diff options
Diffstat (limited to 'openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch')
-rw-r--r-- | openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch | 157 |
1 files changed, 0 insertions, 157 deletions
diff --git a/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch b/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch deleted file mode 100644 index fc60e33..0000000 --- a/openssl-freefilesync/openssl-1.1.1-fips-post-rand.patch +++ /dev/null @@ -1,157 +0,0 @@ -diff -up openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand openssl-1.1.1c/crypto/fips/fips.c ---- openssl-1.1.1c/crypto/fips/fips.c.fips-post-rand 2019-05-29 15:53:56.328216002 +0200 -+++ openssl-1.1.1c/crypto/fips/fips.c 2019-05-29 15:53:56.359215457 +0200 -@@ -68,6 +68,7 @@ - - # include <openssl/fips.h> - # include "internal/thread_once.h" -+# include "internal/rand_int.h" - - # ifndef PATH_MAX - # define PATH_MAX 1024 -@@ -76,6 +77,7 @@ - static int fips_selftest_fail = 0; - static int fips_mode = 0; - static int fips_started = 0; -+static int fips_post = 0; - - static int fips_is_owning_thread(void); - static int fips_set_owning_thread(void); -@@ -158,6 +160,11 @@ void fips_set_selftest_fail(void) - fips_selftest_fail = 1; - } - -+int fips_in_post(void) -+{ -+ return fips_post; -+} -+ - /* we implement what libfipscheck does ourselves */ - - static int -@@ -445,6 +452,8 @@ int FIPS_module_mode_set(int onoff) - } - # endif - -+ fips_post = 1; -+ - if (!FIPS_selftest()) { - fips_selftest_fail = 1; - ret = 0; -@@ -459,7 +468,12 @@ int FIPS_module_mode_set(int onoff) - goto end; - } - -+ fips_post = 0; -+ - fips_set_mode(onoff); -+ /* force RNG reseed with entropy from getrandom() on next call */ -+ rand_fork(); -+ - ret = 1; - goto end; - } -diff -up openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand openssl-1.1.1c/crypto/include/internal/fips_int.h ---- openssl-1.1.1c/crypto/include/internal/fips_int.h.fips-post-rand 2019-05-29 15:53:56.337215844 +0200 -+++ openssl-1.1.1c/crypto/include/internal/fips_int.h 2019-05-29 15:53:56.359215457 +0200 -@@ -77,6 +77,8 @@ int FIPS_selftest_hmac(void); - int FIPS_selftest_drbg(void); - int FIPS_selftest_cmac(void); - -+int fips_in_post(void); -+ - int fips_pkey_signature_test(EVP_PKEY *pkey, - const unsigned char *tbs, int tbslen, - const unsigned char *kat, -diff -up openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand openssl-1.1.1c/crypto/rand/rand_unix.c ---- openssl-1.1.1c/crypto/rand/rand_unix.c.fips-post-rand 2019-05-28 15:12:21.000000000 +0200 -+++ openssl-1.1.1c/crypto/rand/rand_unix.c 2019-05-29 16:54:16.471391802 +0200 -@@ -16,10 +16,12 @@ - #include <openssl/rand.h> - #include "rand_lcl.h" - #include "internal/rand_int.h" -+#include "internal/fips_int.h" - #include <stdio.h> - #include "internal/dso.h" - #if defined(__linux) --# include <asm/unistd.h> -+# include <sys/syscall.h> -+# include <sys/random.h> - #endif - #if defined(__FreeBSD__) - # include <sys/types.h> -@@ -279,7 +281,7 @@ static ssize_t sysctl_random(char *buf, - * syscall_random(): Try to get random data using a system call - * returns the number of bytes returned in buf, or < 0 on error. - */ --static ssize_t syscall_random(void *buf, size_t buflen) -+static ssize_t syscall_random(void *buf, size_t buflen, int nonblock) - { - /* - * Note: 'buflen' equals the size of the buffer which is used by the -@@ -301,6 +303,7 @@ static ssize_t syscall_random(void *buf, - * - Linux since 3.17 with glibc 2.25 - * - FreeBSD since 12.0 (1200061) - */ -+# if 0 - # if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux) - extern int getentropy(void *buffer, size_t length) __attribute__((weak)); - -@@ -322,10 +325,10 @@ static ssize_t syscall_random(void *buf, - if (p_getentropy.p != NULL) - return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1; - # endif -- -+# endif - /* Linux supports this since version 3.17 */ --# if defined(__linux) && defined(__NR_getrandom) -- return syscall(__NR_getrandom, buf, buflen, 0); -+# if defined(__linux) && defined(SYS_getrandom) -+ return syscall(SYS_getrandom, buf, buflen, nonblock?GRND_NONBLOCK:0); - # elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND) - return sysctl_random(buf, buflen); - # else -@@ -475,8 +478,10 @@ size_t rand_pool_acquire_entropy(RAND_PO - size_t bytes_needed; - size_t entropy_available = 0; - unsigned char *buffer; -- - # if defined(OPENSSL_RAND_SEED_GETRANDOM) -+ int in_post; -+ -+ for (in_post = fips_in_post(); in_post >= 0; --in_post) { - { - ssize_t bytes; - /* Maximum allowed number of consecutive unsuccessful attempts */ -@@ -485,7 +490,7 @@ size_t rand_pool_acquire_entropy(RAND_PO - bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - while (bytes_needed != 0 && attempts-- > 0) { - buffer = rand_pool_add_begin(pool, bytes_needed); -- bytes = syscall_random(buffer, bytes_needed); -+ bytes = syscall_random(buffer, bytes_needed, in_post); - if (bytes > 0) { - rand_pool_add_end(pool, bytes, 8 * bytes); - bytes_needed -= bytes; -@@ -540,8 +545,10 @@ size_t rand_pool_acquire_entropy(RAND_PO - int attempts = 3; - const int fd = get_random_device(i); - -- if (fd == -1) -+ if (fd == -1) { -+ OPENSSL_showfatal("Random device %s cannot be opened.\n", random_device_paths[i]); - continue; -+ } - - while (bytes_needed != 0 && attempts-- > 0) { - buffer = rand_pool_add_begin(pool, bytes_needed); -@@ -601,7 +608,9 @@ size_t rand_pool_acquire_entropy(RAND_PO - } - } - # endif -- -+# ifdef OPENSSL_RAND_SEED_GETRANDOM -+ } -+# endif - return rand_pool_entropy_available(pool); - # endif - } |