8.9.6 updates merged

Manual by merging diffs from 8.9.6 tag (branch RC_8.9.6)

Signed-off-by: smcmahonibm <[email protected]>

Author: smcmahonibm

icc/TRNG/ICC_NRBG.c

@@ -68,23 +68,29 @@ typedef struct NRBG_type_t {
   int initialized;  /*!< Flag to say it was used */
 } NRBG_type;
 
+
+/*  In non-FIPS, all platforms default to TRNG_OS and upgrade to TRNG_HW at runtime if available.
+    This is done to prioritise compatibility on the unpredictable range and age of the virtualisatised systems we might run on,
+    while still upgrading and using TRNG_HW in most cases.
+*/
+
 #if (NON_FIPS_ICC == 1) /* Built as non-FIPS */
 
-/* These definitions match the availability of OPENSSL_HW_rand */
+/* These definitions try mirror the availability of OPENSSL_HW_rand to avoid a mismatch (not relevant when we use TRNG_OS) */
 /* X86 Linux and Windows, Solaris x86 */
 #if     (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
          defined(__INTEL__) ||                                          \
          defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) ) && ( !(defined(__SunOS) && !defined(__amd64)) \
          )
-
-  static TRNG_TYPE global_trng_type = TRNG_HW;
+  static int global_trng_type_attempted_upgrade = 0;
+  static TRNG_TYPE global_trng_type = TRNG_OS;
 
 #elif defined(__s390__) || defined(__MVS__)
+  static int global_trng_type_attempted_upgrade = 0;
+  static TRNG_TYPE global_trng_type = TRNG_OS;
 
-  static TRNG_TYPE global_trng_type = TRNG_HW;
-
-/* We will do a runtime check for cpu support for darn, present since ISA3.0, and update to TRNG_HW if so */
 #elif defined(__ppc__) || defined(__powerpc__) || defined(_AIX)
+  /* We will do a runtime check for cpu support for darn, present since ISA3.0, and update to TRNG_HW if so */
   static int global_trng_type_attempted_upgrade = 0;
   static TRNG_TYPE global_trng_type = TRNG_OS;
 
@@ -97,7 +103,7 @@ typedef struct NRBG_type_t {
   static TRNG_TYPE global_trng_type = TRNG_FIPS;
 #endif
 
-/* If a user sets TRNG_OS on power, we don't want to upgrade even if HW is available */
+/* If a user explicitly sets a TRNG, we don't want to upgrade even if HW is available */
 int global_trng_type_user_set = 0;
 
 static void TRNG_LocalCleanup(TRNG *T);
@@ -247,6 +253,7 @@ void checkTRNGAlias(char **trngname) {
            *trngname = "TRNG_OS";
         }
       }
+      MARK("TRNG aliased to", *trngname);
     }
   }
 }
@@ -258,6 +265,12 @@ void checkTRNGAlias(char **trngname) {
 extern unsigned icc_failure; /*!< Trigger for induced failure tests */
 int SetTRNGName(char *trngname)
 {
+  if (NULL != trngname) {
+    MARK("Request to set TRNG to", trngname);
+  }
+  else {
+    MARK("Request to set NULL TRNG", "");
+  }
   int rv = 0;
   int i = 0;
   checkTRNGAlias(&trngname);
@@ -288,8 +301,11 @@ TRNG_TYPE SetDefaultTrng(TRNG_TYPE trng) {
   case TRNG_HW:
   case TRNG_FIPS:
     if(TRNG_ARRAY[trng].avail()) {
+      MARK("TRNG set to", TRNG_ARRAY[trng].name);
       global_trng_type = trng;
       global_trng_type_user_set = 1;
+    } else {
+      MARK("TRNG attempted to be set to", TRNG_ARRAY[trng].name);
     }
     break;
   default:
@@ -397,12 +413,39 @@ static void TRNG_ESourceCleanup(E_SOURCE *es)
 
 TRNG_TYPE GetDefaultTrng()
 {
-#if defined(__ppc__) || defined(__powerpc__) || defined(_AIX)
-  if(!global_trng_type_attempted_upgrade && 0 == global_trng_type_user_set && 0 == strcasecmp("TRNG_OS", *trngname) && ALT4_Avail()) {
+#if (NON_FIPS_ICC == 1)
+
+#if     (\
+          (( defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+            defined(__INTEL__) || \
+            defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)) && (!(defined(__SunOS) && !defined(__amd64)))) \
+          || \
+          ( defined(__s390__) || defined(__MVS__)) \
+          || \
+          ( defined(__ppc__) || defined(__powerpc__) || defined(_AIX)) \
+        )
+  if(!global_trng_type_attempted_upgrade) {
+    MARK("Testing the availability of TRNG_HW", "");
+
+    if(0 == global_trng_type_user_set) {
+      if (TRNG_FIPS != global_trng_type) {
+        if (ALT4_Avail()) {
+          MARK("Found, switching to TRNG_HW", "");
     global_trng_type = TRNG_HW;
+        } else {
+          MARK("TRNG_HW not available, remaining with", TRNG_ARRAY[global_trng_type].name);  
+        }
+      } else {
+        MARK("TRNG_FIPS set, remaining with", TRNG_ARRAY[global_trng_type].name);
+      }
+    } else {
+      MARK("User TRNG set, remaining with", TRNG_ARRAY[global_trng_type].name);
   }
   global_trng_type_attempted_upgrade = 1;
-#endif
+  }
+
+#endif /*x86_64, z/architecture, power */
+#endif /*non-FIPS*/
   return global_trng_type;
 }
 /*!

