Merge pull request wolfSSL#8867 from JacobBarthelmeh/rng

Improvements to RNG and compatibility layer

Author: dgarske

.github/workflows/os-check.yml

@@ -48,6 +48,9 @@ jobs:
           '--enable-sniffer --enable-curve25519 --enable-curve448 --enable-enckeys CFLAGS=-DWOLFSSL_DH_EXTRA',
           '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
             --enable-dtls-mtu CPPFLAGS=-DWOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS',
+          '--enable-opensslall --enable-opensslextra CPPFLAGS=-DWC_RNG_SEED_CB',
+          '--enable-opensslall --enable-opensslextra
+            CPPFLAGS='-DWC_RNG_SEED_CB -DWOLFSSL_NO_GETPID'',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'

CMakeLists.txt

@@ -124,6 +124,7 @@ check_function_exists("memset" HAVE_MEMSET)
 check_function_exists("socket" HAVE_SOCKET)
 check_function_exists("strftime" HAVE_STRFTIME)
 check_function_exists("__atomic_fetch_add" HAVE_C___ATOMIC)
+check_function_exists("getpid" HAVE_GETPID)
 
 include(CheckSymbolExists)
 check_symbol_exists(isascii "ctype.h" HAVE_ISASCII)

configure.ac

@@ -129,8 +129,8 @@ AC_CHECK_HEADER(assert.h, [AM_CPPFLAGS="$AM_CPPFLAGS -DWOLFSSL_HAVE_ASSERT_H"],[
 # check if functions of interest are linkable, but also check if
 # they're declared by the expected headers, and if not, supersede the
 # unusable positive from AC_CHECK_FUNCS().
-AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit isascii])
-AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii], [], [
+AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r gmtime_s inet_ntoa memset socket strftime atexit isascii getpid])
+AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, gmtime_s, inet_ntoa, memset, socket, strftime, atexit, isascii, getpid], [], [
 if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
 then
     AC_MSG_NOTICE([    note: earlier check for $(eval 'echo ${as_decl_name}') superseded.])

src/ssl.c

@@ -25500,6 +25500,13 @@ static int wolfSSL_RAND_InitMutex(void)
 
 #ifdef OPENSSL_EXTRA
 
+#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
+    defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+/* In older FIPS bundles add check for reseed here since it does not exist in
+ * the older random.c certified files. */
+static pid_t currentRandPid = 0;
+#endif
+
 /* Checks if the global RNG has been created. If not then one is created.
  *
  * Returns WOLFSSL_SUCCESS when no error is encountered.
@@ -25512,6 +25519,10 @@ int wolfSSL_RAND_Init(void)
         if (initGlobalRNG == 0) {
             ret = wc_InitRng(&globalRNG);
             if (ret == 0) {
+            #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
+                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+                currentRandPid = getpid();
+            #endif
                 initGlobalRNG = 1;
                 ret = WOLFSSL_SUCCESS;
             }
@@ -25946,8 +25957,8 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num)
     return ret;
 }
 
-/* returns WOLFSSL_SUCCESS if the bytes generated are valid otherwise
- * WOLFSSL_FAILURE */
+/* returns WOLFSSL_SUCCESS (1) if the bytes generated are valid otherwise 0
+ * on failure */
 int wolfSSL_RAND_bytes(unsigned char* buf, int num)
 {
     int     ret = 0;
@@ -25989,6 +26000,26 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
          * have the lock.
          */
         if (initGlobalRNG) {
+        #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) && \
+                defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
+            pid_t p;
+
+            p = getpid();
+            if (p != currentRandPid) {
+                wc_UnLockMutex(&globalRNGMutex);
+                if (wolfSSL_RAND_poll() != WOLFSSL_SUCCESS) {
+                    WOLFSSL_MSG("Issue with check pid and reseed");
+                    ret = WOLFSSL_FAILURE;
+                }
+
+                /* reclaim lock after wolfSSL_RAND_poll */
+                if (wc_LockMutex(&globalRNGMutex) != 0) {
+                    WOLFSSL_MSG("Bad Lock Mutex rng");
+                    return ret;
+                }
+                currentRandPid = p;
+            }
+        #endif
             rng = &globalRNG;
             used_global = 1;
         }
@@ -26065,6 +26096,11 @@ int wolfSSL_RAND_poll(void)
     }
     else {
 #ifdef HAVE_HASHDRBG
+        if (wc_LockMutex(&globalRNGMutex) != 0) {
+            WOLFSSL_MSG("Bad Lock Mutex rng");
+            return ret;
+        }
+
         ret = wc_RNG_DRBG_Reseed(&globalRNG, entropy, entropy_sz);
         if (ret != 0) {
             WOLFSSL_MSG("Error reseeding DRBG");
@@ -26073,6 +26109,7 @@ int wolfSSL_RAND_poll(void)
         else {
             ret = WOLFSSL_SUCCESS;
         }
+        wc_UnLockMutex(&globalRNGMutex);
 #else
         WOLFSSL_MSG("RAND_poll called with HAVE_HASHDRBG not set");
         ret = WOLFSSL_FAILURE;

tests/api.c

@@ -33158,6 +33158,12 @@ static int test_wolfSSL_RAND_bytes(void)
     const int size4 = RNG_MAX_BLOCK_LEN * 4;    /* in bytes */
     int  max_bufsize;
     byte *my_buf = NULL;
+#if defined(HAVE_GETPID)
+    byte seed[16] = {0};
+    byte randbuf[8] = {0};
+    int pipefds[2] = {0};
+    pid_t pid = 0;
+#endif
 
