Blob Blame Raw
diff -up openssl-1.1.1a/crypto/fips/fips.c.fips-post-rand openssl-1.1.1a/crypto/fips/fips.c
--- openssl-1.1.1a/crypto/fips/fips.c.fips-post-rand	2019-01-15 14:14:07.813360637 +0100
+++ openssl-1.1.1a/crypto/fips/fips.c	2019-01-15 14:14:07.838360173 +0100
@@ -68,6 +68,7 @@
 
 # include <openssl/fips.h>
 # include "internal/thread_once.h"
+# include "internal/rand_int.h"
 
 # ifndef PATH_MAX
 #  define PATH_MAX 1024
@@ -76,6 +77,7 @@
 static int fips_selftest_fail = 0;
 static int fips_mode = 0;
 static int fips_started = 0;
+static int fips_post = 0;
 
 static int fips_is_owning_thread(void);
 static int fips_set_owning_thread(void);
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
     fips_selftest_fail = 1;
 }
 
+int fips_in_post(void)
+{
+    return fips_post;
+}
+
 /* we implement what libfipscheck does ourselves */
 
 static int
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
         }
 # endif
 
+        fips_post = 1;
+
         if (!FIPS_selftest()) {
             fips_selftest_fail = 1;
             ret = 0;
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
             goto end;
         }
 
+        fips_post = 0;
+
         fips_set_mode(onoff);
+        /* force RNG reseed with entropy from getrandom() on next call */
+        rand_fork();
+
         ret = 1;
         goto end;
     }
diff -up openssl-1.1.1a/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1a/crypto/include/internal/fips_int.h
--- openssl-1.1.1a/crypto/include/internal/fips_int.h.fips-post-rand	2019-01-15 14:14:07.821360489 +0100
+++ openssl-1.1.1a/crypto/include/internal/fips_int.h	2019-01-15 14:14:07.838360173 +0100
@@ -76,6 +76,8 @@ int FIPS_selftest_hmac(void);
 int FIPS_selftest_drbg(void);
 int FIPS_selftest_cmac(void);
 
+int fips_in_post(void);
+
 int fips_pkey_signature_test(EVP_PKEY *pkey,
                                  const unsigned char *tbs, int tbslen,
                                  const unsigned char *kat,
diff -up openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1a/crypto/rand/rand_unix.c
--- openssl-1.1.1a/crypto/rand/rand_unix.c.fips-post-rand	2018-11-20 14:35:38.000000000 +0100
+++ openssl-1.1.1a/crypto/rand/rand_unix.c	2019-01-15 14:17:22.416748544 +0100
@@ -16,10 +16,12 @@
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 #include "internal/rand_int.h"
+#include "internal/fips_int.h"
 #include <stdio.h>
 #include "internal/dso.h"
 #if defined(__linux)
 # include <sys/syscall.h>
+# include <sys/random.h>
 #endif
 #if defined(__FreeBSD__)
 # include <sys/types.h>
@@ -258,7 +260,7 @@ static ssize_t sysctl_random(char *buf,
  * syscall_random(): Try to get random data using a system call
  * returns the number of bytes returned in buf, or < 0 on error.
  */
-static ssize_t syscall_random(void *buf, size_t buflen)
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
 {
     /*
      * Note: 'buflen' equals the size of the buffer which is used by the
@@ -280,6 +282,7 @@ static ssize_t syscall_random(void *buf,
      * - Linux since 3.17 with glibc 2.25
      * - FreeBSD since 12.0 (1200061)
      */
+#  if 0
 #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
 
@@ -301,10 +304,10 @@ static ssize_t syscall_random(void *buf,
     if (p_getentropy.p != NULL)
         return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
 #  endif
-
+#  endif
     /* Linux supports this since version 3.17 */
 #  if defined(__linux) && defined(SYS_getrandom)
-    return syscall(SYS_getrandom, buf, buflen, 0);
+    return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
 #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
     return sysctl_random(buf, buflen);
 #  else
@@ -454,8 +457,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
     size_t bytes_needed;
     size_t entropy_available = 0;
     unsigned char *buffer;
-
 #   if defined(OPENSSL_RAND_SEED_GETRANDOM)
+    int in_post;
+
+    for (in_post = fips_in_post(); in_post >= 0; --in_post) {
     {
         ssize_t bytes;
         /* Maximum allowed number of consecutive unsuccessful attempts */
@@ -464,7 +469,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
         bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
         while (bytes_needed != 0 && attempts-- > 0) {
             buffer = rand_pool_add_begin(pool, bytes_needed);
-            bytes = syscall_random(buffer, bytes_needed);
+            bytes = syscall_random(buffer, bytes_needed, in_post);
             if (bytes > 0) {
                 rand_pool_add_end(pool, bytes, 8 * bytes);
                 bytes_needed -= bytes;
@@ -496,8 +501,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
             int attempts = 3;
             const int fd = get_random_device(i);
 
-            if (fd == -1)
+            if (fd == -1) {
+                OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
                 continue;
+            }
 
             while (bytes_needed != 0 && attempts-- > 0) {
                 buffer = rand_pool_add_begin(pool, bytes_needed);
@@ -557,7 +564,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
         }
     }
 #   endif
-
+#   ifdef OPENSSL_RAND_SEED_GETRANDOM
+    }
+#   endif
     return rand_pool_entropy_available(pool);
 #  endif
 }