icc/TRNG/TRNG_ALT.c

@@ -40,7 +40,9 @@
 
 
 static int fd_alt = -1;
-
+#if defined(_WIN32)
+static BCRYPT_ALG_HANDLE hProvider = NULL;
+#endif
 /*! Pre-init function for TRNG_ALT
 
 */
@@ -89,10 +91,12 @@ static int alt_read(unsigned char *buffer,int n)
     break;
   case -3:
 #if defined(_WIN32)
+  {
     NTSTATUS status = 0;
-    status = BCryptGenRandom(BCRYPT_RNG_ALG_HANDLE, (PUCHAR)buffer, n, 0);
-    if(status != STATUS_SUCCESS) {
-      rv = TRNG_REQ_SIZE; /* One of the parameters was likely not correct */
+    status = BCryptGenRandom(hProvider, (PUCHAR)buffer, n, 0);
+    if(!BCRYPT_SUCCESS(status)) {
+      rv = TRNG_REQ_SIZE; /* One of the parameters was likely not correct, or bad provider */
+    }
     }
 #endif
     break;
@@ -124,18 +128,17 @@ TRNG_ERRORS ALT_Init(E_SOURCE *E, unsigned char *pers, int perl)
   /* Else probe for something else */
   if(-1 == fd_alt) {
 #if defined(_WIN32)
+  {
     #define SIZE 8
     /* ON Windows ..... */
     /* If no HW RNG, OS RNG source */
     NTSTATUS status = 0;
-    int tmpSize = SIZE; /* 64 bits, small test of availability */
-    unsigned char tmp[SIZE];
-    status = BCryptGenRandom(BCRYPT_RNG_ALG_HANDLE, (PUCHAR)&tmp, tmpSize, 0); /* Using a pseudo-handle */
-
-    if(status == STATUS_SUCCESS) {
+    status = BCryptOpenAlgorithmProvider(&hProvider, BCRYPT_RNG_ALGORITHM, NULL, 0);
+    if(BCRYPT_SUCCESS(status)) {
       fd_alt = -3;
     } else {
-      rv = TRNG_INIT;
+      rv = TRNG_INIT; /*error*/
+    }
     }
 #else
     /* On Unix .... */
@@ -209,11 +212,15 @@ TRNG_ERRORS ALT_Cleanup(E_SOURCE *E)
 
 void ALT_Final()
 {
-#if !defined(_WIN32)
+#if defined(_WIN32)
+ if((-3 == fd_alt) && (0 != hProvider)) {
+   BCryptCloseAlgorithmProvider(hProvider, 0);
+   hProvider = 0;
+ }
+#else 
   if(fd_alt >= 0) {
     close(fd_alt);
     fd_alt = -1;
   }
 #endif
-
 }

icc/TRNG/entropy_to_NRBG.c

@@ -68,16 +68,13 @@ int conditioner(TRNG *T, unsigned char* outbuf, unsigned len)
       if( 0 != trng_raw(&(T->econd),tbuf,SHA_DIGEST_SIZE) ) {
         rv = SetRNGError("Insufficient entropy",__FILE__,__LINE__);
         if(TRNG_OK != rv) {
-          break;
+          HMAC_CTX_cleanup(T->cond.hctx);
+          return rv;
         }          
       }
       HMAC_Update(T->cond.hctx,tbuf,sizeof(tbuf));
     }
-    if(TRNG_RESTART == rv) {
-      TRNG_TRNG_Init(T,-1);
-      rv = TRNG_OK;
-      continue;
-    }
+
     HMAC_Final(T->cond.hctx,tbuf,&mlen);
 
