Fix a race condition in drbgtest.c

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7531)

1 files changed, 24 insertions, 10 deletions

diff --git a/test/drbgtest.c b/test/drbgtest.c
index a3beebc774..c285c75229 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -581,6 +581,8 @@ static void reset_drbg_hook_ctx(void)
  *       1:  it is expected that the specified DRBG is reseeded
  *       0:  it is expected that the specified DRBG is not reseeded
  *      -1:  don't check whether the specified DRBG was reseeded or not
+ * |reseed_time|: if nonzero, used instead of time(NULL) to set the
+ *                |before_reseed| time.
  */
 static int test_drbg_reseed(int expect_success,
                             RAND_DRBG *master,
@@ -588,7 +590,8 @@ static int test_drbg_reseed(int expect_success,
                             RAND_DRBG *private,
                             int expect_master_reseed,
                             int expect_public_reseed,
-                            int expect_private_reseed
+                            int expect_private_reseed,
+                            time_t reseed_time
                            )
 {
     unsigned char buf[32];
@@ -614,8 +617,11 @@ static int test_drbg_reseed(int expect_success,
      * step 2: generate random output
      */
 
+    if (reseed_time == 0)
+        reseed_time = time(NULL);
+
     /* Generate random output from the public and private DRBG */
-    before_reseed = expect_master_reseed == 1 ? time(NULL) : 0;
+    before_reseed = expect_master_reseed == 1 ? reseed_time : 0;
     if (!TEST_int_eq(RAND_bytes(buf, sizeof(buf)), expect_success)
         || !TEST_int_eq(RAND_priv_bytes(buf, sizeof(buf)), expect_success))
         return 0;
@@ -682,6 +688,7 @@ static int test_rand_drbg_reseed(void)
     RAND_DRBG *master, *public, *private;
     unsigned char rand_add_buf[256];
     int rv=0;
+    time_t before_reseed;
 
     /* Check whether RAND_OpenSSL() is the default method */
     if (!TEST_ptr_eq(RAND_get_rand_method(), RAND_OpenSSL()))
@@ -716,7 +723,7 @@ static int test_rand_drbg_reseed(void)
     /*
      * Test initial seeding of shared DRBGs
      */
-    if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1)))
+    if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1, 0)))
         goto error;
     reset_drbg_hook_ctx();
 
@@ -724,7 +731,7 @@ static int test_rand_drbg_reseed(void)
     /*
      * Test initial state of shared DRBGs
      */
-    if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0)))
+    if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0, 0)))
         goto error;
     reset_drbg_hook_ctx();
 
@@ -733,7 +740,7 @@ static int test_rand_drbg_reseed(void)
      * reseed counters differ from the master's reseed counter.
      */
     master->reseed_prop_counter++;
-    if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1)))
+    if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1, 0)))
         goto error;
     reset_drbg_hook_ctx();
 
@@ -743,7 +750,7 @@ static int test_rand_drbg_reseed(void)
      */
     master->reseed_prop_counter++;
     private->reseed_prop_counter++;
-    if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0)))
+    if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0, 0)))
         goto error;
     reset_drbg_hook_ctx();
 
@@ -753,7 +760,7 @@ static int test_rand_drbg_reseed(void)
      */
     master->reseed_prop_counter++;
     public->reseed_prop_counter++;
-    if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1)))
+    if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1, 0)))
         goto error;
     reset_drbg_hook_ctx();
 
@@ -762,10 +769,17 @@ static int test_rand_drbg_reseed(void)
     memset(rand_add_buf, 'r', sizeof(rand_add_buf));
 
     /*
-     * Test whether all three DRBGs are reseeded by RAND_add()
+     * Test whether all three DRBGs are reseeded by RAND_add().
+     * The before_reseed time has to be measured here and passed into the
+     * test_drbg_reseed() test, because the master DRBG gets already reseeded
+     * in RAND_add(), whence the check for the condition
+     * before_reseed <= master->reseed_time will fail if the time value happens
+     * to increase between the RAND_add() and the test_drbg_reseed() call.
      */
+    before_reseed = time(NULL);
     RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
-    if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1)))
+    if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1,
+                                    before_reseed)))
         goto error;
     reset_drbg_hook_ctx();
 
@@ -776,7 +790,7 @@ static int test_rand_drbg_reseed(void)
     master_ctx.fail = 1;
     master->reseed_prop_counter++;
     RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
-    if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0)))
+    if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0, 0)))
         goto error;
     reset_drbg_hook_ctx();