add DRBG reseed boundary test

JeremiahM37 · JeremiahM37 · commit 48c6f34b0b47 · 2026-04-24T14:33:05.000Z
diff --git a/tests/api/test_random.c b/tests/api/test_random.c
@@ -94,6 +94,60 @@ int test_wc_RNG_GenerateBlock_Reseed(void)
     return EXPECT_RESULT();
 }
 
+/*
+ * Exercise the exact Hash_DRBG reseed-counter boundary: a mutation of
+ * `>=` to `>` in the reseed check would survive all existing tests because
+ * nothing generates WC_RESEED_INTERVAL blocks. Set the counter to the
+ * boundary, generate, and confirm the next call reseeds (counter resets).
+ */
+int test_wc_RNG_ReseedBoundary(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) && \
+    !defined(HAVE_FIPS)
+    /* FIPS builds keep DRBG_internal opaque (defined only inside the FIPS
+     * module), so we can't poke reseedCtr directly. Skip under FIPS. */
+    WC_RNG rng;
+    struct DRBG_internal* drbg;
+    byte   out[32];
+#ifdef WORD64_AVAILABLE
+    word64 startCtr;
+#else
+    word32 startCtr;
+#endif
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    /* The test requires a regular in-process DRBG. Skip when wc_InitRng
+     * routes to a bank (status != DRBG_OK), when the backend bypasses the
+     * DRBG (RDRAND, cryptocb, etc.) and leaves the counter untouched, or
+     * when drbg is otherwise not a DRBG_internal. */
+    drbg = (struct DRBG_internal*)rng.drbg;
+    if (drbg != NULL && rng.status == WC_DRBG_OK) {
+        startCtr = drbg->reseedCtr;
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, out, sizeof(out)), 0);
+        if (drbg->reseedCtr == startCtr + 1) {
+            /* Counter advanced, so this backend really is the DRBG. Set to
+             * WC_RESEED_INTERVAL - 1 and verify the reseed boundary:
+             *  - First generate: counter -> WC_RESEED_INTERVAL.
+             *  - Second generate: counter >= WC_RESEED_INTERVAL triggers
+             *    reseed (counter = 1), then post-increments to 2.
+             * A `>` mutation of the check would leave the counter at
+             * WC_RESEED_INTERVAL + 1 instead. */
+            drbg->reseedCtr = WC_RESEED_INTERVAL - 1;
+            ExpectIntEQ(wc_RNG_GenerateBlock(&rng, out, sizeof(out)), 0);
+            ExpectTrue(drbg->reseedCtr == WC_RESEED_INTERVAL);
+            ExpectIntEQ(wc_RNG_GenerateBlock(&rng, out, sizeof(out)), 0);
+            ExpectTrue(drbg->reseedCtr == 2);
+        }
+    }
+
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
 int test_wc_RNG_GenerateBlock(void)
 {
     EXPECT_DECLS;
diff --git a/tests/api/test_random.h b/tests/api/test_random.h
@@ -26,6 +26,7 @@
 
 int test_wc_InitRng(void);
 int test_wc_RNG_GenerateBlock_Reseed(void);
+int test_wc_RNG_ReseedBoundary(void);
 int test_wc_RNG_GenerateBlock(void);
 int test_wc_RNG_GenerateByte(void);
 int test_wc_InitRngNonce(void);
@@ -39,6 +40,7 @@ int test_wc_RNG_HealthTest(void);
 #define TEST_RANDOM_DECLS                                           \
     TEST_DECL_GROUP("random", test_wc_InitRng),                     \
     TEST_DECL_GROUP("random", test_wc_RNG_GenerateBlock_Reseed),    \
+    TEST_DECL_GROUP("random", test_wc_RNG_ReseedBoundary),          \
     TEST_DECL_GROUP("random", test_wc_RNG_GenerateBlock),           \
     TEST_DECL_GROUP("random", test_wc_RNG_GenerateByte),            \
     TEST_DECL_GROUP("random", test_wc_InitRngNonce),                \
