rand: instantiate the DRBGs upon first use.

Fixes #12714 [skip ci] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12717)
2020-08-26 14:11:49 +10:00 · 2020-08-26 14:11:49 +10:00 · 4516bf7422
parent edd53e9135
commit 4516bf7422
4 changed files with 41 additions and 4 deletions
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@ -246,7 +246,7 @@ int RAND_status(void)
        return meth->status != NULL ? meth->status() : 0;

    if ((rand = RAND_get0_primary(NULL)) == NULL)
-        return EVP_RAND_STATE_UNINITIALISED;
+        return 0;
    return EVP_RAND_state(rand) == EVP_RAND_STATE_READY;
 }
 #else  /* !FIPS_MODULE */
@ -467,7 +467,12 @@ static EVP_RAND_CTX *rand_new_drbg(OPENSSL_CTX *libctx, EVP_RAND_CTX *parent,
    if (!EVP_RAND_set_ctx_params(ctx, params)) {
        RANDerr(0, RAND_R_ERROR_INITIALISING_DRBG);
        EVP_RAND_CTX_free(ctx);
-        ctx = NULL;
+        return NULL;
+    }
+    if (!EVP_RAND_instantiate(ctx, 0, 0, NULL, 0)) {
+        RANDerr(0, RAND_R_ERROR_INSTANTIATING_DRBG);
+        EVP_RAND_CTX_free(ctx);
+        return NULL;
    }
    return ctx;
 }
--- a/test/build.info
+++ b/test/build.info
@ -52,7 +52,7 @@ IF[{- !$disabled{tests} -}]
          cipherbytes_test \
          asn1_encode_test asn1_decode_test asn1_string_table_test \
          x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
-          recordlentest drbgtest sslbuffertest \
+          recordlentest drbgtest rand_status_test sslbuffertest \
          time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
          http_test servername_test ocspapitest fatalerrtest tls13ccstest \
          sysdefaulttest errtest ssl_ctx_test gosttest \
@ -380,6 +380,10 @@ IF[{- !$disabled{tests} -}]
  INCLUDE[drbgtest]=../include ../apps/include
  DEPEND[drbgtest]=../libcrypto.a libtestutil.a

+  SOURCE[rand_status_test]=rand_status_test.c
+  INCLUDE[rand_status_test]=../include ../apps/include
+  DEPEND[rand_status_test]=../libcrypto libtestutil.a
+
  SOURCE[x509_dup_cert_test]=x509_dup_cert_test.c
  INCLUDE[x509_dup_cert_test]=../include ../apps/include
  DEPEND[x509_dup_cert_test]=../libcrypto libtestutil.a
--- a/test/rand_status_test.c
+++ b/test/rand_status_test.c
@ -0,0 +1,27 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rand.h>
+#include "testutil.h"
+
+/*
+ * This needs to be in a test executable all by itself so that it can be
+ * guaranteed to run before any generate calls have been made.
+ */
+
+static int test_rand_status(void)
+{
+    return TEST_true(RAND_status());
+}
+
+int setup_tests(void)
+{
+    ADD_TEST(test_rand_status);
+    return 1;
+}
--- a/test/recipes/05-test_rand.t
+++ b/test/recipes/05-test_rand.t
@ -11,7 +11,8 @@ use warnings;
 use OpenSSL::Test;
 use OpenSSL::Test::Utils;

-plan tests => 1;
+plan tests => 2;
 setup("test_rand");

 ok(run(test(["drbgtest"])));
+ok(run(test(["rand_status_test"])));