     for(i = 0; (i < mlen) && (n < len); ) {
@@ -120,7 +117,10 @@ TRNG_ERRORS Entropy_to_TRNG(TRNG *T, unsigned char *data, unsigned int len)
     {
       for (l = 0; l < len; l += SHA_DIGEST_SIZE)
       {
-        conditioner(T, buffer, SHA_DIGEST_SIZE);
+        rv = conditioner(T, buffer, SHA_DIGEST_SIZE);
+        if (TRNG_OK != rv) {
+          return rv;
+        }
         e = pmax4(buffer,SHA_DIGEST_SIZE);
         if(e < 50) {
           break;
@@ -137,9 +137,8 @@ TRNG_ERRORS Entropy_to_TRNG(TRNG *T, unsigned char *data, unsigned int len)
     if (j >= TRNG_RETRIES)
     {
       rv = SetRNGError("Unable to obtain sufficient entropy", __FILE__, __LINE__);
-      if(TRNG_OK == rv) {
-        j = 0;
-        continue;
+      if(TRNG_OK != rv) {
+        return rv;
       }
     }
     /* Final sanity check, we got out, is our overall entropy good with a compression function 
@@ -149,7 +148,9 @@ TRNG_ERRORS Entropy_to_TRNG(TRNG *T, unsigned char *data, unsigned int len)
     if (!EntropyOK(T))
     {
       rv = SetRNGError("Long term entropy is below acceptable limits", __FILE__, __LINE__);
-      if(TRNG_OK == rv) continue;
+      if (TRNG_OK != rv) {
+        return rv;
+      }
     }
     /*!
     \FIPS
@@ -171,10 +172,10 @@ TRNG_ERRORS Entropy_to_TRNG(TRNG *T, unsigned char *data, unsigned int len)
       m++;
       if(m > 5) {
         rv = SetRNGError("Repeated duplicate seeds from TRNG", __FILE__, __LINE__);
-        if(TRNG_OK == rv) {
-          continue;
+        if (TRNG_OK != rv) {
+          EVP_MD_CTX_reset(T->md_ctx);
+          return rv;
         }
-        break;
       }
       continue;
     }

icc/TRNG/noise_to_entropy.c

@@ -90,6 +90,9 @@ int trng_raw(E_SOURCE *E,
     /* 201 is a transient failure, 202 persistent */
     if((icc_failure == 201) || (icc_failure == 202)) {
       failcount = MAX_HT_FAIL +1;
+      /* Pretend to clear the buffer so we goto error */
+      k = 0;
+      E->cnt = 0;
     }
     if(0 == k) {
       E->impl.gb(E,&(E->nbuf[0]), E_ESTB_BUFLEN);

icc/TRNG/timer_entropy.c

@@ -131,9 +131,9 @@ ICC_UINT64 RdCTR_raw() {
 #elif defined(__sun__) && defined(__i386__) && defined(__GNUC__)
 
 ICC_UINT64 RdCTR_raw() {
-    ICC_UINT64 lo;
+    ICC_UINT32 lo;
     __asm__ __volatile__("rdtsc\n" : "=a" (lo) : : "edx");
-    return lo;
+    return (ICC_UINT64)lo;
 }
 
 /* End  Solaris x86 */

icc/fips-prng/SP800-90.c

@@ -332,7 +332,7 @@ TRNG_ERRORS PRNG_GenerateRandomSeed(PRNG_CTX *P, unsigned int n,
         icc_failure = 0; /* Simulate a transient failure of a TRNG */
       }
       /* Try again, we should have changed the TRNG now */
-      rv = TRNG_GenerateRandomSeed(prng->trng, n, buf);
+      /* rv = TRNG_GenerateRandomSeed(prng->trng, n, buf); */
       if((TRNG_OK != rv)  || (406 == icc_failure) ) {
          prng->state = SP800_90CRIT;
          prng->error_reason = ERRAT("TRNG failure, low entropy");
@@ -1326,6 +1326,8 @@ SP800_90STATE RNG_ReSeed(PRNG_CTX *ctx, unsigned char *adata,
 
         /*
           check that the global TRNG type hasn't changed
+          - And that we aren't the synthetic PRNG under TRNG_ALT2
+            which uses an assumed low entropy source (TRNG_MINIMAL) and an SP800_90 PRNG as a compressor
         */
         type = TRNG_type(ictx->trng);
         if (type != GetDefaultTrng())

icc/iccdef.h

@@ -6,14 +6,16 @@
 // in the file LICENSE in the source distribution.
 *************************************************************************/
 
-#if defined(WIN64)
+#if defined(_WIN32)
 #include "BaseTsd.h"
+#elif defined(__sun)
+#include <inttypes.h>
 #else
 #include <stdint.h>
 #endif
 
 
-#if defined(_WIN64)
+#if defined(_WIN32)
 #define ICC_INT32   INT32
 #define ICC_UINT32  UINT32
 #else
@@ -24,7 +26,7 @@
 /*  Can't trust long, which is 4 bytes on windows, 8 on linux
     stdint.h should be available everywhere. */
 
-#if defined(WIN64)
+#if defined(_WIN32)
 #define ICC_INT64   INT64
 #define ICC_UINT64  UINT64
 #else