openssl-1_1/openssl-urandom-reseeding.patch

Index: openssl-1.1.0c/crypto/rand/rand_unix.c
===================================================================
--- openssl-1.1.0c.orig/crypto/rand/rand_unix.c	2016-12-12 17:33:05.654295693 +0100
+++ openssl-1.1.0c/crypto/rand/rand_unix.c	2016-12-12 17:44:44.608814886 +0100
@@ -144,7 +144,8 @@ int RAND_poll(void)
     unsigned long l;
     pid_t curr_pid = getpid();
 #  if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))
-    unsigned char tmpbuf[ENTROPY_NEEDED];
+    /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */
+    unsigned char tmpbuf[1024];
     int n = 0;
 #  endif
 #  ifdef DEVRANDOM
@@ -166,7 +167,7 @@ int RAND_poll(void)
      * out of random entries.
      */
 
-    for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) {
+    for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < sizeof(tmpbuf)); i++) {
         if ((fd = open(randomfiles[i], O_RDONLY
 #   ifdef O_NONBLOCK
                        | O_NONBLOCK
@@ -246,7 +247,7 @@ int RAND_poll(void)
 
                 if (try_read) {
                     r = read(fd, (unsigned char *)tmpbuf + n,
-                             ENTROPY_NEEDED - n);
+                             sizeof(tmpbuf) - n);
                     if (r > 0)
                         n += r;
                 } else
@@ -263,7 +264,7 @@ int RAND_poll(void)
             }
             while ((r > 0 ||
                     (errno == EINTR || errno == EAGAIN)) && usec != 0
-                   && n < ENTROPY_NEEDED);
+                   && n < sizeof(tmpbuf));
 
             close(fd);
         }
@@ -276,12 +277,12 @@ int RAND_poll(void)
      * collecting daemon.
      */
 
-    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
+    for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf);
          egdsocket++) {
         int r;
 
         r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
-                                 ENTROPY_NEEDED - n);
+                                 sizeof(tmpbuf) - n);
         if (r > 0)
             n += r;
     }
Index: openssl-1.1.0c/crypto/rand/md_rand.c
===================================================================
--- openssl-1.1.0c.orig/crypto/rand/md_rand.c	2016-12-12 17:33:05.690296235 +0100
+++ openssl-1.1.0c/crypto/rand/md_rand.c	2016-12-12 18:01:49.036286763 +0100
@@ -318,6 +318,10 @@ static int rand_bytes(unsigned char *buf
     if (num <= 0)
         return 1;
 
+    /* special rule for /dev/urandom seeding ... seed with as much bytes
+     * from /dev/urandom as you get out */
+    RAND_load_file("/dev/urandom", num);
+
     m = EVP_MD_CTX_new();
     if (m == NULL)
         goto err_mem;
Index: openssl-1.1.0c/crypto/fips/fips_drbg_rand.c
===================================================================
--- openssl-1.1.0c.orig/crypto/fips/fips_drbg_rand.c	2016-12-12 17:33:05.690296235 +0100
+++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c	2016-12-12 18:05:52.779971206 +0100
@@ -90,6 +90,11 @@ static int fips_drbg_bytes(unsigned char
     int rv = 0;
     unsigned char *adin = NULL;
     size_t adinlen = 0;
+
+    /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */
+    if (count > dctx->min_entropy)
+        RAND_load_file("/dev/urandom", count - dctx->min_entropy);
+
     CRYPTO_THREAD_write_lock(fips_rand_lock);
     do {
         size_t rcnt;
Index: openssl-1.1.0c/crypto/rand/rand_lib.c
===================================================================
--- openssl-1.1.0c.orig/crypto/rand/rand_lib.c	2016-12-12 17:33:05.690296235 +0100
+++ openssl-1.1.0c/crypto/rand/rand_lib.c	2016-12-12 18:05:01.499195179 +0100
@@ -188,7 +188,7 @@ static int drbg_rand_add(DRBG_CTX *ctx,
 {
     RAND_OpenSSL()->add(in, inlen, entropy);
     if (FIPS_rand_status()) {
-        FIPS_drbg_reseed(ctx, NULL, 0);
+        FIPS_drbg_reseed(ctx, in, inlen);
     }
     return 1;
 }
- Renamed from openssl-1_1_0 (bsc#1081335) * All the minor versions of the 1.1.x openssl branch have the same sonum and keep ABI compatibility - Remove bit obsolete syntax - Use %license macro - Don't disable afalgeng on aarch64 - Add support for s390x CPACF enhancements (fate#321518) patches taken from https://github.com/openssl/openssl/pull/2859: * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch - Do not filter pkgconfig() provides/requires. - Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a clean upgrade path as an aid to zypp (boo#1070003). - Update to 1.1.0g OpenSSL Security Advisory [02 Nov 2017] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=2 2018-02-16 13:13:08 +01:00			`Index: openssl-1.1.0c/crypto/rand/rand_unix.c`
			`===================================================================`
			`--- openssl-1.1.0c.orig/crypto/rand/rand_unix.c 2016-12-12 17:33:05.654295693 +0100`
			`+++ openssl-1.1.0c/crypto/rand/rand_unix.c 2016-12-12 17:44:44.608814886 +0100`
			`@@ -144,7 +144,8 @@ int RAND_poll(void)`
			`unsigned long l;`
			`pid_t curr_pid = getpid();`
			`# if defined(DEVRANDOM) \|\| (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD))`
			`- unsigned char tmpbuf[ENTROPY_NEEDED];`
			`+ /* STATE_SIZE is 1023 ... but it was suggested to seed with 1024 bytes */`
			`+ unsigned char tmpbuf[1024];`
			`int n = 0;`
			`# endif`
			`# ifdef DEVRANDOM`
			`@@ -166,7 +167,7 @@ int RAND_poll(void)`
			`* out of random entries.`
			`*/`

