diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c --- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200 +++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c 2020-06-22 13:32:47.675852917 +0200 @@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx, int FIPS_drbg_reseed(DRBG_CTX *dctx, const unsigned char *adin, size_t adinlen) { + int len = (int)adinlen; + + if (len < 0 || (size_t)len != adinlen) { + FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG); + return 0; + } + RAND_seed(adin, len); + return 1; +} + +int FIPS_drbg_reseed_internal(DRBG_CTX *dctx, + const unsigned char *adin, size_t adinlen) +{ return drbg_reseed(dctx, adin, adinlen, 1); } @@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u int prediction_resistance, const unsigned char *adin, size_t adinlen) { + int len = (int)outlen; + + if (len < 0 || (size_t)len != outlen) { + FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG); + return 0; + } + return RAND_bytes(out, len); +} + +int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen, + int prediction_resistance, + const unsigned char *adin, size_t adinlen) +{ int r = 0; if (FIPS_selftest_failed()) { diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c --- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg 2020-06-22 13:32:47.611852927 +0200 +++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c 2020-06-22 13:32:47.675852917 +0200 @@ -57,6 +57,8 @@ #include #include #include +#define FIPS_DRBG_generate FIPS_DRBG_generate_internal +#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal #include #include "fips_rand_lcl.h" diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c --- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg 2020-06-22 13:32:47.612852927 +0200 +++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c 2020-06-22 13:32:47.675852917 +0200 @@ -55,6 +55,8 @@ #include #include #include +#define FIPS_DRBG_generate FIPS_DRBG_generate_internal +#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal #include #include "fips_rand_lcl.h" #include "fips_locl.h" diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c --- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200 +++ openssl-1.1.1g/crypto/fips/fips_post.c 2020-06-22 13:32:47.675852917 +0200 @@ -79,8 +79,6 @@ int FIPS_selftest(void) ERR_add_error_data(2, "Type=", "rand_drbg_selftest"); rv = 0; } - if (!FIPS_selftest_drbg()) - rv = 0; if (!FIPS_selftest_sha1()) rv = 0; if (!FIPS_selftest_sha2()) diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c --- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg 2020-06-22 13:32:47.613852927 +0200 +++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c 2020-06-22 13:36:28.722817967 +0200 @@ -120,6 +120,7 @@ void FIPS_rand_reset(void) int FIPS_rand_seed(const void *buf, int num) { +#if 0 if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD); return 0; @@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int if (fips_rand_meth && fips_rand_meth->seed) fips_rand_meth->seed(buf, num); return 1; +#else + RAND_seed(buf, num); + return 1; +#endif } int FIPS_rand_bytes(unsigned char *buf, int num) { +#if 0 if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD); return 0; @@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf, if (fips_rand_meth && fips_rand_meth->bytes) return fips_rand_meth->bytes(buf, num); return 0; +#else + return RAND_bytes(buf, num); +#endif } int FIPS_rand_status(void) { +#if 0 if (!fips_approved_rand_meth && FIPS_module_mode()) { FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD); return 0; @@ -149,6 +159,9 @@ int FIPS_rand_status(void) if (fips_rand_meth && fips_rand_meth->status) return fips_rand_meth->status(); return 0; +#else + return RAND_status(); +#endif } /* Return instantiated strength of PRNG. For DRBG this is an internal diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h --- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg 2020-06-22 13:32:47.672852918 +0200 +++ openssl-1.1.1g/include/openssl/fips.h 2020-06-22 13:32:47.675852917 +0200 @@ -64,6 +64,11 @@ extern "C" { int FIPS_selftest(void); int FIPS_selftest_failed(void); + + /* + * This function is deprecated as it performs selftest of the old FIPS drbg + * implementation that is not validated. + */ int FIPS_selftest_drbg_all(void); int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h --- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg 2020-06-22 13:32:47.617852926 +0200 +++ openssl-1.1.1g/include/openssl/fips_rand.h 2020-06-22 13:32:47.675852917 +0200 @@ -60,6 +60,20 @@ # ifdef __cplusplus extern "C" { # endif + +/* + * IMPORTANT NOTE: + * All functions in this header file are deprecated and should not be used + * as they use the old FIPS_drbg implementation that is not FIPS validated + * anymore. + * To provide backwards compatibility for applications that need FIPS compliant + * RNG number generation and use FIPS_drbg_generate, this function was + * re-wired to call the FIPS validated DRBG instance instead through + * the RAND_bytes() call. + * + * All these functions will be removed in future. + */ + typedef struct drbg_ctx_st DRBG_CTX; /* DRBG external flags */ /* Flag for CTR mode only: use derivation function ctr_df */