summaryrefslogtreecommitdiff
path: root/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch')
-rw-r--r--openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch157
1 files changed, 0 insertions, 157 deletions
diff --git a/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch b/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch
deleted file mode 100644
index fc60e33..0000000
--- a/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c
---- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200
-+++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200
-@@ -68,6 +68,7 @@
-
- # include <openssl/fips.h>
- # include "internal/thread_once.h"
-+# include "internal/rand_int.h"
-
- # ifndef PATH_MAX
- # define PATH_MAX 1024
-@@ -76,6 +77,7 @@
- static int fips_selftest_fail = 0;
- static int fips_mode = 0;
- static int fips_started = 0;
-+static int fips_post = 0;
-
- static int fips_is_owning_thread(void);
- static int fips_set_owning_thread(void);
-@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void)
- fips_selftest_fail = 1;
- }
-
-+int fips_in_post(void)
-+{
-+ return fips_post;
-+}
-+
- /* we implement what libfipscheck does ourselves */
-
- static int
-@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff)
- }
- # endif
-
-+ fips_post = 1;
-+
- if (!FIPS_selftest()) {
- fips_selftest_fail = 1;
- ret = 0;
-@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff)
- goto end;
- }
-
-+ fips_post = 0;
-+
- fips_set_mode(onoff);
-+ /* force RNG reseed with entropy from getrandom() on next call */
-+ rand_fork();
-+
- ret = 1;
- goto end;
- }
-diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h
---- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200
-+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200
-@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void);
- int FIPS_selftest_drbg(void);
- int FIPS_selftest_cmac(void);
-
-+int fips_in_post(void);
-+
- int fips_pkey_signature_test(EVP_PKEY *pkey,
- const unsigned char *tbs, int tbslen,
- const unsigned char *kat,
-diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c
---- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200
-+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200
-@@ -16,10 +16,12 @@
- #include <openssl/rand.h>
- #include "rand_lcl.h"
- #include "internal/rand_int.h"
-+#include "internal/fips_int.h"
- #include <stdio.h>
- #include "internal/dso.h"
- #if defined(__linux)
--# include <asm/unistd.h>
-+# include <sys/syscall.h>
-+# include <sys/random.h>
- #endif
- #if defined(__FreeBSD__)
- # include <sys/types.h>
-@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf,
- * syscall_random(): Try to get random data using a system call
- * returns the number of bytes returned in buf, or < 0 on error.
- */
--static ssize_t syscall_random(void *buf, size_t buflen)
-+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock)
- {
- /*
- * Note: 'buflen' equals the size of the buffer which is used by the
-@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf,
- * - Linux since 3.17 with glibc 2.25
- * - FreeBSD since 12.0 (1200061)
- */
-+# if 0
- # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
- extern int getentropy(void *buffer, size_t length) __attribute__((weak));
-
-@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf,
- if (p_getentropy.p != NULL)
- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
- # endif
--
-+# endif
- /* Linux supports this since version 3.17 */
--# if defined(__linux) && defined(__NR_getrandom)
-- return syscall(__NR_getrandom, buf, buflen, 0);
-+# if defined(__linux) && defined(SYS_getrandom)
-+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0);
- # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
- return sysctl_random(buf, buflen);
- # else
-@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
- size_t bytes_needed;
- size_t entropy_available = 0;
- unsigned char *buffer;
--
- # if defined(OPENSSL_RAND_SEED_GETRANDOM)
-+ int in_post;
-+
-+ for (in_post = fips_in_post(); in_post >= 0; --in_post) {
- {
- ssize_t bytes;
- /* Maximum allowed number of consecutive unsuccessful attempts */
-@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO
- bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
- while (bytes_needed != 0 && attempts-- > 0) {
- buffer = rand_pool_add_begin(pool, bytes_needed);
-- bytes = syscall_random(buffer, bytes_needed);
-+ bytes = syscall_random(buffer, bytes_needed, in_post);
- if (bytes > 0) {
- rand_pool_add_end(pool, bytes, 8 * bytes);
- bytes_needed -= bytes;
-@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO
- int attempts = 3;
- const int fd = get_random_device(i);
-
-- if (fd == -1)
-+ if (fd == -1) {
-+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]);
- continue;
-+ }
-
- while (bytes_needed != 0 && attempts-- > 0) {
- buffer = rand_pool_add_begin(pool, bytes_needed);
-@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO
- }
- }
- # endif
--
-+# ifdef OPENSSL_RAND_SEED_GETRANDOM
-+ }
-+# endif
- return rand_pool_entropy_available(pool);
- # endif
- }
bgstack15