X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;ds=sidebyside;f=test%2Fdrbgtest.c;h=4eb8f7a224309e9f786e807423e25725df6d9427;hb=2b584ff372b2b25bb6801172bbeb90074b26f88c;hp=c285c75229d4ea6dda9a2e87d850bead70b4a3b3;hpb=2bb1b5ddd12c23bbfa7fb60ee3296612ca943fef;p=oweals%2Fopenssl.git diff --git a/test/drbgtest.c b/test/drbgtest.c index c285c75229..4eb8f7a224 100644 --- a/test/drbgtest.c +++ b/test/drbgtest.c @@ -1,7 +1,7 @@ /* - * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -15,13 +15,20 @@ #include #include #include -#include "../crypto/rand/rand_lcl.h" -#include "../crypto/include/internal/rand_int.h" +#include "../crypto/rand/rand_local.h" +#include "../include/crypto/rand.h" #if defined(_WIN32) # include #endif + +#if defined(OPENSSL_SYS_UNIX) +# include +# include +# include +#endif + #include "testutil.h" #include "drbgtest.h" @@ -104,9 +111,12 @@ typedef struct drbg_selftest_data_st { make_drbg_test_data(nid, 0, pr, p) static DRBG_SELFTEST_DATA drbg_test[] = { +#ifndef FIPS_MODULE + /* FIPS mode doesn't support CTR DRBG without a derivation function */ make_drbg_test_data_no_df (NID_aes_128_ctr, aes_128_no_df, 0), make_drbg_test_data_no_df (NID_aes_192_ctr, aes_192_no_df, 0), make_drbg_test_data_no_df (NID_aes_256_ctr, aes_256_no_df, 1), +#endif make_drbg_test_data_use_df(NID_aes_128_ctr, aes_128_use_df, 0), make_drbg_test_data_use_df(NID_aes_192_ctr, aes_192_use_df, 0), make_drbg_test_data_use_df(NID_aes_256_ctr, aes_256_use_df, 1), @@ -117,8 +127,6 @@ static DRBG_SELFTEST_DATA drbg_test[] = { make_drbg_test_data_hash(NID_sha512, sha512, 0), }; -static int app_data_index; - /* * Test context data, attached as EXDATA to the RAND_DRBG */ @@ -135,7 +143,7 @@ static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout, int entropy, size_t min_len, size_t max_len, int prediction_resistance) { - TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index); + TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_callback_data(drbg); t->entropycnt++; *pout = (unsigned char *)t->entropy; @@ -145,13 +153,38 @@ static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout, static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { - TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index); + TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_callback_data(drbg); t->noncecnt++; *pout = (unsigned char *)t->nonce; return t->noncelen; } + /* + * Disable CRNG testing if it is enabled. + * If the DRBG is ready or in an error state, this means an instantiate cycle + * for which the default personalisation string is used. + */ +static int disable_crngt(RAND_DRBG *drbg) +{ + static const char pers[] = DRBG_DEFAULT_PERS_STRING; + const int instantiate = drbg->state != DRBG_UNINITIALISED; + + if (drbg->get_entropy != rand_crngt_get_entropy) + return 1; + + if ((instantiate && !RAND_DRBG_uninstantiate(drbg)) + || !TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_drbg_get_entropy, + &rand_drbg_cleanup_entropy, + &rand_drbg_get_nonce, + &rand_drbg_cleanup_nonce)) + || (instantiate + && !RAND_DRBG_instantiate(drbg, (const unsigned char *)pers, + sizeof(pers) - 1))) + return 0; + return 1; +} + static int uninstantiate(RAND_DRBG *drbg) { int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg); @@ -177,7 +210,9 @@ static int single_kat(DRBG_SELFTEST_DATA *td) if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL))) return 0; if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, - kat_nonce, NULL))) { + kat_nonce, NULL)) + || !TEST_true(RAND_DRBG_set_callback_data(drbg, &t)) + || !TEST_true(disable_crngt(drbg))) { failures++; goto err; } @@ -186,7 +221,6 @@ static int single_kat(DRBG_SELFTEST_DATA *td) t.entropylen = td->entropylen; t.nonce = td->nonce; t.noncelen = td->noncelen; - RAND_DRBG_set_ex_data(drbg, app_data_index, &t); if (!TEST_true(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)) || !TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0, @@ -210,9 +244,9 @@ static int single_kat(DRBG_SELFTEST_DATA *td) */ if (!TEST_true(RAND_DRBG_set(drbg, td->nid, td->flags)) || !TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, - kat_nonce, NULL))) + kat_nonce, NULL)) + || !TEST_true(RAND_DRBG_set_callback_data(drbg, &t))) failures++; - RAND_DRBG_set_ex_data(drbg, app_data_index, &t); t.entropy = td->entropy_pr; t.entropylen = td->entropylen_pr; t.nonce = td->nonce_pr; @@ -260,7 +294,7 @@ static int init(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td, TEST_CTX *t) || !TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL, kat_nonce, NULL))) return 0; - RAND_DRBG_set_ex_data(drbg, app_data_index, t); + RAND_DRBG_set_callback_data(drbg, t); t->entropy = td->entropy; t->entropylen = td->entropylen; t->nonce = td->nonce; @@ -295,14 +329,15 @@ static int error_check(DRBG_SELFTEST_DATA *td) unsigned int reseed_counter_tmp; int ret = 0; - if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL))) + if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)) + || !TEST_true(disable_crngt(drbg))) goto err; /* * Personalisation string tests */ - /* Test detection of too large personlisation string */ + /* Test detection of too large personalisation string */ if (!init(drbg, td, &t) || RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0) goto err; @@ -429,7 +464,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) */ /* Test explicit reseed with too large additional input */ - if (!init(drbg, td, &t) + if (!instantiate(drbg, td, &t) || RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0) > 0) goto err; @@ -440,7 +475,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) goto err; /* Test explicit reseed with too much entropy */ - if (!init(drbg, td, &t)) + if (!instantiate(drbg, td, &t)) goto err; t.entropylen = drbg->max_entropylen + 1; if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) @@ -448,7 +483,7 @@ static int error_check(DRBG_SELFTEST_DATA *td) goto err; /* Test explicit reseed with too little entropy */ - if (!init(drbg, td, &t)) + if (!instantiate(drbg, td, &t)) goto err; t.entropylen = drbg->min_entropylen - 1; if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0) @@ -514,7 +549,7 @@ static HOOK_CTX master_ctx, public_ctx, private_ctx; static HOOK_CTX *get_hook_ctx(RAND_DRBG *drbg) { - return (HOOK_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index); + return (HOOK_CTX *)RAND_DRBG_get_callback_data(drbg); } /* Intercepts and counts calls to the get_entropy() callback */ @@ -542,17 +577,22 @@ static void hook_drbg(RAND_DRBG *drbg, HOOK_CTX *ctx) memset(ctx, 0, sizeof(*ctx)); ctx->drbg = drbg; ctx->get_entropy = drbg->get_entropy; + + /* + * We can't use the public API here, since it prohibits modifying + * the callbacks or the callback data of chained DRBGs. + */ drbg->get_entropy = get_entropy_hook; - RAND_DRBG_set_ex_data(drbg, app_data_index, ctx); + drbg->callback_data = ctx; } /* Installs the hook for the get_entropy() callback of the given drbg */ static void unhook_drbg(RAND_DRBG *drbg) { - HOOK_CTX *ctx = get_hook_ctx(drbg); + HOOK_CTX *ctx = drbg->callback_data; - drbg->get_entropy = ctx->get_entropy; - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data); + if (ctx != NULL) + drbg->get_entropy = ctx->get_entropy; } /* Resets the given hook context */ @@ -678,6 +718,40 @@ static int test_drbg_reseed(int expect_success, return 1; } + +#if defined(OPENSSL_SYS_UNIX) +/* + * Test whether master, public and private DRBG are reseeded after + * forking the process. + */ +static int test_drbg_reseed_after_fork(RAND_DRBG *master, + RAND_DRBG *public, + RAND_DRBG *private) +{ + pid_t pid; + int status=0; + + pid = fork(); + if (!TEST_int_ge(pid, 0)) + return 0; + + if (pid > 0) { + /* I'm the parent; wait for the child and check its exit code */ + return