diff options
author | Matthew Dempsky <matthew@cvs.openbsd.org> | 2014-06-18 08:24:01 +0000 |
---|---|---|
committer | Matthew Dempsky <matthew@cvs.openbsd.org> | 2014-06-18 08:24:01 +0000 |
commit | f64e519739a20e65a083dc525468a39c5f7a4529 (patch) | |
tree | 09f6af12401bfbf391b1c05dda1f7219fd91357b | |
parent | 3dd53c2d4a7800aa76ac493de665ece6db85e402 (diff) |
Add regress tests to make sure arc4random(3) is reinitialized
correctly in fork children.
-rw-r--r-- | regress/lib/libc/Makefile | 5 | ||||
-rw-r--r-- | regress/lib/libc/arc4random-fork/Makefile | 25 | ||||
-rw-r--r-- | regress/lib/libc/arc4random-fork/arc4random-fork.c | 153 |
3 files changed, 181 insertions, 2 deletions
diff --git a/regress/lib/libc/Makefile b/regress/lib/libc/Makefile index e7a96f1eceb..06c09d35cd2 100644 --- a/regress/lib/libc/Makefile +++ b/regress/lib/libc/Makefile @@ -1,6 +1,7 @@ -# $OpenBSD: Makefile,v 1.41 2014/06/13 01:55:02 matthew Exp $ +# $OpenBSD: Makefile,v 1.42 2014/06/18 08:24:00 matthew Exp $ -SUBDIR+= _setjmp alloca atexit basename cephes cxa-atexit db dirname env +SUBDIR+= _setjmp alloca arc4random-fork +SUBDIR+= atexit basename cephes cxa-atexit db dirname env SUBDIR+= explicit_bzero fmemopen fnmatch fpclassify getcap getopt_long glob SUBDIR+= hsearch longjmp locale malloc mkstemp modf netdb open_memstream SUBDIR+= orientation popen printf diff --git a/regress/lib/libc/arc4random-fork/Makefile b/regress/lib/libc/arc4random-fork/Makefile new file mode 100644 index 00000000000..05762e33ffc --- /dev/null +++ b/regress/lib/libc/arc4random-fork/Makefile @@ -0,0 +1,25 @@ +# $OpenBSD: Makefile,v 1.1 2014/06/18 08:24:00 matthew Exp $ + +PROG= arc4random-fork + +REGRESS_TARGETS= \ + run \ + run-buf \ + run-prefork \ + run-buf-prefork + +run: ${PROG} + ./${PROG} + +run-buf: ${PROG} + ./${PROG} -b + +run-prefork: ${PROG} + ./${PROG} -p + +run-buf-prefork: ${PROG} + ./${PROG} -bp + +.PHONY: ${REGRESS_TARGETS} + +.include <bsd.regress.mk> diff --git a/regress/lib/libc/arc4random-fork/arc4random-fork.c b/regress/lib/libc/arc4random-fork/arc4random-fork.c new file mode 100644 index 00000000000..35a9ea6a980 --- /dev/null +++ b/regress/lib/libc/arc4random-fork/arc4random-fork.c @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2014 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <sys/mman.h> +#include <sys/wait.h> +#include <assert.h> +#include <err.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define CHECK(x) assert(x) +#define CHECK_EQ(a, b) assert((a) == (b)) +#define CHECK_NE(a, b) assert((a) != (b)) +#define CHECK_GE(a, b) assert((a) >= (b)) +#define CHECK_LE(a, b) assert((a) <= (b)) + +/* Test arc4random_buf(3) instead of arc4random(3). */ +static int flagbuf; + +/* Initialize arc4random(3) before forking. */ +static int flagprefork; + +enum { + N = 4096 +}; + +typedef struct { + uint32_t x[N]; +} Buf; + +static int +isfullbuf(const Buf *buf) +{ + size_t i; + for (i = 0; i < N; i++) + if (buf->x[i]) + return (1); + return (0); +} + +static void +fillbuf(Buf *buf) +{ + if (flagbuf) { + arc4random_buf(buf->x, sizeof(buf->x)); + } else { + size_t i; + for (i = 0; i < N; i++) + buf->x[i] = arc4random(); + } +} + +static void +usage() +{ + extern const char *__progname; + errx(1, "usage: %s [-bp]", __progname); +} + +int +main(int argc, char *argv[]) +{ + int opt, status; + Buf *bufparent, *bufchildone, *bufchildtwo; + pid_t pidone, pidtwo; + size_t i, countone = 0, counttwo = 0, countkids = 0; + + while ((opt = getopt(argc, argv, "bp")) != -1) { + switch (opt) { + case 'b': + flagbuf = 1; + break; + case 'p': + flagprefork = 1; + break; + default: + usage(); + } + } + + if (flagprefork) + arc4random(); + + bufparent = mmap(NULL, sizeof(Buf), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0); + CHECK_NE(MAP_FAILED, bufparent); + + bufchildone = mmap(NULL, sizeof(Buf), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_SHARED, -1, 0); + CHECK_NE(MAP_FAILED, bufchildone); + + bufchildtwo = mmap(NULL, sizeof(Buf), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_SHARED, -1, 0); + CHECK_NE(MAP_FAILED, bufchildtwo); + + pidone = fork(); + CHECK_GE(pidone, 0); + if (pidone == 0) { + fillbuf(bufchildone); + _exit(0); + } + + pidtwo = fork(); + CHECK_GE(pidtwo, 0); + if (pidtwo == 0) { + fillbuf(bufchildtwo); + _exit(0); + } + + fillbuf(bufparent); + + CHECK_EQ(pidone, waitpid(pidone, &status, 0)); + CHECK(WIFEXITED(status)); + CHECK_EQ(0, WEXITSTATUS(status)); + + CHECK_EQ(pidtwo, waitpid(pidtwo, &status, 0)); + CHECK(WIFEXITED(status)); + CHECK_EQ(0, WEXITSTATUS(status)); + + CHECK(isfullbuf(bufchildone)); + CHECK(isfullbuf(bufchildtwo)); + + for (i = 0; i < N; i++) { + countone += bufparent->x[i] == bufchildone->x[i]; + counttwo += bufparent->x[i] == bufchildtwo->x[i]; + countkids += bufchildone->x[i] == bufchildtwo->x[i]; + } + + /* + * These checks are inherently probabilistic and theoretically risk + * flaking, but there's less than a 1 in 2^40 chance of more than + * one pairwise match between two vectors of 4096 32-bit integers. + */ + CHECK_LE(countone, 1); + CHECK_LE(counttwo, 1); + CHECK_LE(countkids, 1); + + return (0); +} |