[openssl] master update

Matt Caswell matt at openssl.org
Fri Jun 28 09:28:03 UTC 2019


The branch master has been updated
       via  53a11c6da09988efba93eccfdd10bf7edf1d53b2 (commit)
       via  671aaecd365644d6981c9542d48a1c32666da18d (commit)
       via  4cecf7a127fbe18316140963acf8787139f90f8d (commit)
       via  45c54042d02362f083143c09513e57317f983244 (commit)
       via  f2d20f0bb8b79f37f785ca9eff5252188991dd8d (commit)
       via  57ca171a131e6d55b4c4f6decefedeaa509db702 (commit)
      from  0da1d43a94ffc8f2aaadcaa441f556ed54f0ecda (commit)


- Log -----------------------------------------------------------------
commit 53a11c6da09988efba93eccfdd10bf7edf1d53b2
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jun 20 13:17:22 2019 +0100

    Change the DRBG HMAC implementation to lookup allowed digest names
    
    As per the previous commit we make the same change for DRBG HMAC and
    more closely align the FIPS_MODE and non FIPS_MODE implementations.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/9035)

commit 671aaecd365644d6981c9542d48a1c32666da18d
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jun 20 11:51:08 2019 +0100

    Change the DRBG HASH implementation to lookup all allowed algorithm names
    
    We use the new function ossl_prov_util_nid_to_name() to look up the
    algorithm and unify the FIPS_MODE and non-FIPS_MODE handling.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/9035)

commit 4cecf7a127fbe18316140963acf8787139f90f8d
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Jun 20 11:48:50 2019 +0100

    Add a nid 2 algorithm name mapping capability
    
    Providers that link against libcrypto can just use OBJ_nid2sn() to look
    up the name of an algorithm given a NID. However that doesn't work for the
    FIPS provider because OBJ_nid2sn() is not available there (due to the
    reliance of the code on ASN.1 types). Therefore we provider a new function
    to do this mapping. For providers linking against libcrypto the new function
    just wraps OBJ_nid2sn(). For the FIPS provider it has a look up for all the
    NIDs known there.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/9035)

commit 45c54042d02362f083143c09513e57317f983244
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 28 11:26:17 2019 +0100

    Call RAND_DRBG_bytes from inside the FIPS provider
    
    Insert a dummy call to RAND_DRBG_bytes from inside the FIPS provider to
    demonstrate that it is possible to use the RAND code from inside the
    module. This is temporary and will be removed once real uses of the RAND
    code are available inside the module.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/9035)

commit f2d20f0bb8b79f37f785ca9eff5252188991dd8d
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 28 11:28:16 2019 +0100

    Fix NULL pointer dereference in the ex_data code
    
    In some circumstances the global data held in the "global" variable can
    be NULL, so we should error out in the circumstance instead of crashing.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/9035)

commit 57ca171a131e6d55b4c4f6decefedeaa509db702
Author: Matt Caswell <matt at openssl.org>
Date:   Thu May 23 14:35:42 2019 +0100

    Make the RAND code available from inside the FIPS module
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/9035)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ex_data.c                                   |  2 +-
 crypto/hmac/build.info                             |  7 ++-
 crypto/hmac/hm_meth.c                              | 10 ++++
 crypto/rand/build.info                             | 10 ++--
 crypto/rand/drbg_ctr.c                             | 13 ++++-
 crypto/rand/drbg_hash.c                            | 44 +++++++++++++--
 crypto/rand/drbg_hmac.c                            | 40 ++++++++++++--
 crypto/rand/drbg_lib.c                             |  6 +-
 crypto/rand/rand_crng_test.c                       | 28 ++++++----
 crypto/rand/rand_lcl.h                             | 16 +++---
 crypto/rand/rand_unix.c                            |  2 +-
 crypto/rand/rand_win.c                             |  2 +-
 doc/internal/man3/ossl_prov_util_nid_to_name.pod   | 35 ++++++++++++
 providers/common/build.info                        |  2 +-
 providers/common/include/internal/providercommon.h |  4 ++
 .../openssl/cmperr.h => providers/common/provlib.c | 27 +++------
 providers/fips/fipsprov.c                          | 64 +++++++++++++++++++++-
 test/build.info                                    |  4 +-
 test/drbgtest.c                                    |  4 +-
 19 files changed, 253 insertions(+), 67 deletions(-)
 create mode 100644 doc/internal/man3/ossl_prov_util_nid_to_name.pod
 copy include/openssl/cmperr.h => providers/common/provlib.c (54%)

diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 055420a..d7d0d5a 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -36,7 +36,7 @@ static EX_CALLBACKS *get_and_lock(OPENSSL_CTX *ctx, int class_index)
     }
 
     global = openssl_ctx_get_ex_data_global(ctx);
-    if (global->ex_data_lock == NULL) {
+    if (global == NULL || global->ex_data_lock == NULL) {
         /*
          * This can happen in normal operation when using CRYPTO_mem_leaks().
          * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans
diff --git a/crypto/hmac/build.info b/crypto/hmac/build.info
index f63524d..b1c1461 100644
--- a/crypto/hmac/build.info
+++ b/crypto/hmac/build.info
@@ -1,3 +1,6 @@
 LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
-        hmac.c hm_ameth.c hm_meth.c
+
+$COMMON=hmac.c hm_meth.c
+
+SOURCE[../../libcrypto]=$COMMON hm_ameth.c
+SOURCE[../../providers/fips]=$COMMON
diff --git a/crypto/hmac/hm_meth.c b/crypto/hmac/hm_meth.c
index db9af95..19278ef 100644
--- a/crypto/hmac/hm_meth.c
+++ b/crypto/hmac/hm_meth.c
@@ -152,6 +152,15 @@ static int hmac_ctrl_str(EVP_MAC_IMPL *hctx, const char *type,
 {
     if (!value)
         return 0;
+#ifndef FIPS_MODE
+    /*
+     * We don't have EVP_get_digestbyname() in FIPS_MODE. That function returns
+     * an EVP_MD without an associated provider implementation (i.e. it is
+     * using "implicit fetch"). We could replace it with an "explicit" fetch
+     * using EVP_MD_fetch(), but we'd then be required to free the returned
+     * EVP_MD somewhere. Probably the complexity isn't worth it as we are
+     * unlikely to need this ctrl in FIPS_MODE anyway.
+     */
     if (strcmp(type, "digest") == 0) {
         const EVP_MD *d = EVP_get_digestbyname(value);
 
@@ -159,6 +168,7 @@ static int hmac_ctrl_str(EVP_MAC_IMPL *hctx, const char *type,
             return 0;
         return hmac_ctrl_int(hctx, EVP_MAC_CTRL_SET_MD, d);
     }
+#endif
     if (strcmp(type, "key") == 0)
         return EVP_str2ctrl(hmac_ctrl_str_cb, hctx, EVP_MAC_CTRL_SET_KEY,
                             value);
diff --git a/crypto/rand/build.info b/crypto/rand/build.info
index 70d2580..3e0a9c7 100644
--- a/crypto/rand/build.info
+++ b/crypto/rand/build.info
@@ -1,5 +1,7 @@
 LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
-        randfile.c rand_lib.c rand_err.c rand_crng_test.c rand_egd.c \
-        rand_win.c rand_unix.c rand_vms.c drbg_lib.c drbg_ctr.c rand_vxworks.c \
-        drbg_hash.c drbg_hmac.c
+
+$COMMON=rand_lib.c rand_crng_test.c rand_win.c rand_unix.c  rand_vms.c \
+        drbg_lib.c drbg_ctr.c rand_vxworks.c drbg_hash.c drbg_hmac.c
+
+SOURCE[../../libcrypto]=$COMMON randfile.c rand_err.c rand_egd.c
+SOURCE[../../providers/fips]=$COMMON
diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c
index 4c11e65..23e504b 100644
--- a/crypto/rand/drbg_ctr.c
+++ b/crypto/rand/drbg_ctr.c
@@ -354,6 +354,7 @@ static int drbg_ctr_uninstantiate(RAND_DRBG *drbg)
 {
     EVP_CIPHER_CTX_free(drbg->data.ctr.ctx);
     EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df);
+    EVP_CIPHER_meth_free(drbg->data.ctr.cipher);
     OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr));
     return 1;
 }
@@ -369,6 +370,7 @@ int drbg_ctr_init(RAND_DRBG *drbg)
 {
     RAND_DRBG_CTR *ctr = &drbg->data.ctr;
     size_t keylen;
+    EVP_CIPHER *cipher = NULL;
 
