/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-rng-seed.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-rng-seed.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:10 2014 UTC (10 years, 8 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Initial import

1 wellsi 1.1 Seed the FIPS rng directly from the kernel random device.
2     diff -up openssl-fips-0.9.8e/crypto/rand/rand_lcl.h.rng-seed openssl-fips-0.9.8e/crypto/rand/rand_lcl.h
3     --- openssl-fips-0.9.8e/crypto/rand/rand_lcl.h.rng-seed 2009-04-15 13:48:50.000000000 +0200
4     +++ openssl-fips-0.9.8e/crypto/rand/rand_lcl.h 2009-04-15 13:48:51.000000000 +0200
5     @@ -112,7 +112,7 @@
6     #ifndef HEADER_RAND_LCL_H
7     #define HEADER_RAND_LCL_H
8    
9     -#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
10     +#define ENTROPY_NEEDED 48 /* we need 48 bytes of randomness for FIPS rng */
11    
12    
13     #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
14     diff -up openssl-fips-0.9.8e/fips/fips.c.rng-seed openssl-fips-0.9.8e/fips/fips.c
15     --- openssl-fips-0.9.8e/fips/fips.c.rng-seed 2009-04-15 13:48:51.000000000 +0200
16     +++ openssl-fips-0.9.8e/fips/fips.c 2009-04-15 13:48:51.000000000 +0200
17     @@ -508,22 +508,22 @@ int FIPS_mode_set(int onoff)
18     goto end;
19     }
20    
21     + /* now switch into FIPS mode */
22     + fips_set_rand_check(FIPS_rand_method());
23     + RAND_set_rand_method(FIPS_rand_method());
24     +
25     /* automagically seed PRNG if not already seeded */
26     if(!FIPS_rand_status())
27     {
28     - if(RAND_bytes(buf,sizeof buf) <= 0)
29     + RAND_poll();
30     + if (!FIPS_rand_status())
31     {
32     fips_selftest_fail = 1;
33     ret = 0;
34     goto end;
35     }
36     - FIPS_rand_set_key(buf,32);
37     - FIPS_rand_seed(buf+32,16);
38     }
39    
40     - /* now switch into FIPS mode */
41     - fips_set_rand_check(FIPS_rand_method());
42     - RAND_set_rand_method(FIPS_rand_method());
43     if(FIPS_selftest())
44     fips_set_mode(1);
45     else
46     diff -up openssl-fips-0.9.8e/fips/rand/fips_rand.c.rng-seed openssl-fips-0.9.8e/fips/rand/fips_rand.c
47     --- openssl-fips-0.9.8e/fips/rand/fips_rand.c.rng-seed 2007-09-12 19:46:05.000000000 +0200
48     +++ openssl-fips-0.9.8e/fips/rand/fips_rand.c 2009-06-29 18:34:00.000000000 +0200
49     @@ -155,7 +155,18 @@ static int fips_set_prng_seed(FIPS_PRNG_
50     {
51     int i;
52     if (!ctx->keyed)
53     - return 0;
54     + {
55     + FIPS_RAND_SIZE_T keylen = 16;
56     +
57     + if (seedlen - keylen < AES_BLOCK_LENGTH)
58     + return 0;
59     + if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
60     + keylen += 8;
61     + if (seedlen - keylen - 8 >= AES_BLOCK_LENGTH)
62     + keylen += 8;
63     + seedlen -= keylen;
64     + fips_set_prng_key(ctx, seed+seedlen, keylen);
65     + }
66     /* In test mode seed is just supplied data */
67     if (ctx->test_mode)
68     {
69     @@ -276,6 +287,7 @@ static int fips_rand(FIPS_PRNG_CTX *ctx,
70     unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
71     unsigned char tmp[AES_BLOCK_LENGTH];
72     int i;
73     + FIPS_selftest_check();
74     if (ctx->error)
75     {
76     RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed