1 files changed, 189 insertions, 0 deletions
diff --git a/openssl-1.1.1-fips-post-rand.patch b/openssl-1.1.1-fips-post-rand.patch
new file mode 100644
index 0000000..027dc55
--- /dev/null
+++ b/openssl-1.1.1-fips-post-rand.patch
@@ -0,0 +1,189 @@
+diff -up openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand openssl-1.1.1i/crypto/fips/fips.c
+--- openssl-1.1.1i/crypto/fips/fips.c.fips-post-rand	2020-12-09 10:26:41.634106328 +0100
++++ openssl-1.1.1i/crypto/fips/fips.c	2020-12-09 10:26:41.652106475 +0100
+@@ -68,6 +68,7 @@
+ 
+ # include <openssl/fips.h>
+ # include "internal/thread_once.h"
++# include "crypto/rand.h"
+ 
+ # ifndef PATH_MAX
+ #  define PATH_MAX 1024
+@@ -76,6 +77,7 @@
+ static int fips_selftest_fail = 0;
+ static int fips_mode = 0;
+ static int fips_started = 0;
++static int fips_post = 0;
+ 
+ static int fips_is_owning_thread(void);
+ static int fips_set_owning_thread(void);
+@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
+     fips_selftest_fail = 1;
+ }
+ 
++int fips_in_post(void)
++{
++    return fips_post;
++}
++
+ /* we implement what libfipscheck does ourselves */
+ 
+ static int
+@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
+         }
+ # endif
+ 
++        fips_post = 1;
++
+         if (!FIPS_selftest()) {
+             fips_selftest_fail = 1;
+             ret = 0;
+@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
+             goto end;
+         }
+ 
++        fips_post = 0;
++
+         fips_set_mode(onoff);
++        /* force RNG reseed with entropy from getrandom() on next call */
++        rand_force_reseed();
++
+         ret = 1;
+         goto end;
+     }
+diff -up openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand openssl-1.1.1i/crypto/rand/drbg_lib.c
+--- openssl-1.1.1i/crypto/rand/drbg_lib.c.fips-post-rand	2020-12-08 14:20:59.000000000 +0100
++++ openssl-1.1.1i/crypto/rand/drbg_lib.c	2020-12-09 10:26:41.652106475 +0100
+@@ -1005,6 +1005,20 @@ size_t rand_drbg_seedlen(RAND_DRBG *drbg
+     return min_entropy > min_entropylen ? min_entropy : min_entropylen;
+ }
+ 
++void rand_force_reseed(void)
++{
++    RAND_DRBG *drbg;
++
++    drbg = RAND_DRBG_get0_master();
++    drbg->fork_id = 0;
++
++    drbg = RAND_DRBG_get0_private();
++    drbg->fork_id = 0;
++
++    drbg = RAND_DRBG_get0_public();
++    drbg->fork_id = 0;
++}
++
+ /* Implements the default OpenSSL RAND_add() method */
+ static int drbg_add(const void *buf, int num, double randomness)
+ {
+diff -up openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1i/crypto/rand/rand_unix.c
+--- openssl-1.1.1i/crypto/rand/rand_unix.c.fips-post-rand	2020-12-08 14:20:59.000000000 +0100
++++ openssl-1.1.1i/crypto/rand/rand_unix.c	2020-12-09 10:36:59.531221903 +0100
+@@ -17,10 +17,12 @@
+ #include <openssl/crypto.h>
+ #include "rand_local.h"
+ #include "crypto/rand.h"
++#include "crypto/fips.h"
+ #include <stdio.h>
+ #include "internal/dso.h"
+ #ifdef __linux
+ # include <sys/syscall.h>
++# include <sys/random.h>
+ # ifdef DEVRANDOM_WAIT
+ #  include <sys/shm.h>
+ #  include <sys/utsname.h>
+@@ -344,7 +346,7 @@ static ssize_t sysctl_random(char *buf,
+  * syscall_random(): Try to get random data using a system call
+  * returns the number of bytes returned in buf, or < 0 on error.
