openssl-1.1.1-rewire-fips-drbg.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170

diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg	2020-06-22 13:32:47.611852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c	2020-06-22 13:32:47.675852917 +0200
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
 int FIPS_drbg_reseed(DRBG_CTX *dctx,
                      const unsigned char *adin, size_t adinlen)
 {
+    int len = (int)adinlen;
+
+    if (len < 0 || (size_t)len != adinlen) {
+        FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+    RAND_seed(adin, len);
+    return 1;
+}
+
+int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
+                     const unsigned char *adin, size_t adinlen)
+{
     return drbg_reseed(dctx, adin, adinlen, 1);
 }
 
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
                        int prediction_resistance,
                        const unsigned char *adin, size_t adinlen)
 {
+    int len = (int)outlen;
+
+    if (len < 0 || (size_t)len != outlen) {
+        FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
+        return 0;
+    }
+    return RAND_bytes(out, len);
+}
+
+int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen)
+{
     int r = 0;
 
     if (FIPS_selftest_failed()) {
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg	2020-06-22 13:32:47.611852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c	2020-06-22 13:32:47.675852917 +0200
@@ -57,6 +57,8 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
 #include <openssl/fips_rand.h>
 #include "fips_rand_lcl.h"
 
diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
--- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg	2020-06-22 13:32:47.612852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c	2020-06-22 13:32:47.675852917 +0200
@@ -55,6 +55,8 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
+#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
+#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
 #include <openssl/fips_rand.h>
 #include "fips_rand_lcl.h"
 #include "fips_locl.h"
diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
--- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg	2020-06-22 13:32:47.672852918 +0200
+++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-06-22 13:32:47.675852917 +0200
@@ -79,8 +79,6 @@ int FIPS_selftest(void)
         ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
         rv = 0;
     }
-    if (!FIPS_selftest_drbg())
-        rv = 0;
     if (!FIPS_selftest_sha1())
         rv = 0;
     if (!FIPS_selftest_sha2())
diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
--- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg	2020-06-22 13:32:47.613852927 +0200
+++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c	2020-06-22 13:36:28.722817967 +0200
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
 
 int FIPS_rand_seed(const void *buf, int num)
 {
+#if 0
     if (!fips_approved_rand_meth && FIPS_module_mode()) {
         FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
         return 0;
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
     if (fips_rand_meth && fips_rand_meth->seed)
         fips_rand_meth->seed(buf, num);
     return 1;
+#else
+    RAND_seed(buf, num);
+    return 1;
+#endif
 }
 
 int FIPS_rand_bytes(unsigned char *buf, int num)
 {
+#if 0
     if (!fips_approved_rand_meth && FIPS_module_mode()) {
         FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
         return 0;
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
     if (fips_rand_meth && fips_rand_meth->bytes)
         return fips_rand_meth->bytes(buf, num);
     return 0;
+#else
+    return RAND_bytes(buf, num);
+#endif
 }
 
 int FIPS_rand_status(void)
 {
+#if 0
     if (!fips_approved_rand_meth && FIPS_module_mode()) {
         FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
         return 0;
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
     if (fips_rand_meth && fips_rand_meth->status)
         return fips_rand_meth->status();
     return 0;
+#else
+    return RAND_status();
+#endif
 }
 
 /* Return instantiated strength of PRNG. For DRBG this is an internal
diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
--- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg	2020-06-22 13:32:47.672852918 +0200
+++ openssl-1.1.1g/include/openssl/fips.h	2020-06-22 13:32:47.675852917 +0200
@@ -64,6 +64,11 @@ extern "C" {
 
     int FIPS_selftest(void);
     int FIPS_selftest_failed(void);
+
+    /*
+     * This function is deprecated as it performs selftest of the old FIPS drbg
+     * implementation that is not validated.
+     */
     int FIPS_selftest_drbg_all(void);
 
     int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
--- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg	2020-06-22 13:32:47.617852926 +0200
+++ openssl-1.1.1g/include/openssl/fips_rand.h	2020-06-22 13:32:47.675852917 +0200
@@ -60,6 +60,20 @@
 #  ifdef  __cplusplus
 extern "C" {
 #  endif
+
+/*
+ * IMPORTANT NOTE:
+ * All functions in this header file are deprecated and should not be used
+ * as they use the old FIPS_drbg implementation that is not FIPS validated
+ * anymore.
+ * To provide backwards compatibility for applications that need FIPS compliant
+ * RNG number generation and use FIPS_drbg_generate, this function was
+ * re-wired to call the FIPS validated DRBG instance instead through
+ * the RAND_bytes() call.
+ *
+ * All these functions will be removed in future.
+ */
+
     typedef struct drbg_ctx_st DRBG_CTX;
 /* DRBG external flags */
 /* Flag for CTR mode only: use derivation function ctr_df */