     /* sanity check */
     ExpectIntEQ(RAND_bytes(NULL, 16), 0);
@@ -33177,6 +33183,46 @@ static int test_wolfSSL_RAND_bytes(void)
     ExpectIntEQ(RAND_bytes(my_buf, size3), 1);
     ExpectIntEQ(RAND_bytes(my_buf, size4), 1);
 
+#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID)
+    XMEMSET(seed, 0, sizeof(seed));
+    RAND_cleanup();
+
+    /* No global methods set. */
+    ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1);
+
+    ExpectIntEQ(pipe(pipefds), 0);
+    pid = fork();
+    ExpectIntGE(pid, 0);
+    if (pid == 0) {
+        ssize_t n_written = 0;
+
+        /* Child process. */
+        close(pipefds[0]);
+        RAND_bytes(randbuf, sizeof(randbuf));
+        n_written = write(pipefds[1], randbuf, sizeof(randbuf));
+        close(pipefds[1]);
+        exit(n_written == sizeof(randbuf) ? 0 : 1);
+    }
+    else {
+        /* Parent process. */
+        word64 childrand64 = 0;
+        int waitstatus = 0;
+
+        close(pipefds[1]);
+        ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1);
+        ExpectIntEQ(read(pipefds[0], &childrand64, sizeof(childrand64)),
+            sizeof(childrand64));
+    #ifdef WOLFSSL_NO_GETPID
+        ExpectBufEQ(randbuf, &childrand64, sizeof(randbuf));
+    #else
+        ExpectBufNE(randbuf, &childrand64, sizeof(randbuf));
+    #endif
+        close(pipefds[0]);
+        waitpid(pid, &waitstatus, 0);
+    }
+    RAND_cleanup();
+#endif
+
     XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
     return EXPECT_RESULT();
@@ -33209,50 +33255,60 @@ static int test_wolfSSL_RAND(void)
 }
 
 
+#if defined(WC_RNG_SEED_CB) && defined(OPENSSL_EXTRA)
+static int wc_DummyGenerateSeed(OS_Seed* os, byte* output, word32 sz)
+{
+    word32 i;
+    for (i = 0; i < sz; i++ )
+        output[i] = (byte)i;
+
+    (void)os;
+
+    return 0;
+}
+#endif /* WC_RNG_SEED_CB */
+
+
 static int test_wolfSSL_RAND_poll(void)
 {
     EXPECT_DECLS;
 
-#if defined(OPENSSL_EXTRA) && defined(__linux__)
-    byte seed[16] = {0};
-    byte randbuf[8] = {0};
-    int pipefds[2] = {0};
-    pid_t pid = 0;
+#if defined(OPENSSL_EXTRA)
+     byte seed[16];
+    byte rand1[16];
+#ifdef WC_RNG_SEED_CB
+    byte rand2[16];
+#endif
 
     XMEMSET(seed, 0, sizeof(seed));
+    ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1);
+    ExpectIntEQ(RAND_poll(), 1);
+    ExpectIntEQ(RAND_bytes(rand1, 16), 1);
+    RAND_cleanup();
+
+#ifdef WC_RNG_SEED_CB
+    /* Test with custom seed and poll */
+    wc_SetSeed_Cb(wc_DummyGenerateSeed);
 
-    /* No global methods set. */
     ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1);
+    ExpectIntEQ(RAND_bytes(rand1, 16), 1);
+    RAND_cleanup();
 
-    ExpectIntEQ(pipe(pipefds), 0);
-    pid = fork();
-    ExpectIntGE(pid, 0);
-    if (pid == 0)
-    {
-        ssize_t n_written = 0;
+    /* test that the same value is generated twice with dummy seed function */
+    ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1);
+    ExpectIntEQ(RAND_bytes(rand2, 16), 1);
+    ExpectIntEQ(XMEMCMP(rand1, rand2, 16), 0);
+    RAND_cleanup();
 
-        /* Child process. */
-        close(pipefds[0]);
-        RAND_poll();
-        RAND_bytes(randbuf, sizeof(randbuf));
-        n_written = write(pipefds[1], randbuf, sizeof(randbuf));
-        close(pipefds[1]);
-        exit(n_written == sizeof(randbuf) ? 0 : 1);
-    }
-    else
-    {
-        /* Parent process. */
-        word64 childrand64 = 0;
-        int waitstatus = 0;
+    /* test that doing a poll is reseeding RNG */
+    ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1);
+    ExpectIntEQ(RAND_poll(), 1);
+    ExpectIntEQ(RAND_bytes(rand2, 16), 1);
+    ExpectIntNE(XMEMCMP(rand1, rand2, 16), 0);
 
-        close(pipefds[1]);
-        ExpectIntEQ(RAND_poll(), 1);
-        ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1);
-        ExpectIntEQ(read(pipefds[0], &childrand64, sizeof(childrand64)), sizeof(childrand64));
-        ExpectBufNE(randbuf, &childrand64, sizeof(randbuf));
-        close(pipefds[0]);
-        waitpid(pid, &waitstatus, 0);
-    }
+    /* reset the seed function used */
+    wc_SetSeed_Cb(wc_GenerateSeed);
+#endif
     RAND_cleanup();
 
     ExpectIntEQ(RAND_egd(NULL), -1);