|
 |
a07706c |
diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c
|
|
|
a07706c |
--- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand 2020-12-09 10:26:41.634106328 +0100
|
|
|
a07706c |
+++ openssl-1.1.1i/crypto/fips/fips.c 2020-12-09 10:26:41.652106475 +0100
|
|
|
06bb120 |
@@ -68,6 +68,7 @@
|
|
|
06bb120 |
|
|
|
06bb120 |
# include <openssl/fips.h>
|
|
|
06bb120 |
# include "internal/thread_once.h"
|
|
|
c11b71f |
+# include "crypto/rand.h"
|
|
|
06bb120 |
|
|
|
06bb120 |
# ifndef PATH_MAX
|
|
|
06bb120 |
# define PATH_MAX 1024
|
|
|
06bb120 |
@@ -76,6 +77,7 @@
|
|
|
06bb120 |
static int fips_selftest_fail = 0;
|
|
|
06bb120 |
static int fips_mode = 0;
|
|
|
06bb120 |
static int fips_started = 0;
|
|
|
06bb120 |
+static int fips_post = 0;
|
|
|
06bb120 |
|
|
|
06bb120 |
static int fips_is_owning_thread(void);
|
|
|
06bb120 |
static int fips_set_owning_thread(void);
|
|
|
06bb120 |
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
|
|
|
06bb120 |
fips_selftest_fail = 1;
|
|
|
06bb120 |
}
|
|
|
06bb120 |
|
|
|
06bb120 |
+int fips_in_post(void)
|
|
|
06bb120 |
+{
|
|
|
06bb120 |
+ return fips_post;
|
|
|
06bb120 |
+}
|
|
|
06bb120 |
+
|
|
|
06bb120 |
/* we implement what libfipscheck does ourselves */
|
|
|
06bb120 |
|
|
|
06bb120 |
static int
|
|
|
06bb120 |
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
|
|
|
06bb120 |
}
|
|
|
06bb120 |
# endif
|
|
|
06bb120 |
|
|
|
06bb120 |
+ fips_post = 1;
|
|
|
06bb120 |
+
|
|
|
06bb120 |
if (!FIPS_selftest()) {
|
|
|
06bb120 |
fips_selftest_fail = 1;
|
|
|
06bb120 |
ret = 0;
|
|
|
06bb120 |
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
|
|
|
06bb120 |
goto end;
|
|
|
06bb120 |
}
|
|
|
06bb120 |
|
|
|
06bb120 |
+ fips_post = 0;
|
|
|
06bb120 |
+
|
|
|
06bb120 |
fips_set_mode(onoff);
|
|
|
06bb120 |
+ /* force RNG reseed with entropy from getrandom() on next call */
|
|
|
f6a62c4 |
+ rand_force_reseed();
|
|
|
06bb120 |
+
|
|
|
06bb120 |
ret = 1;
|
|
|
06bb120 |
goto end;
|
|
|
06bb120 |
}
|
|
|
a07706c |
diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c
|
|
|
a07706c |
--- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
|
|
a07706c |
+++ openssl-1.1.1i/crypto/rand/drbg_lib.c 2020-12-09 10:26:41.652106475 +0100
|
|
|
a07706c |
@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
|
|
|
f6a62c4 |
return min_entropy > min_entropylen ? min_entropy : min_entropylen;
|
|
|
f6a62c4 |
}
|
|
|
f6a62c4 |
|
|
|
f6a62c4 |
+void rand_force_reseed(void)
|
|
|
f6a62c4 |
+{
|
|
|
f6a62c4 |
+ RAND_DRBG *drbg;
|
|
|
f6a62c4 |
+
|
|
|
f6a62c4 |
+ drbg = RAND_DRBG_get0_master();
|
|
|
f6a62c4 |
+ drbg->fork_id = 0;
|
|
|
f6a62c4 |
+
|
|
|
f6a62c4 |
+ drbg = RAND_DRBG_get0_private();
|
|
|
f6a62c4 |
+ drbg->fork_id = 0;
|
|
|
f6a62c4 |
+
|
|
|
f6a62c4 |
+ drbg = RAND_DRBG_get0_public();
|
|
|
f6a62c4 |
+ drbg->fork_id = 0;
|
|
|
f6a62c4 |
+}
|
|
|
f6a62c4 |
+
|
|
|
f6a62c4 |
/* Implements the default OpenSSL RAND_add() method */
|
|
|
f6a62c4 |
static int drbg_add(const void *buf, int num, double randomness)
|
|
|
f6a62c4 |
{
|
|
|
a07706c |
diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c
|
|
|
a07706c |
--- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
|
|
a07706c |
+++ openssl-1.1.1i/crypto/rand/rand_unix.c 2020-12-09 10:36:59.531221903 +0100
|
|
|
f6a62c4 |
@@ -17,10 +17,12 @@
|
|
|
f6a62c4 |
#include <openssl/crypto.h>
|
|
|
c11b71f |
#include "rand_local.h"
|
|
|
c11b71f |
#include "crypto/rand.h"
|
|
|
c11b71f |
+#include "crypto/fips.h"
|
|
|
06bb120 |
#include <stdio.h>
|
|
|
06bb120 |
#include "internal/dso.h"
|
|
|
f6a62c4 |
#ifdef __linux
|
|
|
f6a62c4 |
# include <sys/syscall.h>
|
|
|
06bb120 |
+# include <sys/random.h>
|
|
|
f6a62c4 |
# ifdef DEVRANDOM_WAIT
|
|
|
f6a62c4 |
# include <sys/shm.h>
|
|
|
f6a62c4 |
# include <sys/utsname.h>
|
|
|
a07706c |
@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf,
|
|
|
06bb120 |
* syscall_random(): Try to get random data using a system call
|
|
|
06bb120 |
* returns the number of bytes returned in buf, or < 0 on error.
|
|
|
06bb120 |
*/
|
|
|
06bb120 |
-static ssize_t syscall_random(void *buf, size_t buflen)
|
|
|
06bb120 |
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
|
|
|
06bb120 |
{
|
|
|
06bb120 |
/*
|
|
|
06bb120 |
* Note: 'buflen' equals the size of the buffer which is used by the
|
|
|
a07706c |
@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf,
|
|
|
a07706c |
* Note: Sometimes getentropy() can be provided but not implemented
|
|
|
a07706c |
* internally. So we need to check errno for ENOSYS
|
|
|
06bb120 |
*/
|
|
|
06bb120 |
+# if 0
|
|
|
06bb120 |
# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
|
|
|
06bb120 |
extern int getentropy(void *buffer, size_t length) __attribute__((weak));
|
|
|
06bb120 |
|
|
|
a07706c |
@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf,
|
|
|
06bb120 |
if (p_getentropy.p != NULL)
|
|
|
06bb120 |
return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
|
|
|
06bb120 |
# endif
|
|
|
06bb120 |
-
|
|
|
06bb120 |
+# endif
|
|
|
06bb120 |
/* Linux supports this since version 3.17 */
|
|
|
31d61b1 |
-# if defined(__linux) && defined(__NR_getrandom)
|
|
|
31d61b1 |
- return syscall(__NR_getrandom, buf, buflen, 0);
|
|
|
31d61b1 |
+# if defined(__linux) && defined(SYS_getrandom)
|
|
|
06bb120 |
+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
|
|
|
06bb120 |
# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
|
|
|
06bb120 |
return sysctl_random(buf, buflen);
|
|
|
06bb120 |
# else
|
|
|
a07706c |
@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
|
|
f6a62c4 |
size_t entropy_available;
|
|
|
f6a62c4 |
|
|
|
301c642 |
# if defined(OPENSSL_RAND_SEED_GETRANDOM)
|
|
|
06bb120 |
+ int in_post;
|