			`- for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) {`
			`+ for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < sizeof(tmpbuf)); i++) {`
			`if ((fd = open(randomfiles[i], O_RDONLY`
			`# ifdef O_NONBLOCK`
			`\| O_NONBLOCK`
			`@@ -246,7 +247,7 @@ int RAND_poll(void)`

			`if (try_read) {`
			`r = read(fd, (unsigned char *)tmpbuf + n,`
			`- ENTROPY_NEEDED - n);`
			`+ sizeof(tmpbuf) - n);`
			`if (r > 0)`
			`n += r;`
			`} else`
			`@@ -263,7 +264,7 @@ int RAND_poll(void)`
			`}`
			`while ((r > 0 \|\|`
			`(errno == EINTR \|\| errno == EAGAIN)) && usec != 0`
			`- && n < ENTROPY_NEEDED);`
			`+ && n < sizeof(tmpbuf));`

			`close(fd);`
			`}`
			`@@ -276,12 +277,12 @@ int RAND_poll(void)`
			`* collecting daemon.`
			`*/`

			`- for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;`
			`+ for (egdsocket = egdsockets; *egdsocket && n < sizeof(tmpbuf);`
			`egdsocket++) {`
			`int r;`

			`r = RAND_query_egd_bytes(egdsocket, (unsigned char )tmpbuf + n,`
			`- ENTROPY_NEEDED - n);`
			`+ sizeof(tmpbuf) - n);`
			`if (r > 0)`
			`n += r;`
			`}`
			`Index: openssl-1.1.0c/crypto/rand/md_rand.c`
			`===================================================================`
			`--- openssl-1.1.0c.orig/crypto/rand/md_rand.c 2016-12-12 17:33:05.690296235 +0100`
			`+++ openssl-1.1.0c/crypto/rand/md_rand.c 2016-12-12 18:01:49.036286763 +0100`
			`@@ -318,6 +318,10 @@ static int rand_bytes(unsigned char *buf`
			`if (num <= 0)`
			`return 1;`

			`+ /* special rule for /dev/urandom seeding ... seed with as much bytes`
			`+ * from /dev/urandom as you get out */`
			`+ RAND_load_file("/dev/urandom", num);`
			`+`
			`m = EVP_MD_CTX_new();`
			`if (m == NULL)`
			`goto err_mem;`
			`Index: openssl-1.1.0c/crypto/fips/fips_drbg_rand.c`
			`===================================================================`
			`--- openssl-1.1.0c.orig/crypto/fips/fips_drbg_rand.c 2016-12-12 17:33:05.690296235 +0100`
			`+++ openssl-1.1.0c/crypto/fips/fips_drbg_rand.c 2016-12-12 18:05:52.779971206 +0100`
			`@@ -90,6 +90,11 @@ static int fips_drbg_bytes(unsigned char`
			`int rv = 0;`
			`unsigned char *adin = NULL;`
			`size_t adinlen = 0;`
			`+`
			`+ /* add entropy in 1:1 relation (number pulled bytes / number pushed from /dev/urandom) */`
			`+ if (count > dctx->min_entropy)`
			`+ RAND_load_file("/dev/urandom", count - dctx->min_entropy);`
			`+`
			`CRYPTO_THREAD_write_lock(fips_rand_lock);`
			`do {`
			`size_t rcnt;`
			`Index: openssl-1.1.0c/crypto/rand/rand_lib.c`
			`===================================================================`
			`--- openssl-1.1.0c.orig/crypto/rand/rand_lib.c 2016-12-12 17:33:05.690296235 +0100`
			`+++ openssl-1.1.0c/crypto/rand/rand_lib.c 2016-12-12 18:05:01.499195179 +0100`
			`@@ -188,7 +188,7 @@ static int drbg_rand_add(DRBG_CTX *ctx,`
			`{`
			`RAND_OpenSSL()->add(in, inlen, entropy);`
			`if (FIPS_rand_status()) {`
			`- FIPS_drbg_reseed(ctx, NULL, 0);`
			`+ FIPS_drbg_reseed(ctx, in, inlen);`
			`}`
			`return 1;`
			`}`