diff options
author | Pauli <pauli@openssl.org> | 2022-10-26 20:09:24 +1100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-11-02 08:42:46 +1100 |
commit | 33290c534750f031cbf384f0ad8c05555a16f726 (patch) | |
tree | fc47e72ffc3d094ff519284f901df8d6eb54983a /providers | |
parent | 7057dddbcb5e053470121adeff0b6595fa6da0d8 (diff) |
fips: verify that the RNG was restored after the self tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/fips/self_test.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c index e10b00b5aa..10804d9f59 100644 --- a/providers/fips/self_test.c +++ b/providers/fips/self_test.c @@ -15,6 +15,7 @@ #include <openssl/fipskey.h> #include <openssl/err.h> #include <openssl/proverr.h> +#include <openssl/rand.h> #include "internal/e_os.h" #include "prov/providercommon.h" @@ -307,6 +308,8 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) unsigned char *indicator_checksum = NULL; int loclstate; OSSL_SELF_TEST *ev = NULL; + EVP_RAND *testrand = NULL; + EVP_RAND_CTX *rng; if (!RUN_ONCE(&fips_self_test_init, do_fips_self_test_init)) return 0; @@ -417,8 +420,19 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test) } } + /* Verify that the RNG has been restored properly */ + testrand = EVP_RAND_fetch(st->libctx, "TEST-RAND", NULL); + if (testrand == NULL + || (rng = RAND_get0_private(st->libctx)) == NULL + || strcmp(EVP_RAND_get0_name(EVP_RAND_CTX_get0_rand(rng)), + EVP_RAND_get0_name(testrand)) == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE); + goto end; + } + ok = 1; end: + EVP_RAND_free(testrand); OSSL_SELF_TEST_free(ev); OPENSSL_free(module_checksum); OPENSSL_free(indicator_checksum); |