     switch (drbg->type) {
     default:
@@ -376,17 +378,22 @@ int drbg_ctr_init(RAND_DRBG *drbg)
         return 0;
     case NID_aes_128_ctr:
         keylen = 16;
-        ctr->cipher = EVP_aes_128_ecb();
+        cipher = EVP_CIPHER_fetch(drbg->libctx, "AES-128-ECB", "");
         break;
     case NID_aes_192_ctr:
         keylen = 24;
-        ctr->cipher = EVP_aes_192_ecb();
+        cipher = EVP_CIPHER_fetch(drbg->libctx, "AES-192-ECB", "");
         break;
     case NID_aes_256_ctr:
         keylen = 32;
-        ctr->cipher = EVP_aes_256_ecb();
+        cipher = EVP_CIPHER_fetch(drbg->libctx, "AES-256-ECB", "");
         break;
     }
+    if (cipher == NULL)
+        return 0;
+
+    EVP_CIPHER_meth_free(ctr->cipher);
+    ctr->cipher = cipher;
 
     drbg->meth = &drbg_ctr_meth;
 
diff --git a/crypto/rand/drbg_hash.c b/crypto/rand/drbg_hash.c
index 0943180..bb6f36c 100644
--- a/crypto/rand/drbg_hash.c
+++ b/crypto/rand/drbg_hash.c
@@ -14,6 +14,7 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include "internal/thread_once.h"
+#include "internal/providercommon.h"
 #include "rand_lcl.h"
 
 /* 440 bits from SP800-90Ar1 10.1 table 2 */
@@ -289,6 +290,7 @@ static int drbg_hash_generate(RAND_DRBG *drbg,
 
 static int drbg_hash_uninstantiate(RAND_DRBG *drbg)
 {
+    EVP_MD_meth_free(drbg->data.hash.md);
     EVP_MD_CTX_free(drbg->data.hash.ctx);
     OPENSSL_cleanse(&drbg->data.hash, sizeof(drbg->data.hash));
     return 1;
@@ -303,23 +305,55 @@ static RAND_DRBG_METHOD drbg_hash_meth = {
 
 int drbg_hash_init(RAND_DRBG *drbg)
 {
-    const EVP_MD *md;
+    EVP_MD *md;
     RAND_DRBG_HASH *hash = &drbg->data.hash;
 
-    /* Any approved digest is allowed */
-    md = EVP_get_digestbynid(drbg->type);
+    /*
+     * Confirm digest is allowed. Outside FIPS_MODE we allow all non-legacy
+     * digests. Inside FIPS_MODE we only allow approved digests. Also no XOF
+     * digests (such as SHAKE).
+     */
+    switch (drbg->type) {
+    default:
+        return 0;
+
+    case NID_sha1:
+    case NID_sha224:
+    case NID_sha256:
+    case NID_sha384:
+    case NID_sha512:
+    case NID_sha512_224:
+    case NID_sha512_256:
+    case NID_sha3_224:
+    case NID_sha3_256:
+    case NID_sha3_384:
+    case NID_sha3_512:
+#ifndef FIPS_MODE
+    case NID_blake2b512:
+    case NID_blake2s256:
+    case NID_sm3:
+#endif
+        break;
+    }
+
+    md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), "");
     if (md == NULL)
         return 0;
 
