summaryrefslogtreecommitdiffstats
path: root/providers
diff options
context:
space:
mode:
authorPauli <pauli@openssl.org>2021-10-25 04:01:11 +0200
committerPauli <pauli@openssl.org>2021-10-26 12:02:55 +0200
commitd4dfd983e32b32b633aaa9edec422cc30419c6f7 (patch)
tree12da0013339da819a29c042a900830774ddb0a87 /providers
parentNote that SHA1 and MD5 x509 signatures are also forbidden at security level 1 (diff)
downloadopenssl-d4dfd983e32b32b633aaa9edec422cc30419c6f7.tar.xz
openssl-d4dfd983e32b32b633aaa9edec422cc30419c6f7.zip
test-rand: return failure on not enough data, allow parent
The test-rand RNG was returning success when it had some but insufficient data. Now, it returns failure and doesn't advance the data pointer. The test-rand RNG was failing when a parent was specified. This case is now ignored. Fixes #16785 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16905)
Diffstat (limited to 'providers')
-rw-r--r--providers/implementations/rands/test_rng.c14
1 files changed, 3 insertions, 11 deletions
diff --git a/providers/implementations/rands/test_rng.c b/providers/implementations/rands/test_rng.c
index bdad7ac9ac..4e7fed0fc7 100644
--- a/providers/implementations/rands/test_rng.c
+++ b/providers/implementations/rands/test_rng.c
@@ -52,9 +52,6 @@ static void *test_rng_new(void *provctx, void *parent,
{
PROV_TEST_RNG *t;
- if (parent != NULL)
- return NULL;
-
t = OPENSSL_zalloc(sizeof(*t));
if (t == NULL)
return NULL;
@@ -107,16 +104,11 @@ static int test_rng_generate(void *vtest, unsigned char *out, size_t outlen,
const unsigned char *adin, size_t adin_len)
{
PROV_TEST_RNG *t = (PROV_TEST_RNG *)vtest;
- size_t i;
- if (strength > t->strength)
+ if (strength > t->strength || t->entropy_len - t->entropy_pos < outlen)
return 0;
-
- for (i = 0; i < outlen; i++) {
- out[i] = t->entropy[t->entropy_pos++];
- if (t->entropy_pos >= t->entropy_len)
- break;
- }
+ memcpy(out, t->entropy + t->entropy_pos, outlen);
+ t->entropy_pos += outlen;
return 1;
}