diff options
author | Pauli <pauli@openssl.org> | 2021-10-25 04:01:11 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-10-26 12:02:55 +0200 |
commit | d4dfd983e32b32b633aaa9edec422cc30419c6f7 (patch) | |
tree | 12da0013339da819a29c042a900830774ddb0a87 /providers | |
parent | Note that SHA1 and MD5 x509 signatures are also forbidden at security level 1 (diff) | |
download | openssl-d4dfd983e32b32b633aaa9edec422cc30419c6f7.tar.xz openssl-d4dfd983e32b32b633aaa9edec422cc30419c6f7.zip |
test-rand: return failure on not enough data, allow parent
The test-rand RNG was returning success when it had some but insufficient data.
Now, it returns failure and doesn't advance the data pointer.
The test-rand RNG was failing when a parent was specified. This case is now
ignored.
Fixes #16785
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16905)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/rands/test_rng.c | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c index bdad7ac9ac..4e7fed0fc7 100644 --- a/providers/implementations/rands/test_rng.c +++ b/providers/implementations/rands/test_rng.c @@ -52,9 +52,6 @@ static void *test_rng_new(void *provctx, void *parent, { PROV_TEST_RNG *t; - if (parent != NULL) - return NULL; - t = OPENSSL_zalloc(sizeof(*t)); if (t == NULL) return NULL; @@ -107,16 +104,11 @@ static int test_rng_generate(void *vtest, unsigned char *out, size_t outlen, const unsigned char *adin, size_t adin_len) { PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest; - size_t i; - if (strength > t->strength) + if (strength > t->strength || t->entropy_len - t->entropy_pos < outlen) return 0; - - for (i = 0; i < outlen; i++) { - out[i] = t->entropy[t->entropy_pos++]; - if (t->entropy_pos >= t->entropy_len) - break; - } + memcpy(out, t->entropy + t->entropy_pos, outlen); + t->entropy_pos += outlen; return 1; } |