TEST_int_eq(waitpid(pid, &status, 0), pid) && TEST_int_eq(status, 0); + } + + /* I'm the child; check whether all three DRBGs reseed. */ + if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0))) + status = 1; + + /* Remove hooks */ + unhook_drbg(master); + unhook_drbg(public); + unhook_drbg(private); + exit(status); +} +#endif + /* * Test whether the default rand_method (RAND_OpenSSL()) is * setup correctly, in particular whether reseeding works @@ -708,6 +782,10 @@ static int test_rand_drbg_reseed(void) || !TEST_ptr_eq(private->parent, master)) return 0; + /* Disable CRNG testing for the master DRBG */ + if (!TEST_true(disable_crngt(master))) + return 0; + /* uninstantiate the three global DRBGs */ RAND_DRBG_uninstantiate(private); RAND_DRBG_uninstantiate(public); @@ -764,10 +842,15 @@ static int test_rand_drbg_reseed(void) goto error; reset_drbg_hook_ctx(); +#if defined(OPENSSL_SYS_UNIX) + if (!TEST_true(test_drbg_reseed_after_fork(master, public, private))) + goto error; +#endif /* fill 'randomness' buffer with some arbitrary data */ memset(rand_add_buf, 'r', sizeof(rand_add_buf)); +#ifndef FIPS_MODULE /* * Test whether all three DRBGs are reseeded by RAND_add(). * The before_reseed time has to be measured here and passed into the @@ -793,6 +876,20 @@ static int test_rand_drbg_reseed(void) if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0, 0))) goto error; reset_drbg_hook_ctx(); +#else /* FIPS_MODULE */ + /* + * In FIPS mode, random data provided by the application via RAND_add() + * is not considered a trusted entropy source. It is only treated as + * additional_data and no reseeding is forced. This test assures that + * no reseeding occurs. + */ + before_reseed = time(NULL); + RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); + if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0, + before_reseed))) + goto error; + reset_drbg_hook_ctx(); +#endif rv = 1; @@ -839,6 +936,11 @@ typedef HANDLE thread_t; static DWORD WINAPI thread_run(LPVOID arg) { run_multi_thread_test(); + /* + * Because we're linking with a static library, we must stop each + * thread explicitly, or so says OPENSSL_thread_stop(3) + */ + OPENSSL_thread_stop(); return 0; } @@ -860,6 +962,11 @@ typedef pthread_t thread_t; static void *thread_run(void *arg) { run_multi_thread_test(); + /* + * Because we're linking with a static library, we must stop each + * thread explicitly, or so says OPENSSL_thread_stop(3) + */ + OPENSSL_thread_stop(); return NULL; } @@ -901,46 +1008,6 @@ static int test_multi_thread(void) } #endif -#ifdef OPENSSL_RAND_SEED_NONE -/* - * Calculates the minimum buffer length which needs to be - * provided to RAND_seed() in order to successfully - * instantiate the DRBG. - * - * Copied from rand_drbg_seedlen() in rand_drbg.c - */ -static size_t rand_drbg_seedlen(RAND_DRBG *drbg) -{ - /* - * If no os entropy source is available then RAND_seed(buffer, bufsize) - * is expected to succeed if and only if the buffer length satisfies - * the following requirements, which follow from the calculations - * in RAND_DRBG_instantiate(). - */ - size_t min_entropy = drbg->strength; - size_t min_entropylen = drbg->min_entropylen; - - /* - * Extra entropy for the random nonce in the absence of a - * get_nonce callback, see comment in RAND_DRBG_instantiate(). - */ - if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) { - min_entropy += drbg->strength / 2; - min_entropylen += drbg->min_noncelen; - } - - /* - * Convert entropy requirement from bits to bytes - * (dividing by 8 without rounding upwards, because - * all entropy requirements are divisible by 8). - */ - min_entropy >>= 3; - - /* Return a value that satisfies both requirements */ - return min_entropy > min_entropylen ? min_entropy : min_entropylen; -} -#endif /*OPENSSL_RAND_SEED_NONE*/ - /* * Test that instantiation with RAND_seed() works as expected * @@ -958,7 +1025,8 @@ static int