Blame SOURCES/openssl-1.1.1-fips-post-rand.patch

cf3dd1
diff -up openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand openssl-1.1.1e/crypto/fips/fips.c
cf3dd1
--- openssl-1.1.1e/crypto/fips/fips.c.fips-post-rand	2020-03-17 18:06:16.822418854 +0100
cf3dd1
+++ openssl-1.1.1e/crypto/fips/fips.c	2020-03-17 18:06:16.861418172 +0100
e4b8d1
@@ -68,6 +68,7 @@
e4b8d1
 
e4b8d1
 # include <openssl/fips.h>
e4b8d1
 # include "internal/thread_once.h"
cf3dd1
+# include "crypto/rand.h"
e4b8d1
 
e4b8d1
 # ifndef PATH_MAX
e4b8d1
 #  define PATH_MAX 1024
e4b8d1
@@ -76,6 +77,7 @@
e4b8d1
 static int fips_selftest_fail = 0;
e4b8d1
 static int fips_mode = 0;
e4b8d1
 static int fips_started = 0;
e4b8d1
+static int fips_post = 0;
e4b8d1
 
e4b8d1
 static int fips_is_owning_thread(void);
e4b8d1
 static int fips_set_owning_thread(void);
e4b8d1
@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
e4b8d1
     fips_selftest_fail = 1;
e4b8d1
 }
e4b8d1
 
e4b8d1
+int fips_in_post(void)
e4b8d1
+{
e4b8d1
+    return fips_post;
e4b8d1
+}
e4b8d1
+
e4b8d1
 /* we implement what libfipscheck does ourselves */
e4b8d1
 
e4b8d1
 static int
e4b8d1
@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
e4b8d1
         }
e4b8d1
 # endif
e4b8d1
 
e4b8d1
+        fips_post = 1;
e4b8d1
+
e4b8d1
         if (!FIPS_selftest()) {
e4b8d1
             fips_selftest_fail = 1;
e4b8d1
             ret = 0;
e4b8d1
@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
e4b8d1
             goto end;
e4b8d1
         }
e4b8d1
 
e4b8d1
+        fips_post = 0;
e4b8d1
+
e4b8d1
         fips_set_mode(onoff);
e4b8d1
+        /* force RNG reseed with entropy from getrandom() on next call */
cf3dd1
+        rand_force_reseed();
e4b8d1
+
e4b8d1
         ret = 1;
e4b8d1
         goto end;
e4b8d1
     }
cf3dd1
diff -up openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1e/crypto/rand/drbg_lib.c
cf3dd1
--- openssl-1.1.1e/crypto/rand/drbg_lib.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
cf3dd1
+++ openssl-1.1.1e/crypto/rand/drbg_lib.c	2020-03-17 18:07:35.305045521 +0100
cf3dd1
@@ -1009,6 +1009,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
cf3dd1
     return min_entropy > min_entropylen ? min_entropy : min_entropylen;
cf3dd1
 }
e4b8d1
 
cf3dd1
+void rand_force_reseed(void)
cf3dd1
+{
cf3dd1
+    RAND_DRBG *drbg;
e4b8d1
+
cf3dd1
+    drbg = RAND_DRBG_get0_master();
cf3dd1
+    drbg->fork_id = 0;
cf3dd1
+
cf3dd1
+    drbg = RAND_DRBG_get0_private();
cf3dd1
+    drbg->fork_id = 0;
cf3dd1
+
cf3dd1
+    drbg = RAND_DRBG_get0_public();
cf3dd1
+    drbg->fork_id = 0;
cf3dd1
+}
cf3dd1
+
cf3dd1
 /* Implements the default OpenSSL RAND_add() method */
cf3dd1
 static int drbg_add(const void *buf, int num, double randomness)
cf3dd1
 {
cf3dd1
diff -up openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1e/crypto/rand/rand_unix.c
cf3dd1
--- openssl-1.1.1e/crypto/rand/rand_unix.c.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
cf3dd1
+++ openssl-1.1.1e/crypto/rand/rand_unix.c	2020-03-17 18:09:01.503537189 +0100
cf3dd1
@@ -17,10 +17,12 @@
cf3dd1
 #include <openssl/crypto.h>
cf3dd1
 #include "rand_local.h"
cf3dd1
 #include "crypto/rand.h"
cf3dd1
+#include "crypto/fips.h"
e4b8d1
 #include <stdio.h>
e4b8d1
 #include "internal/dso.h"
cf3dd1
 #ifdef __linux
cf3dd1
 # include <sys/syscall.h>
e4b8d1
+# include <sys/random.h>
cf3dd1
 # ifdef DEVRANDOM_WAIT
cf3dd1
 #  include <sys/shm.h>
cf3dd1
 #  include <sys/utsname.h>
cf3dd1
@@ -342,7 +344,7 @@ static ssize_t sysctl_random(char *buf,
e4b8d1
  * syscall_random(): Try to get random data using a system call
e4b8d1
  * returns the number of bytes returned in buf, or < 0 on error.
e4b8d1
  */
e4b8d1
-static ssize_t syscall_random(void *buf, size_t buflen)
e4b8d1
+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
e4b8d1
 {
e4b8d1
     /*
e4b8d1
      * Note: 'buflen' equals the size of the buffer which is used by the
cf3dd1
@@ -364,6 +366,7 @@ static ssize_t syscall_random(void *buf,
e4b8d1
      * - Linux since 3.17 with glibc 2.25
e4b8d1
      * - FreeBSD since 12.0 (1200061)
e4b8d1
      */
e4b8d1
+#  if 0
e4b8d1
 #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
e4b8d1
     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
e4b8d1
 
cf3dd1
@@ -385,10 +388,10 @@ static ssize_t syscall_random(void *buf,
e4b8d1
     if (p_getentropy.p != NULL)
e4b8d1
         return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
e4b8d1
 #  endif
e4b8d1
-
e4b8d1
+#  endif
e4b8d1
     /* Linux supports this since version 3.17 */
782d48
-#  if defined(__linux) && defined(__NR_getrandom)
782d48
-    return syscall(__NR_getrandom, buf, buflen, 0);
782d48
+#  if defined(__linux) && defined(SYS_getrandom)
e4b8d1
+    return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
e4b8d1
 #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
e4b8d1
     return sysctl_random(buf, buflen);
e4b8d1
 #  else
cf3dd1
@@ -623,6 +626,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
cf3dd1
     size_t entropy_available;
cf3dd1
 
782d48
 #   if defined(OPENSSL_RAND_SEED_GETRANDOM)
e4b8d1
+    int in_post;
e4b8d1
+
e4b8d1
+    for (in_post = fips_in_post(); in_post >= 0; --in_post) {
e4b8d1
     {
cf3dd1
         size_t bytes_needed;
cf3dd1
         unsigned char *buffer;
cf3dd1
@@ -633,7 +639,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
e4b8d1
         bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
e4b8d1
         while (bytes_needed != 0 && attempts-- > 0) {
e4b8d1
             buffer = rand_pool_add_begin(pool, bytes_needed);
e4b8d1
-            bytes = syscall_random(buffer, bytes_needed);
e4b8d1
+            bytes = syscall_random(buffer, bytes_needed, in_post);
e4b8d1
             if (bytes > 0) {
e4b8d1
                 rand_pool_add_end(pool, bytes, 8 * bytes);
e4b8d1
                 bytes_needed -= bytes;
cf3dd1
@@ -668,8 +674,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
e4b8d1
             int attempts = 3;
e4b8d1
             const int fd = get_random_device(i);
e4b8d1
 
e4b8d1
-            if (fd == -1)
e4b8d1
+            if (fd == -1) {
e4b8d1
+                OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
e4b8d1
                 continue;
e4b8d1
+            }
e4b8d1
 
e4b8d1
             while (bytes_needed != 0 && attempts-- > 0) {
e4b8d1
                 buffer = rand_pool_add_begin(pool, bytes_needed);
cf3dd1
@@ -732,7 +740,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
cf3dd1
             return entropy_available;
e4b8d1
     }
e4b8d1
 #   endif
e4b8d1
-
e4b8d1
+#   ifdef OPENSSL_RAND_SEED_GETRANDOM
e4b8d1
+    }
e4b8d1
+#   endif
e4b8d1
     return rand_pool_entropy_available(pool);
e4b8d1
 #  endif
e4b8d1
 }
cf3dd1
diff -up openssl-1.1.1e/include/crypto/fips.h.fips-post-rand openssl-1.1.1e/include/crypto/fips.h
cf3dd1
--- openssl-1.1.1e/include/crypto/fips.h.fips-post-rand	2020-03-17 18:06:16.831418696 +0100
cf3dd1
+++ openssl-1.1.1e/include/crypto/fips.h	2020-03-17 18:06:16.861418172 +0100
cf3dd1
@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
cf3dd1
 int FIPS_selftest_drbg(void);
cf3dd1
 int FIPS_selftest_cmac(void);
cf3dd1
 
cf3dd1
+int fips_in_post(void);
cf3dd1
+
cf3dd1
 int fips_pkey_signature_test(EVP_PKEY *pkey,
cf3dd1
                                  const unsigned char *tbs, int tbslen,
cf3dd1
                                  const unsigned char *kat,
cf3dd1
diff -up openssl-1.1.1e/include/crypto/rand.h.fips-post-rand openssl-1.1.1e/include/crypto/rand.h
cf3dd1
--- openssl-1.1.1e/include/crypto/rand.h.fips-post-rand	2020-03-17 15:31:17.000000000 +0100
cf3dd1
+++ openssl-1.1.1e/include/crypto/rand.h	2020-03-17 18:07:35.303045555 +0100
cf3dd1
@@ -24,6 +24,7 @@
cf3dd1
 typedef struct rand_pool_st RAND_POOL;
cf3dd1
 
cf3dd1
 void rand_cleanup_int(void);
cf3dd1
+void rand_force_reseed(void);
cf3dd1
 void rand_drbg_cleanup_int(void);
cf3dd1
 void drbg_delete_thread_state(void);
cf3dd1