crypto/fipsmodule: Allow breaking CRNG self-test.
Change-Id: I3d1ddc8cca9fb1da5d0b6a68ba2125c89e5bc0ce
Reviewed-on: https://boringssl-review.googlesource.com/16304
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/fipsmodule/rand/rand.c b/crypto/fipsmodule/rand/rand.c
index 4f5e579..d274590 100644
--- a/crypto/fipsmodule/rand/rand.c
+++ b/crypto/fipsmodule/rand/rand.c
@@ -135,7 +135,10 @@
* generator test” which causes the program to randomly abort. Hopefully the
* rate of failure is small enough not to be a problem in practice. */
if (CRYPTO_memcmp(state->last_block, entropy, CRNGT_BLOCK_SIZE) == 0) {
- abort();
+ for (;;) {
+ exit(1);
+ abort();
+ }
}
for (size_t i = CRNGT_BLOCK_SIZE; i < sizeof(entropy);
diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c
index 9a821f7..dcb19cd 100644
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/fipsmodule/rand/urandom.c
@@ -292,6 +292,12 @@
if (!fill_with_entropy(out, requested)) {
abort();
}
+
+#if defined(BORINGSSL_FIPS_BREAK_CRNG)
+ // This breaks the "continuous random number generator test" defined in FIPS
+ // 140-2, section 4.9.2, and implemented in rand_get_seed().
+ OPENSSL_memset(out, 0, requested);
+#endif
}
#endif /* !OPENSSL_WINDOWS && !defined(OPENSSL_FUCHSIA) && \