+  */
+-static ssize_t syscall_random(void *buf, size_t buflen)
++static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
+ {
+     /*
+      * Note: 'buflen' equals the size of the buffer which is used by the
+@@ -369,6 +371,7 @@ static ssize_t syscall_random(void *buf,
+      * Note: Sometimes getentropy() can be provided but not implemented
+      * internally. So we need to check errno for ENOSYS
+      */
++#  if 0
+ #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
+     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
+ 
+@@ -394,10 +397,10 @@ static ssize_t syscall_random(void *buf,
+     if (p_getentropy.p != NULL)
+         return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+ #  endif
+-
++#  endif
+     /* Linux supports this since version 3.17 */
+-#  if defined(__linux) && defined(__NR_getrandom)
+-    return syscall(__NR_getrandom, buf, buflen, 0);
++#  if defined(__linux) && defined(SYS_getrandom)
++    return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
+ #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+     return sysctl_random(buf, buflen);
+ #  else
+@@ -633,6 +636,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
+     size_t entropy_available;
+ 
+ #   if defined(OPENSSL_RAND_SEED_GETRANDOM)
++    int in_post;
++
++    for (in_post = fips_in_post(); in_post >= 0; --in_post) {
+     {
+         size_t bytes_needed;
+         unsigned char *buffer;
+@@ -643,7 +649,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
+         bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+         while (bytes_needed != 0 && attempts-- > 0) {
+             buffer = rand_pool_add_begin(pool, bytes_needed);
+-            bytes = syscall_random(buffer, bytes_needed);
++            bytes = syscall_random(buffer, bytes_needed, in_post);
+             if (bytes > 0) {
+                 rand_pool_add_end(pool, bytes, 8 * bytes);
+                 bytes_needed -= bytes;
+@@ -678,8 +684,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
+             int attempts = 3;
+             const int fd = get_random_device(i);
+ 
+-            if (fd == -1)
++            if (fd == -1) {
++                OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
+                 continue;
++            }
+ 
+             while (bytes_needed != 0 && attempts-- > 0) {
+                 buffer = rand_pool_add_begin(pool, bytes_needed);
+@@ -742,7 +750,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
+             return entropy_available;
+     }
+ #   endif
+-
++#   ifdef OPENSSL_RAND_SEED_GETRANDOM
++    }
++#   endif
+     return rand_pool_entropy_available(pool);
+ #  endif
+ }
+diff -up openssl-1.1.1i/include/crypto/fips.h.fips-post-rand openssl-1.1.1i/include/crypto/fips.h
+--- openssl-1.1.1i/include/crypto/fips.h.fips-post-rand	2020-12-09 10:26:41.639106369 +0100
++++ openssl-1.1.1i/include/crypto/fips.h	2020-12-09 10:26:41.657106516 +0100
+@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
+ int FIPS_selftest_drbg(void);
+ int FIPS_selftest_cmac(void);
+ 
++int fips_in_post(void);
++
+ int fips_pkey_signature_test(EVP_PKEY *pkey,
+                                  const unsigned char *tbs, int tbslen,
+                                  const unsigned char *kat,
+diff -up openssl-1.1.1i/include/crypto/rand.h.fips-post-rand openssl-1.1.1i/include/crypto/rand.h
+--- openssl-1.1.1i/include/crypto/rand.h.fips-post-rand	2020-12-08 14:20:59.000000000 +0100
++++ openssl-1.1.1i/include/crypto/rand.h	2020-12-09 10:26:41.657106516 +0100
+@@ -24,6 +24,7 @@
+ typedef struct rand_pool_st RAND_POOL;
+ 
+ void rand_cleanup_int(void);
++void rand_force_reseed(void);
+ void rand_drbg_cleanup_int(void);
+ void drbg_delete_thread_state(void);
+