|
|
06bb120 |
+
|
|
|
06bb120 |
+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
|
|
|
06bb120 |
{
|
|
|
f6a62c4 |
size_t bytes_needed;
|
|
|
f6a62c4 |
unsigned char *buffer;
|
|
|
a07706c |
@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
|
|
06bb120 |
bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
|
|
|
06bb120 |
while (bytes_needed != 0 && attempts-- > 0) {
|
|
|
06bb120 |
buffer = rand_pool_add_begin(pool, bytes_needed);
|
|
|
06bb120 |
- bytes = syscall_random(buffer, bytes_needed);
|
|
|
06bb120 |
+ bytes = syscall_random(buffer, bytes_needed, in_post);
|
|
|
06bb120 |
if (bytes > 0) {
|
|
|
06bb120 |
rand_pool_add_end(pool, bytes, 8 * bytes);
|
|
|
06bb120 |
bytes_needed -= bytes;
|
|
|
a07706c |
@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
|
|
06bb120 |
int attempts = 3;
|
|
|
06bb120 |
const int fd = get_random_device(i);
|
|
|
06bb120 |
|
|
|
06bb120 |
- if (fd == -1)
|
|
|
06bb120 |
+ if (fd == -1) {
|
|
|
06bb120 |
+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
|
|
|
06bb120 |
continue;
|
|
|
06bb120 |
+ }
|
|
|
06bb120 |
|
|
|
06bb120 |
while (bytes_needed != 0 && attempts-- > 0) {
|
|
|
06bb120 |
buffer = rand_pool_add_begin(pool, bytes_needed);
|
|
|
a07706c |
@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
|
|
|
f6a62c4 |
return entropy_available;
|
|
|
06bb120 |
}
|
|
|
06bb120 |
# endif
|
|
|
06bb120 |
-
|
|
|
06bb120 |
+# ifdef OPENSSL_RAND_SEED_GETRANDOM
|
|
|
06bb120 |
+ }
|
|
|
06bb120 |
+# endif
|
|
|
06bb120 |
return rand_pool_entropy_available(pool);
|
|
|
06bb120 |
# endif
|
|
|
06bb120 |
}
|
|
|
a07706c |
diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h
|
|
|
a07706c |
--- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand 2020-12-09 10:26:41.639106369 +0100
|
|
|
a07706c |
+++ openssl-1.1.1i/include/crypto/fips.h 2020-12-09 10:26:41.657106516 +0100
|
|
|
c11b71f |
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
|
|
|
c11b71f |
int FIPS_selftest_drbg(void);
|
|
|
c11b71f |
int FIPS_selftest_cmac(void);
|
|
|
c11b71f |
|
|
|
c11b71f |
+int fips_in_post(void);
|
|
|
c11b71f |
+
|
|
|
c11b71f |
int fips_pkey_signature_test(EVP_PKEY *pkey,
|
|
|
c11b71f |
const unsigned char *tbs, int tbslen,
|
|
|
c11b71f |
const unsigned char *kat,
|
|
|
a07706c |
diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h
|
|
|
a07706c |
--- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand 2020-12-08 14:20:59.000000000 +0100
|
|
|
a07706c |
+++ openssl-1.1.1i/include/crypto/rand.h 2020-12-09 10:26:41.657106516 +0100
|
|
|
c11b71f |
@@ -24,6 +24,7 @@
|
|
|
c11b71f |
typedef struct rand_pool_st RAND_POOL;
|
|
|
c11b71f |
|
|
|
c11b71f |
void rand_cleanup_int(void);
|
|
|
c11b71f |
+void rand_force_reseed(void);
|
|
|
c11b71f |
void rand_drbg_cleanup_int(void);
|
|
|
c11b71f |
void drbg_delete_thread_state(void);
|
|
|
c11b71f |
|