[tor-commits] [pluggable-transports/snowflake] branch main updated: Don't use entropy for test

gitolite role git at cupani.torproject.org
Thu Jun 2 15:41:29 UTC 2022 

This is an automated email from the git hooks/post-receive script.

meskio pushed a commit to branch main
in repository pluggable-transports/snowflake.

The following commit(s) were added to refs/heads/main by this push:
     new f38c91f  Don't use entropy for test
f38c91f is described below

commit f38c91f906af5b806f463e790eddc134961abf1f
Author: meskio <meskio at torproject.org>
AuthorDate: Thu Jun 2 11:19:47 2022 +0200

    Don't use entropy for test
    
    Use math/rand instead of crypto/rand, so entropy is not a blocker when
    running the tests.
---
 common/amp/armor_test.go         |  2 +-
 common/utls/roundtripper_test.go | 14 +++++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/common/amp/armor_test.go b/common/amp/armor_test.go
index 594ae65..fc7561e 100644
--- a/common/amp/armor_test.go
+++ b/common/amp/armor_test.go
@@ -1,9 +1,9 @@
 package amp
 
 import (
-	"crypto/rand"
 	"io"
 	"io/ioutil"
+	"math/rand"
 	"strings"
 	"testing"
 )
diff --git a/common/utls/roundtripper_test.go b/common/utls/roundtripper_test.go
index 6a91385..bccb799 100644
--- a/common/utls/roundtripper_test.go
+++ b/common/utls/roundtripper_test.go
@@ -1,12 +1,12 @@
 package utls
 
 import (
-	"crypto/rand"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"math/big"
+	"math/rand"
 	"net/http"
 	"testing"
 	"time"
@@ -26,7 +26,15 @@ func TestRoundTripper(t *testing.T) {
 	Convey("[Test]Set up http servers", t, func(c C) {
 		c.Convey("[Test]Generate Self-Signed Cert", func(c C) {
 			// Ported from https://gist.github.com/samuel/8b500ddd3f6118d052b5e6bc16bc4c09
-			priv, err := rsa.GenerateKey(rand.Reader, 4096)
+
+			// note that we use the insecure math/rand here because some platforms
+			// fail the test suite at build time in Debian, due to entropy starvation.
+			// since that's not a problem at test time, we do *not* use a secure
+			// mechanism for key generation.
+			//
+			// DO NOT REUSE THIS CODE IN PRODUCTION, IT IS DANGEROUS
+			insecureRandReader := rand.New(rand.NewSource(1337))
+			priv, err := rsa.GenerateKey(insecureRandReader, 4096)
 			c.So(err, ShouldBeNil)
 			template := x509.Certificate{
 				SerialNumber: big.NewInt(1),
@@ -40,7 +48,7 @@ func TestRoundTripper(t *testing.T) {
 				ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 				BasicConstraintsValid: true,
 			}
-			derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, priv.Public(), priv)
+			derBytes, err := x509.CreateCertificate(insecureRandReader, &template, &template, priv.Public(), priv)
 			c.So(err, ShouldBeNil)
 			selfSignedPrivateKey = priv
 			selfSignedCert = derBytes

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list