+
     drbg->meth = &drbg_hash_meth;
-    hash->md = md;
 
     if (hash->ctx == NULL) {
         hash->ctx = EVP_MD_CTX_new();
-        if (hash->ctx == NULL)
+        if (hash->ctx == NULL) {
+            EVP_MD_meth_free(md);
             return 0;
+        }
     }
 
+    EVP_MD_meth_free(hash->md);
+    hash->md = md;
+
     /* These are taken from SP 800-90 10.1 Table 2 */
     hash->blocklen = EVP_MD_size(md);
     /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
diff --git a/crypto/rand/drbg_hmac.c b/crypto/rand/drbg_hmac.c
index cb70bcb..baafc59 100644
--- a/crypto/rand/drbg_hmac.c
+++ b/crypto/rand/drbg_hmac.c
@@ -13,6 +13,7 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include "internal/thread_once.h"
+#include "internal/providercommon.h"
 #include "rand_lcl.h"
 
 /*
@@ -183,6 +184,7 @@ static int drbg_hmac_generate(RAND_DRBG *drbg,
 
 static int drbg_hmac_uninstantiate(RAND_DRBG *drbg)
 {
+    EVP_MD_meth_free(drbg->data.hmac.md);
     HMAC_CTX_free(drbg->data.hmac.ctx);
     OPENSSL_cleanse(&drbg->data.hmac, sizeof(drbg->data.hmac));
     return 1;
@@ -197,11 +199,38 @@ static RAND_DRBG_METHOD drbg_hmac_meth = {
 
 int drbg_hmac_init(RAND_DRBG *drbg)
 {
-    const EVP_MD *md = NULL;
+    EVP_MD *md = NULL;
     RAND_DRBG_HMAC *hmac = &drbg->data.hmac;
 
-    /* Any approved digest is allowed - assume we pass digest (not NID_hmac*) */
-    md = EVP_get_digestbynid(drbg->type);
+    /*
+     * Confirm digest is allowed. Outside FIPS_MODE we allow all non-legacy
+     * digests. Inside FIPS_MODE we only allow approved digests. Also no XOF
+     * digests (such as SHAKE).
+     */
+    switch (drbg->type) {
+    default:
+        return 0;
+
+    case NID_sha1:
+    case NID_sha224:
+    case NID_sha256:
+    case NID_sha384:
+    case NID_sha512:
+    case NID_sha512_224:
+    case NID_sha512_256:
+    case NID_sha3_224:
+    case NID_sha3_256:
+    case NID_sha3_384:
+    case NID_sha3_512:
+#ifndef FIPS_MODE
+    case NID_blake2b512:
+    case NID_blake2s256:
+    case NID_sm3:
+#endif
+        break;
+    }
+
+    md = EVP_MD_fetch(drbg->libctx, ossl_prov_util_nid_to_name(drbg->type), "");
     if (md == NULL)
         return 0;
 
@@ -209,11 +238,14 @@ int drbg_hmac_init(RAND_DRBG *drbg)
 
     if (hmac->ctx == NULL) {
         hmac->ctx = HMAC_CTX_new();
-        if (hmac->ctx == NULL)
+        if (hmac->ctx == NULL) {
+            EVP_MD_meth_free(md);
             return 0;
+        }
     }
 
     /* These are taken from SP 800-90 10.1 Table 2 */
+    EVP_MD_meth_free(hmac->md);
     hmac->md = md;
     hmac->blocklen = EVP_MD_size(md);
     /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 33bc81c..812a52f 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -1339,7 +1339,8 @@ RAND_DRBG *OPENSSL_CTX_get0_public_drbg(OPENSSL_CTX *ctx)
 
     drbg = CRYPTO_THREAD_get_local(&dgbl->public_drbg);
     if (drbg == NULL) {
-        if (!ossl_init_thread_start(NULL, NULL, drbg_delete_thread_state))
+        ctx = openssl_ctx_get_concrete(ctx);
+        if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
             return NULL;
         drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PUBLIC);
         CRYPTO_THREAD_set_local(&dgbl->public_drbg, drbg);
@@ -1366,7 +1367,8 @@ RAND_DRBG *OPENSSL_CTX_get0_private_drbg(OPENSSL_CTX *ctx)
 
     drbg = CRYPTO_THREAD_get_local(&dgbl->private_drbg);
     if (drbg == NULL) {
-        if (!ossl_init_thread_start(NULL, NULL, drbg_delete_thread_state))
+        ctx = openssl_ctx_get_concrete(ctx);
+        if (!ossl_init_thread_start(NULL, ctx, drbg_delete_thread_state))
             return NULL;
         drbg = drbg_setup(ctx, dgbl->master_drbg, RAND_DRBG_TYPE_PRIVATE);
         CRYPTO_THREAD_set_local(&dgbl->private_drbg, drbg);
diff --git a/crypto/rand/rand_crng_test.c b/crypto/rand/rand_crng_test.c
index 11d85f3..44e077e 100644
--- a/crypto/rand/rand_crng_test.c
+++ b/crypto/rand/rand_crng_test.c
@@ -24,8 +24,8 @@ typedef struct crng_test_global_st {
     RAND_POOL *crngt_pool;
 } CRNG_TEST_GLOBAL;
 
-int (*crngt_get_entropy)(OPENSSL_CTX *, unsigned char *, unsigned char *,
-                         unsigned int *)
+int (*crngt_get_entropy)(OPENSSL_CTX *, RAND_POOL *, unsigned char *,
+                         unsigned char *, unsigned int *)
     = &rand_crngt_get_entropy_cb;
 
 static void rand_crng_ossl_ctx_free(void *vcrngt_glob)
@@ -49,7 +49,8 @@ static void *rand_crng_ossl_ctx_new(OPENSSL_CTX *ctx)
         OPENSSL_free(crngt_glob);
         return NULL;
     }
-    if (crngt_get_entropy(ctx, buf, crngt_glob->crngt_prev, NULL)) {
+    if (crngt_get_entropy(ctx, crngt_glob->crngt_pool, buf,
+                          crngt_glob->crngt_prev, NULL)) {
         OPENSSL_cleanse(buf, sizeof(buf));
         return crngt_glob;
     }
@@ -64,6 +65,7 @@ static const OPENSSL_CTX_METHOD rand_crng_ossl_ctx_method = {
 };
 
 int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx,
+                              RAND_POOL *pool,
                               unsigned char *buf,
                               unsigned char *md,
                               unsigned int *md_size)
@@ -71,20 +73,21 @@ int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx,
     int r;
     size_t n;
     unsigned char *p;
-    CRNG_TEST_GLOBAL *crngt_glob
-        = openssl_ctx_get_data(ctx, OPENSSL_CTX_RAND_CRNGT_INDEX,
-                               &rand_crng_ossl_ctx_method);
 
-    if (crngt_glob == NULL)
+    if (pool == NULL)
         return 0;
 
-    n = rand_pool_acquire_entropy(crngt_glob->crngt_pool);
+    n = rand_pool_acquire_entropy(pool);
     if (n >= CRNGT_BUFSIZ) {
-        p = rand_pool_detach(crngt_glob->crngt_pool);
-        r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, EVP_sha256(), NULL);
+        EVP_MD *fmd = EVP_MD_fetch(ctx, "SHA256", "");
+        if (fmd == NULL)
+            return 0;
+        p = rand_pool_detach(pool);
+        r = EVP_Digest(p, CRNGT_BUFSIZ, md, md_size, fmd, NULL);
         if (r != 0)
             memcpy(buf, p, CRNGT_BUFSIZ);
-        rand_pool_reattach(crngt_glob->crngt_pool, p);
+        rand_pool_reattach(pool, p);
+        EVP_MD_meth_free(fmd);
         return r;
     }
     return 0;
@@ -112,7 +115,8 @@ size_t rand_crngt_get_entropy(RAND_DRBG *drbg,
 
     while ((q = rand_pool_bytes_needed(pool, 1)) > 0 && attempts-- > 0) {
         s = q > sizeof(buf) ? sizeof(buf) : q;
-        if (!crngt_get_entropy(drbg->libctx, buf, md, &sz)
+        if (!crngt_get_entropy(drbg->libctx, crngt_glob->crngt_pool, buf, md,
+                               &sz)
             || memcmp(crngt_glob->crngt_prev, md, sz) == 0
             || !rand_pool_add(pool, buf, s, s * 8))
             goto err;
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 97126bc..416237a 100644
--- a/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
@@ -17,6 +17,7 @@
 # include <openssl/ec.h>
 # include <openssl/rand_drbg.h>
 # include "internal/tsan_assist.h"
+# include "internal/rand_int.h"
 
 # include "internal/numbers.h"
 
@@ -129,7 +130,7 @@ typedef struct rand_drbg_method_st {
 #define HASH_PRNG_MAX_SEEDLEN    (888/8)
 
 typedef struct rand_drbg_hash_st {
-    const EVP_MD *md;
+    EVP_MD *md;
     EVP_MD_CTX *ctx;
     size_t blocklen;
     unsigned char V[HASH_PRNG_MAX_SEEDLEN];
@@ -139,7 +140,7 @@ typedef struct rand_drbg_hash_st {
 } RAND_DRBG_HASH;
 
 typedef struct rand_drbg_hmac_st {
-    const EVP_MD *md;
+    EVP_MD *md;
     HMAC_CTX *ctx;
     size_t blocklen;
     unsigned char K[EVP_MAX_MD_SIZE];
@@ -152,7 +153,7 @@ typedef struct rand_drbg_hmac_st {
 typedef struct rand_drbg_ctr_st {
     EVP_CIPHER_CTX *ctx;
     EVP_CIPHER_CTX *ctx_df;
-    const EVP_CIPHER *cipher;
+    EVP_CIPHER *cipher;
     size_t keylen;
     unsigned char K[32];
     unsigned char V[16];
@@ -336,10 +337,11 @@ int drbg_hmac_init(RAND_DRBG *drbg);
  * Entropy call back for the FIPS 140-2 section 4.9.2 Conditional Tests.
  * These need to be exposed for the unit tests.
  */
-int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx, unsigned char *buf,
-                              unsigned char *md, unsigned int *md_size);
-extern int (*crngt_get_entropy)(OPENSSL_CTX *ctx, unsigned char *buf,
-                                unsigned char *md,
+int rand_crngt_get_entropy_cb(OPENSSL_CTX *ctx, RAND_POOL *pool,
+                              unsigned char *buf, unsigned char *md,
+                              unsigned int *md_size);
+extern int (*crngt_get_entropy)(OPENSSL_CTX *ctx, RAND_POOL *pool,
+                                unsigned char *buf, unsigned char *md,
                                 unsigned int *md_size);
 
 #endif
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 6161909..e45e018 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -285,7 +285,7 @@ static ssize_t syscall_random(void *buf, size_t buflen)
 
     if (getentropy != NULL)
         return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
-#  else
+#  elif !defined(FIPS_MODE)
     union {
         void *p;
         int (*f)(void *buffer, size_t length);
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 17ab137..8b87419 100644
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@@ -162,7 +162,7 @@ int rand_pool_add_additional_data(RAND_POOL *pool)
     return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
 }
 
-# if !OPENSSL_API_1_1_0
+# if !OPENSSL_API_1_1_0 && !defined(FIPS_MODE)
 int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 {
     RAND_poll();
diff --git a/doc/internal/man3/ossl_prov_util_nid_to_name.pod b/doc/internal/man3/ossl_prov_util_nid_to_name.pod
new file mode 100644
index 0000000..56a16d3
--- /dev/null
+++ b/doc/internal/man3/ossl_prov_util_nid_to_name.pod
@@ -0,0 +1,35 @@
+=pod
+
+=head1 NAME
+
+ossl_prov_util_nid_to_name
+- provider utility functions
+
+=head1 SYNOPSIS
+
+ #include "internal/providercommon.h"
+
+ const char *ossl_prov_util_nid_to_name(int nid);
+
+=head1 DESCRIPTION
+
+The ossl_prov_util_nid_to_name() returns the name of an algorithm given a NID
+in the B<nid> parameter. For the default and legacy providers it is equivalent
+to calling OBJ_nid2sn(). The FIPS provider does not have the object database
+code available to it (because that code relies on the ASN.1 code), so this
+function is a static lookup of all known FIPS algorithm NIDs.
+
+=head1 RETURN VALUES
+
+Returns a pointer to the algorithm name, or NULL on error.
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/providers/common/build.info b/providers/common/build.info
index 1617467..500ef64 100644
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -1,4 +1,4 @@
 SUBDIRS=digests ciphers
 
 SOURCE[../../libcrypto]=\
-        provider_err.c
+        provider_err.c provlib.c
diff --git a/providers/common/include/internal/providercommon.h b/providers/common/include/internal/providercommon.h
index 663d9c6..d54fafa 100644
--- a/providers/common/include/internal/providercommon.h
+++ b/providers/common/include/internal/providercommon.h
@@ -7,4 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/provider.h>
+
 const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx);
+
+const char *ossl_prov_util_nid_to_name(int nid);
diff --git a/include/openssl/cmperr.h b/providers/common/provlib.c
similarity index 54%
copy from include/openssl/cmperr.h
copy to providers/common/provlib.c
index 7c1402c..43da7cd 100644
--- a/include/openssl/cmperr.h
+++ b/providers/common/provlib.c
@@ -1,5 +1,4 @@
 /*
- * Generated by util/mkerr.pl DO NOT EDIT
  * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -8,25 +7,15 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_CMPERR_H
-# define HEADER_CMPERR_H
-
-# include <openssl/opensslconf.h>
-
-# ifndef OPENSSL_NO_CMP
-
-#  ifdef  __cplusplus
-extern "C"
-#  endif
-int ERR_load_CMP_strings(void);
-
-/*
- * CMP function codes.
- */
+#include <openssl/objects.h>
+#include "internal/providercommon.h"
 
 /*
- * CMP reason codes.
+ * The FIPS provider has its own version of this in fipsprov.c because it does
+ * not have OBJ_nid2sn();
  */
+const char *ossl_prov_util_nid_to_name(int nid)
+{
+   return OBJ_nid2sn(nid); 
+}
 
-# endif
-#endif
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 78e3026..b0196f0 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -15,8 +15,11 @@
 #include <openssl/params.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+
 /* TODO(3.0): Needed for dummy_evp_call(). To be removed */
 #include <openssl/sha.h>
+#include <openssl/rand_drbg.h>
+
 #include "internal/cryptlib.h"
 #include "internal/property.h"
 #include "internal/evp_int.h"
@@ -85,8 +88,10 @@ static int dummy_evp_call(void *provctx)
     int ret = 0;
     BN_CTX *bnctx = NULL;
     BIGNUM *a = NULL, *b = NULL;
+    unsigned char randbuf[128];
+    RAND_DRBG *drbg = OPENSSL_CTX_get0_public_drbg(libctx);
 
-    if (ctx == NULL || sha256 == NULL)
+    if (ctx == NULL || sha256 == NULL || drbg == NULL)
         goto err;
 
     if (!EVP_DigestInit_ex(ctx, sha256, NULL))
@@ -112,6 +117,9 @@ static int dummy_evp_call(void *provctx)
         || BN_cmp(a, b) != 0)
         goto err;
     
