_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, + OSSL_LIB_CTX_METHOD_PRIORITY_2, rand_ossl_ctx_new, rand_ossl_ctx_free, }; diff --git a/test/provfetchtest.c b/test/provfetchtest.c index 8570beecff..8717a03bc1 100644 --- a/test/provfetchtest.c +++ b/test/provfetchtest.c @@ -12,6 +12,8 @@ #include <openssl/decoder.h> #include <openssl/encoder.h> #include <openssl/store.h> +#include <openssl/rand.h> +#include <openssl/core_names.h> #include "testutil.h" static int dummy_decoder_decode(void *ctx, OSSL_CORE_BIO *cin, int selection, @@ -84,6 +86,95 @@ static const OSSL_ALGORITHM dummy_store[] = { { NULL, NULL, NULL } }; +static void *dummy_rand_newctx(void *provctx, void *parent, + const OSSL_DISPATCH *parent_calls) +{ + return provctx; +} + +static void dummy_rand_freectx(void *vctx) +{ +} + +static int dummy_rand_instantiate(void *vdrbg, unsigned int strength, + int prediction_resistance, + const unsigned char *pstr, size_t pstr_len, + const OSSL_PARAM params[]) +{ + return 1; +} + +static int dummy_rand_uninstantiate(void *vdrbg) +{ + return 1; +} + +static int dummy_rand_generate(void *vctx, unsigned char *out, size_t outlen, + unsigned int strength, int prediction_resistance, + const unsigned char *addin, size_t addin_len) +{ + size_t i; + + for (i = 0; i <outlen; i++) + out[i] = (unsigned char)(i & 0xff); + + return 1; +} + +static const OSSL_PARAM *dummy_rand_gettable_ctx_params(void *vctx, void *provctx) +{ + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +} + +static int dummy_rand_get_ctx_params(void *vctx, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST); + if (p != NULL && !OSSL_PARAM_set_size_t(p, INT_MAX)) + return 0; + + return 1; +} + +static int dummy_rand_enable_locking(void *vtest) +{ + return 1; +} + +static int dummy_rand_lock(void *vtest) +{ + return 1; +} + +static void dummy_rand_unlock(void *vtest) +{ +} + +static const OSSL_DISPATCH dummy_rand_functions[] = { + { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))dummy_rand_newctx }, + { OSSL_FUNC_RAND_FREECTX, (void (*)(void))dummy_rand_freectx }, + { OSSL_FUNC_RAND_INSTANTIATE, (void (*)(void))dummy_rand_instantiate }, + { OSSL_FUNC_RAND_UNINSTANTIATE, (void (*)(void))dummy_rand_uninstantiate }, + { OSSL_FUNC_RAND_GENERATE, (void (*)(void))dummy_rand_generate }, + { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, + (void(*)(void))dummy_rand_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))dummy_rand_get_ctx_params }, + { OSSL_FUNC_RAND_ENABLE_LOCKING, (void(*)(void))dummy_rand_enable_locking }, + { OSSL_FUNC_RAND_LOCK, (void(*)(void))dummy_rand_lock }, + { OSSL_FUNC_RAND_UNLOCK, (void(*)(void))dummy_rand_unlock }, + { 0, NULL } +}; + +static const OSSL_ALGORITHM dummy_rand[] = { + { "DUMMY", "provider=dummy", dummy_rand_functions }, + { NULL, NULL, NULL } +}; + static const OSSL_ALGORITHM *dummy_query(void *provctx, int operation_id, int *no_cache) { @@ -95,6 +186,8 @@ static const OSSL_ALGORITHM *dummy_query(void *provctx, int operation_id, return dummy_encoders; case OSSL_OP_STORE: return dummy_store; + case OSSL_OP_RAND: + return dummy_rand; } return NULL; } @@ -123,6 +216,7 @@ static int dummy_provider_init(const OSSL_CORE_HANDLE *handle, * Test 0: Decoder * Test 1: Encoder * Test 2: Store loader + * Test 3: EVP_RAND */ static int fetch_test(int tst) { @@ -132,6 +226,7 @@ static int fetch_test(int tst) OSSL_ENCODER *encoder = NULL; OSSL_STORE_LOADER *loader = NULL; int testresult = 0; + unsigned char buf[32]; if (!TEST_ptr(libctx)) goto err; @@ -157,6 +252,11 @@ static int fetch_test(int tst) if (!TEST_ptr(loader)) goto err; break; + case 3: + if (!TEST_true(RAND_set_DRBG_type(libctx, "DUMMY", NULL, NULL, NULL)) + || !TEST_int_ge(RAND_bytes_ex(libctx, buf, sizeof(buf), 0), 1)) + goto err; + break; default: goto err; } @@ -173,7 +273,7 @@ static int fetch_test(int tst) int setup_tests(void) { - ADD_ALL_TESTS(fetch_test, 3); + ADD_ALL_TESTS(fetch_test, 4); return 1; }