test_rand_seed(void) size_t rand_buflen; size_t required_seed_buflen = 0; - if (!TEST_ptr(master = RAND_DRBG_get0_master())) + if (!TEST_ptr(master = RAND_DRBG_get0_master()) + || !TEST_true(disable_crngt(master))) return 0; #ifdef OPENSSL_RAND_SEED_NONE @@ -1007,13 +1075,91 @@ static int test_rand_add(void) return 1; } +static int test_rand_drbg_prediction_resistance(void) +{ + RAND_DRBG *m = NULL, *i = NULL, *s = NULL; + unsigned char buf1[51], buf2[sizeof(buf1)]; + int ret = 0, mreseed, ireseed, sreseed; + + /* Initialise a three long DRBG chain */ + if (!TEST_ptr(m = RAND_DRBG_new(0, 0, NULL)) + || !TEST_true(disable_crngt(m)) + || !TEST_true(RAND_DRBG_instantiate(m, NULL, 0)) + || !TEST_ptr(i = RAND_DRBG_new(0, 0, m)) + || !TEST_true(RAND_DRBG_instantiate(i, NULL, 0)) + || !TEST_ptr(s = RAND_DRBG_new(0, 0, i)) + || !TEST_true(RAND_DRBG_instantiate(s, NULL, 0))) + goto err; + + /* During a normal reseed, only the slave DRBG should be reseed */ + mreseed = ++m->reseed_prop_counter; + ireseed = ++i->reseed_prop_counter; + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 0)) + || !TEST_int_eq(m->reseed_prop_counter, mreseed) + || !TEST_int_eq(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed)) + goto err; + + /* + * When prediction resistance is requested, the request should be + * propagated to the master, so that the entire DRBG chain reseeds. + */ + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 1)) + || !TEST_int_gt(m->reseed_prop_counter, mreseed) + || !TEST_int_gt(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed)) + goto err; + + /* During a normal generate, only the slave DRBG should be reseed */ + mreseed = ++m->reseed_prop_counter; + ireseed = ++i->reseed_prop_counter; + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_generate(s, buf1, sizeof(buf1), 0, NULL, 0)) + || !TEST_int_eq(m->reseed_prop_counter, mreseed) + || !TEST_int_eq(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed)) + goto err; + + /* + * When a prediction resistant generate is requested, the request + * should be propagated to the master, reseeding the entire DRBG chain. + */ + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_generate(s, buf2, sizeof(buf2), 1, NULL, 0)) + || !TEST_int_gt(m->reseed_prop_counter, mreseed) + || !TEST_int_gt(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed) + || !TEST_mem_ne(buf1, sizeof(buf1), buf2, sizeof(buf2))) + goto err; + + /* Verify that a normal reseed still only reseeds the slave DRBG */ + mreseed = ++m->reseed_prop_counter; + ireseed = ++i->reseed_prop_counter; + sreseed = s->reseed_prop_counter; + if (!TEST_true(RAND_DRBG_reseed(s, NULL, 0, 0)) + || !TEST_int_eq(m->reseed_prop_counter, mreseed) + || !TEST_int_eq(i->reseed_prop_counter, ireseed) + || !TEST_int_gt(s->reseed_prop_counter, sreseed)) + goto err; + + ret = 1; +err: + RAND_DRBG_free(s); + RAND_DRBG_free(i); + RAND_DRBG_free(m); + return ret; +} + static int test_multi_set(void) { int rv = 0; RAND_DRBG *drbg = NULL; /* init drbg with default CTR initializer */ - if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL))) + if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)) + || !TEST_true(disable_crngt(drbg))) goto err; /* change it to use hmac */ if (!TEST_true(RAND_DRBG_set(drbg, NID_sha1, RAND_DRBG_FLAG_HMAC))) @@ -1104,14 +1250,16 @@ static int test_set_defaults(void) && TEST_int_eq(public->type, NID_sha256) && TEST_int_eq(public->flags, RAND_DRBG_FLAG_PUBLIC) - /* Change DRBG defaults and change master and check again */ + /* FIPS mode doesn't support CTR DRBG without a derivation function */ +#ifndef FIPS_MODULE + /* Change DRBG defaults and change master and check again */ && TEST_true(RAND_DRBG_set_defaults(NID_aes_256_ctr, RAND_DRBG_FLAG_CTR_NO_DF)) && TEST_true(RAND_DRBG_uninstantiate(master)) && TEST_int_eq(master->type, NID_aes_256_ctr) && TEST_int_eq(master->flags, RAND_DRBG_FLAG_MASTER|RAND_DRBG_FLAG_CTR_NO_DF) - +#endif /* Reset back to the standard defaults */ && TEST_true(RAND_DRBG_set_defaults(RAND_DRBG_TYPE, RAND_DRBG_FLAGS @@ -1123,19 +1271,131 @@ static int test_set_defaults(void) && TEST_true(RAND_DRBG_uninstantiate(private)); } -int setup_tests(void) +/* + * A list of the FIPS DRGB types. + * Because of the way HMAC DRGBs are implemented, both the NID and flags + * are required. + */ +static const struct s_drgb_types { + int nid; + int flags; +} drgb_types[] = { + { NID_aes_128_ctr, 0 }, + { NID_aes_192_ctr, 0 }, + { NID_aes_256_ctr, 0 }, + { NID_sha1, 0 }, + { NID_sha224, 0 }, + { NID_sha256, 0 }, + { NID_sha384, 0 }, + { NID_sha512, 0 }, + { NID_sha512_224, 0 }, + { NID_sha512_256, 0 }, + { NID_sha3_224, 0 }, + { NID_sha3_256, 0 }, + { NID_sha3_384, 0 }, + { NID_sha3_512, 0 }, + { NID_sha1, RAND_DRBG_FLAG_HMAC }, + { NID_sha224, RAND_DRBG_FLAG_HMAC }, + { NID_sha256, RAND_DRBG_FLAG_HMAC }, + { NID_sha384, RAND_DRBG_FLAG_HMAC }, + { NID_sha512, RAND_DRBG_FLAG_HMAC }, + { NID_sha512_224, RAND_DRBG_FLAG_HMAC }, + { NID_sha512_256, RAND_DRBG_FLAG_HMAC }, + { NID_sha3_224, RAND_DRBG_FLAG_HMAC }, + { NID_sha3_256, RAND_DRBG_FLAG_HMAC }, + { NID_sha3_384, RAND_DRBG_FLAG_HMAC }, + { NID_sha3_512, RAND_DRBG_FLAG_HMAC }, +}; + +/* Six cases for each covers seed sizes up to 32 bytes */ +static const size_t crngt_num_cases = 6; + +static size_t crngt_case, crngt_idx; + +static int crngt_entropy_cb(OPENSSL_CTX *ctx, RAND_POOL *pool, + unsigned char *buf, unsigned char *md, + unsigned int *md_size) +{ + size_t i, z; + + if (!TEST_int_lt(crngt_idx, crngt_num_cases)) + return 0; + /* Generate a block of unique data unless this is the duplication point */ + z = crngt_idx++; + if (z > 0 && crngt_case == z) + z--; + for (i = 0; i < CRNGT_BUFSIZ; i++) + buf[i] = (unsigned char)(i + 'A' + z); + return EVP_Digest(buf, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL); +} + +static int test_crngt(int n) { - app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL); + const struct s_drgb_types *dt = drgb_types + n / crngt_num_cases; + RAND_DRBG *drbg = NULL; + unsigned char buff[100]; + size_t ent; + int res = 0; + int expect; + OPENSSL_CTX *ctx = OPENSSL_CTX_new(); + + if (!TEST_ptr(ctx)) + return 0; + if (!TEST_ptr(drbg = RAND_DRBG_new_ex(ctx, dt->nid, dt->flags, NULL))) + goto err; + ent = (drbg->min_entropylen + CRNGT_BUFSIZ - 1) / CRNGT_BUFSIZ; + crngt_case = n % crngt_num_cases; + crngt_idx = 0; + crngt_get_entropy = &crngt_entropy_cb; +#ifndef FIPS_MODULE + if (!TEST_true(RAND_DRBG_set_callbacks(drbg, &rand_crngt_get_entropy, + &rand_crngt_cleanup_entropy, + &rand_drbg_get_nonce, + &rand_drbg_cleanup_nonce))) + goto err; +#endif + expect = crngt_case == 0 || crngt_case > ent; + if (!TEST_int_eq(RAND_DRBG_instantiate(drbg, NULL, 0), expect)) + goto err; + if (!expect) + goto fin; + if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0))) + goto err; + + expect = crngt_case == 0 || crngt_case > 2 * ent; + if (!TEST_int_eq(RAND_DRBG_reseed(drbg, NULL, 0, 0), expect)) + goto err; + if (!expect) + goto fin; + if (!TEST_true(RAND_DRBG_generate(drbg, buff, sizeof(buff), 0, NULL, 0))) + goto err; + +fin: + res = 1; +err: + if (!res) + TEST_note("DRBG %zd case %zd block %zd", n / crngt_num_cases, + crngt_case, crngt_idx); + uninstantiate(drbg); + RAND_DRBG_free(drbg); + crngt_get_entropy = &rand_crngt_get_entropy_cb; + OPENSSL_CTX_free(ctx); + return res; +} +int setup_tests(void) +{ ADD_ALL_TESTS(test_kats, OSSL_NELEM(drbg_test)); ADD_ALL_TESTS(test_error_checks, OSSL_NELEM(drbg_test)); ADD_TEST(test_rand_drbg_reseed); ADD_TEST(test_rand_seed); ADD_TEST(test_rand_add); + ADD_TEST(test_rand_drbg_prediction_resistance); ADD_TEST(test_multi_set); ADD_TEST(test_set_defaults); #if defined(OPENSSL_THREADS) ADD_TEST(test_multi_thread); #endif + ADD_ALL_TESTS(test_crngt, crngt_num_cases * OSSL_NELEM(drgb_types)); return 1; }