+    if (RAND_DRBG_bytes(drbg, randbuf, sizeof(randbuf)) <= 0)
+        goto err;
+
     ret = 1;
  err:
     BN_CTX_end(bnctx);
@@ -144,6 +152,60 @@ static int fips_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
     return 1;
 }
 
+/* FIPS specific version of the function of the same name in provlib.c */
+const char *ossl_prov_util_nid_to_name(int nid)
+{
+    /* We don't have OBJ_nid2n() in FIPS_MODE so we have an explicit list */
+
+    switch (nid) {
+    /* Digests */
+    case NID_sha1:
+        return "SHA224";
+    case NID_sha224:
+        return "SHA224";
+    case NID_sha256:
+        return "SHA256";
+    case NID_sha384:
+        return "SHA384";
+    case NID_sha512:
+        return "SHA512";
+    case NID_sha512_224:
+        return "SHA512-224";
+    case NID_sha512_256:
+        return "SHA512-256";
+    case NID_sha3_224:
+        return "SHA3-224";
+    case NID_sha3_256:
+        return "SHA3-256";
+    case NID_sha3_384:
+        return "SHA3-384";
+    case NID_sha3_512:
+        return "SHA3-512";
+
+    /* Ciphers */
+    case NID_aes_256_ecb:
+        return "AES-256-ECB";
+    case NID_aes_192_ecb:
+        return "AES-192-ECB";
+    case NID_aes_128_ecb:
+        return "AES-128-ECB";
+    case NID_aes_256_cbc:
+        return "AES-256-CBC";
+    case NID_aes_192_cbc:
+        return "AES-192-CBC";
+    case NID_aes_128_cbc:
+        return "AES-128-CBC";
+    case NID_aes_256_ctr:
+        return "AES-256-CTR";
+    case NID_aes_192_ctr:
+        return "AES-192-CTR";
+    case NID_aes_128_ctr:
+        return "AES-128-CTR";
+    }
+
+    return NULL;
+}
+
 static const OSSL_ALGORITHM fips_digests[] = {
     { "SHA1", "fips=yes", sha1_functions },
     { "SHA224", "fips=yes", sha224_functions },
diff --git a/test/build.info b/test/build.info
index 1cf604e..f5b802d 100644
--- a/test/build.info
+++ b/test/build.info
@@ -371,13 +371,13 @@ IF[{- !$disabled{tests} -}]
   DEPEND[recordlentest]=../libcrypto ../libssl libtestutil.a
 
   SOURCE[drbgtest]=drbgtest.c
-  INCLUDE[drbgtest]=../include ../apps/include
+  INCLUDE[drbgtest]=../include ../apps/include ../crypto/include
   DEPEND[drbgtest]=../libcrypto.a libtestutil.a
 
   SOURCE[drbg_cavs_test]=drbg_cavs_test.c drbg_cavs_data_ctr.c \
                          drbg_cavs_data_hash.c drbg_cavs_data_hmac.c
 
-  INCLUDE[drbg_cavs_test]=../include ../apps/include . ..
+  INCLUDE[drbg_cavs_test]=../include ../apps/include . .. ../crypto/include
   DEPEND[drbg_cavs_test]=../libcrypto libtestutil.a
 
   SOURCE[x509_dup_cert_test]=x509_dup_cert_test.c
diff --git a/test/drbgtest.c b/test/drbgtest.c
index 618403f..f75c432 100644
--- a/test/drbgtest.c
+++ b/test/drbgtest.c
@@ -1264,8 +1264,8 @@ static const size_t crngt_num_cases = 6;
 
 static size_t crngt_case, crngt_idx;
 
-static int crngt_entropy_cb(OPENSSL_CTX *ctx, unsigned char *buf,
-                            unsigned char *md,
+static int crngt_entropy_cb(OPENSSL_CTX *ctx, RAND_POOL *pool,
+                            unsigned char *buf, unsigned char *md,
                             unsigned int *md_size)
 {
     size_t i, z;


More information about the openssl-commits mailing list