openssl/openssl-1.1.1-fips-post-rand.patch

190 lines
6.6 KiB
Diff
Raw Normal View History

2019-09-13 15:25:44 +00:00
diff -up openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand openssl-1.1.1d/crypto/fips/fips.c
--- openssl-1.1.1d/crypto/fips/fips.c.fips-post-rand 2019-09-13 16:15:52.656716089 +0200
+++ openssl-1.1.1d/crypto/fips/fips.c 2019-09-13 16:44:33.217852364 +0200
@@ -68,6 +68,7 @@
# include <openssl/fips.h>
# include "internal/thread_once.h"
+# include "internal/rand_int.h"
# ifndef PATH_MAX
# define PATH_MAX 1024
@@ -76,6 +77,7 @@
static int fips_selftest_fail = 0;
static int fips_mode = 0;
static int fips_started = 0;
+static int fips_post = 0;
static int fips_is_owning_thread(void);
static int fips_set_owning_thread(void);
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
fips_selftest_fail = 1;
}
+int fips_in_post(void)
+{
+ return fips_post;
+}
+
/* we implement what libfipscheck does ourselves */
static int
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
}
# endif
+ fips_post = 1;
+
if (!FIPS_selftest()) {
fips_selftest_fail = 1;
ret = 0;
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
goto end;
}
+ fips_post = 0;
+
fips_set_mode(onoff);
+ /* force RNG reseed with entropy from getrandom() on next call */
2019-09-13 15:25:44 +00:00
+ rand_force_reseed();
+
ret = 1;
goto end;
}
2019-09-13 15:25:44 +00:00
diff -up openssl-1.1.1d/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1d/crypto/include/internal/fips_int.h
--- openssl-1.1.1d/crypto/include/internal/fips_int.h.fips-post-rand 2019-09-13 16:15:52.666715914 +0200
+++ openssl-1.1.1d/crypto/include/internal/fips_int.h 2019-09-13 16:15:52.690715496 +0200
2019-05-29 15:23:31 +00:00
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
int FIPS_selftest_drbg(void);
int FIPS_selftest_cmac(void);
+int fips_in_post(void);
+
int fips_pkey_signature_test(EVP_PKEY *pkey,
const unsigned char *tbs, int tbslen,
const unsigned char *kat,
2019-09-13 15:25:44 +00:00
diff -up openssl-1.1.1d/crypto/include/internal/rand_int.h.fips-post-rand openssl-1.1.1d/crypto/include/internal/rand_int.h
--- openssl-1.1.1d/crypto/include/internal/rand_int.h.fips-post-rand 2019-09-13 16:15:52.307722175 +0200
+++ openssl-1.1.1d/crypto/include/internal/rand_int.h 2019-09-13 16:41:47.133736023 +0200
@@ -24,6 +24,7 @@
typedef struct rand_pool_st RAND_POOL;
void rand_cleanup_int(void);
+void rand_force_reseed(void);
void rand_drbg_cleanup_int(void);
void drbg_delete_thread_state(void);
diff -up openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1d/crypto/rand/drbg_lib.c
--- openssl-1.1.1d/crypto/rand/drbg_lib.c.fips-post-rand 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/rand/drbg_lib.c 2019-09-13 16:44:04.808345620 +0200
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
}
+void rand_force_reseed(void)
+{
+ RAND_DRBG *drbg;
+
+ drbg = RAND_DRBG_get0_master();
+ drbg->fork_id = 0;
+
+ drbg = RAND_DRBG_get0_private();
+ drbg->fork_id = 0;
+
+ drbg = RAND_DRBG_get0_public();
+ drbg->fork_id = 0;
+}
+
/* Implements the default OpenSSL RAND_add() method */
static int drbg_add(const void *buf, int num, double randomness)
{
diff -up openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1d/crypto/rand/rand_unix.c
--- openssl-1.1.1d/crypto/rand/rand_unix.c.fips-post-rand 2019-09-10 15:13:07.000000000 +0200
+++ openssl-1.1.1d/crypto/rand/rand_unix.c 2019-09-13 16:15:52.690715496 +0200
@@ -17,10 +17,12 @@
#include <openssl/crypto.h>
#include "rand_lcl.h"
#include "internal/rand_int.h"
+#include "internal/fips_int.h"
#include <stdio.h>
#include "internal/dso.h"
2019-09-13 15:25:44 +00:00
#ifdef __linux
# include <sys/syscall.h>
+# include <sys/random.h>
2019-09-13 15:25:44 +00:00
# ifdef DEVRANDOM_WAIT
# include <sys/shm.h>
# include <sys/utsname.h>
@@ -295,7 +297,7 @@ static ssize_t sysctl_random(char *buf,
* syscall_random(): Try to get random data using a system call
* returns the number of bytes returned in buf, or < 0 on error.
*/
-static ssize_t syscall_random(void *buf, size_t buflen)
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
{
/*
* Note: 'buflen' equals the size of the buffer which is used by the
2019-09-13 15:25:44 +00:00
@@ -317,6 +319,7 @@ static ssize_t syscall_random(void *buf,
* - Linux since 3.17 with glibc 2.25
* - FreeBSD since 12.0 (1200061)
*/
+# if 0
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
2019-09-13 15:25:44 +00:00
@@ -338,10 +341,10 @@ static ssize_t syscall_random(void *buf,
if (p_getentropy.p != NULL)
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
# endif
-
+# endif
/* Linux supports this since version 3.17 */
2019-05-29 15:23:31 +00:00
-# if defined(__linux) && defined(__NR_getrandom)
- return syscall(__NR_getrandom, buf, buflen, 0);
+# if defined(__linux) && defined(SYS_getrandom)
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
return sysctl_random(buf, buflen);
# else
2019-09-13 15:25:44 +00:00
@@ -576,6 +579,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
size_t entropy_available;
2019-01-15 14:07:49 +00:00
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
+ int in_post;
+
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
{
2019-09-13 15:25:44 +00:00
size_t bytes_needed;
unsigned char *buffer;
@@ -586,7 +592,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
- bytes = syscall_random(buffer, bytes_needed);
+ bytes = syscall_random(buffer, bytes_needed, in_post);
if (bytes > 0) {
rand_pool_add_end(pool, bytes, 8 * bytes);
bytes_needed -= bytes;
2019-09-13 15:25:44 +00:00
@@ -621,8 +627,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
int attempts = 3;
const int fd = get_random_device(i);
- if (fd == -1)
+ if (fd == -1) {
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
continue;
+ }
while (bytes_needed != 0 && attempts-- > 0) {
buffer = rand_pool_add_begin(pool, bytes_needed);
2019-09-13 15:25:44 +00:00
@@ -685,7 +693,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
return entropy_available;
}
# endif
-
+# ifdef OPENSSL_RAND_SEED_GETRANDOM
+ }
+# endif
return rand_pool_entropy_available(pool);
# endif
}