FIPS: Mix in OpenSSL RAND_bytes() into random_get_bytes()

Make sure that the OpenSSL DRBG gets used when generating
random numbers in FIPS mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-08-16 21:49:41 +03:00
parent 105f5881d5
commit 982bafedaf
5 changed files with 53 additions and 0 deletions

View file

@ -461,4 +461,15 @@ int __must_check crypto_mod_exp(const u8 *base, size_t base_len,
int rc4_skip(const u8 *key, size_t keylen, size_t skip, int rc4_skip(const u8 *key, size_t keylen, size_t skip,
u8 *data, size_t data_len); u8 *data, size_t data_len);
/**
* crypto_get_random - Generate cryptographically strong pseudy-random bytes
* @buf: Buffer for data
* @len: Number of bytes to generate
* Returns: 0 on success, -1 on failure
*
* If the PRNG does not have enough entropy to ensure unpredictable byte
* sequence, this functions must return -1.
*/
int crypto_get_random(void *buf, size_t len);
#endif /* CRYPTO_H */ #endif /* CRYPTO_H */

View file

@ -15,6 +15,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/dh.h> #include <openssl/dh.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
#include <openssl/rand.h>
#include "common.h" #include "common.h"
#include "wpabuf.h" #include "wpabuf.h"
@ -738,3 +739,11 @@ int hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len,
{ {
return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); return hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac);
} }
int crypto_get_random(void *buf, size_t len)
{
if (RAND_bytes(buf, len) != 1)
return -1;
return 0;
}

View file

@ -29,6 +29,7 @@
#include "utils/common.h" #include "utils/common.h"
#include "utils/eloop.h" #include "utils/eloop.h"
#include "crypto/crypto.h"
#include "sha1.h" #include "sha1.h"
#include "random.h" #include "random.h"
@ -177,6 +178,27 @@ int random_get_bytes(void *buf, size_t len)
*bytes++ ^= tmp[i]; *bytes++ ^= tmp[i];
left -= siz; left -= siz;
} }
#ifdef CONFIG_FIPS
/* Mix in additional entropy from the crypto module */
left = len;
while (left) {
size_t siz, i;
u8 tmp[EXTRACT_LEN];
if (crypto_get_random(tmp, sizeof(tmp)) < 0) {
wpa_printf(MSG_ERROR, "random: No entropy available "
"for generating strong random bytes");
return -1;
}
wpa_hexdump_key(MSG_EXCESSIVE, "random from crypto module",
tmp, sizeof(tmp));
siz = left > EXTRACT_LEN ? EXTRACT_LEN : left;
for (i = 0; i < siz; i++)
*bytes++ ^= tmp[i];
left -= siz;
}
#endif /* CONFIG_FIPS */
wpa_hexdump_key(MSG_EXCESSIVE, "mixed random", buf, len); wpa_hexdump_key(MSG_EXCESSIVE, "mixed random", buf, len);
if (entropy < len) if (entropy < len)

View file

@ -68,6 +68,10 @@ ifdef CONFIG_DRIVER_NL80211
INCLUDES += external/libnl-headers INCLUDES += external/libnl-headers
endif endif
ifdef CONFIG_FIPS
CONFIG_NO_RANDOM_POOL=
endif
OBJS = config.c OBJS = config.c
OBJS += notify.c OBJS += notify.c
OBJS += bss.c OBJS += bss.c

View file

@ -55,6 +55,10 @@ $(DESTDIR)$(BINDIR)/%: %
install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL)) install: $(addprefix $(DESTDIR)$(BINDIR)/,$(BINALL))
$(MAKE) -C ../src install $(MAKE) -C ../src install
ifdef CONFIG_FIPS
CONFIG_NO_RANDOM_POOL=
endif
OBJS = config.o OBJS = config.o
OBJS += notify.o OBJS += notify.o
OBJS += bss.o OBJS += bss.o
@ -1325,6 +1329,9 @@ endif
ifdef CONFIG_FIPS ifdef CONFIG_FIPS
CFLAGS += -DCONFIG_FIPS CFLAGS += -DCONFIG_FIPS
ifneq ($(CONFIG_TLS), openssl)
$(error CONFIG_FIPS=y requires CONFIG_TLS=openssl)
endif
endif endif
OBJS += $(SHA1OBJS) $(DESOBJS) OBJS += $(SHA1OBJS) $(DESOBJS)