Rewire FIPS_drbg API to use the RAND_DRBG

2020-06-22 13:43:12 +02:00 · 2020-06-22 13:43:12 +02:00 · f023424321
commit f023424321
parent ef93cf994d
3 changed files with 285 additions and 56 deletions
--- a/openssl-1.1.1-fips-dh.patch
+++ b/openssl-1.1.1-fips-dh.patch
@ -1,6 +1,6 @@
 diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn_const.c
 --- openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-05-25 18:41:00.478262334 +0200
+++ openssl-1.1.1g/crypto/bn/bn_const.c	2020-06-05 17:31:28.044776018 +0200
@@ -1,13 +1,17 @@
 /*
 - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -479,7 +479,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_const.c.fips-dh openssl-1.1.1g/crypto/bn/bn
 }
 diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh.c
 --- openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-05-25 18:41:00.480262350 +0200
+++ openssl-1.1.1g/crypto/bn/bn_dh.c	2020-06-05 17:31:28.044776018 +0200
@@ -1,7 +1,7 @@
 /*
 - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
@ -1958,7 +1958,7 @@ diff -up openssl-1.1.1g/crypto/bn/bn_dh.c.fips-dh openssl-1.1.1g/crypto/bn/bn_dh
 +#endif /* OPENSSL_NO_DH */
 diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh_check.c
 --- openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-05-25 18:41:00.481262359 +0200
+++ openssl-1.1.1g/crypto/dh/dh_check.c	2020-06-05 17:31:28.045776027 +0200
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
@ -1999,8 +1999,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_check.c.fips-dh openssl-1.1.1g/crypto/dh/dh
     if (ctx == NULL)
         goto err;
 diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_gen.c
--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-05-25 18:41:00.255260458 +0200
+--- openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh	2020-06-05 17:31:27.977775462 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-05-25 18:41:00.481262359 +0200
+++ openssl-1.1.1g/crypto/dh/dh_gen.c	2020-06-05 17:31:28.045776027 +0200
@@ -27,8 +27,7 @@ int DH_generate_parameters_ex(DH *ret, i
                               BN_GENCB *cb)
 {
@ -2031,8 +2031,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_gen.c.fips-dh openssl-1.1.1g/crypto/dh/dh_g
     if (ctx == NULL)
         goto err;
 diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_key.c
--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-05-25 18:41:00.255260458 +0200
+--- openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh	2020-06-05 17:31:27.977775462 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-05-25 18:41:00.482262367 +0200
+++ openssl-1.1.1g/crypto/dh/dh_key.c	2020-06-05 17:31:28.045776027 +0200
@@ -100,10 +100,18 @@ static int generate_key(DH *dh)
     BIGNUM *pub_key = NULL, *priv_key = NULL;
@ -2075,8 +2075,16 @@ diff -up openssl-1.1.1g/crypto/dh/dh_key.c.fips-dh openssl-1.1.1g/crypto/dh/dh_k
                     goto err;
 diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_lib.c
 --- openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-05-25 18:41:00.482262367 +0200
+++ openssl-1.1.1g/crypto/dh/dh_lib.c	2020-06-18 14:13:33.546892717 +0200
-@@ -86,6 +86,8 @@ DH *DH_new_method(ENGINE *engine)
+@@ -8,6 +8,7 @@
  */
 #include <stdio.h>
 +#include <openssl/objects.h>
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
 #include <openssl/bn.h>
@@ -86,6 +87,8 @@ DH *DH_new_method(ENGINE *engine)
         goto err;
     }
@ -2085,7 +2093,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
     return ret;
  err:
-@@ -205,7 +207,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
+@@ -205,7 +208,9 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNU
         dh->g = g;
     }
@ -2097,8 +2105,8 @@ diff -up openssl-1.1.1g/crypto/dh/dh_lib.c.fips-dh openssl-1.1.1g/crypto/dh/dh_l
     }
 diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh_local.h
--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-05-25 18:40:59.396253234 +0200
+--- openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh	2020-06-05 17:31:27.763773685 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-05-25 18:41:00.482262367 +0200
+++ openssl-1.1.1g/crypto/dh/dh_local.h	2020-06-05 17:31:28.045776027 +0200
@@ -35,6 +35,7 @@ struct dh_st {
     const DH_METHOD *meth;
     ENGINE *engine;
@ -2115,7 +2123,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_local.h.fips-dh openssl-1.1.1g/crypto/dh/dh
 +void dh_cache_nid(DH *dh);
 diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/dh_rfc7919.c
 --- openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-05-27 10:05:05.828687005 +0200
+++ openssl-1.1.1g/crypto/dh/dh_rfc7919.c	2020-06-05 17:31:28.045776027 +0200
@@ -7,6 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
@ -2281,7 +2289,7 @@ diff -up openssl-1.1.1g/crypto/dh/dh_rfc7919.c.fips-dh openssl-1.1.1g/crypto/dh/
 +}
 diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_lib.c
 --- openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/crypto/evp/p_lib.c	2020-05-26 14:51:33.604162226 +0200
+++ openssl-1.1.1g/crypto/evp/p_lib.c	2020-06-05 17:31:28.045776027 +0200
@@ -540,7 +540,8 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *p
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@ -2293,8 +2301,8 @@ diff -up openssl-1.1.1g/crypto/evp/p_lib.c.fips-dh openssl-1.1.1g/crypto/evp/p_l
     if (ret)
 diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/objects/obj_dat.h
--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-05-25 18:41:00.452262115 +0200
+--- openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh	2020-06-05 17:31:28.036775952 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-05-25 18:41:00.485262392 +0200
+++ openssl-1.1.1g/crypto/objects/obj_dat.h	2020-06-05 17:31:28.046776035 +0200
@@ -1078,7 +1078,7 @@ static const unsigned char so[7762] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
 };
@ -2357,8 +2365,8 @@ diff -up openssl-1.1.1g/crypto/objects/obj_dat.h.fips-dh openssl-1.1.1g/crypto/o
      173,    /* "name" */
      681,    /* "onBasis" */
 diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto/objects/objects.txt
--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-05-25 18:41:00.453262123 +0200
+--- openssl-1.1.1g/crypto/objects/objects.txt.fips-dh	2020-06-05 17:31:28.037775960 +0200
-+++ openssl-1.1.1g/crypto/objects/objects.txt	2020-05-25 18:41:00.486262401 +0200
+++ openssl-1.1.1g/crypto/objects/objects.txt	2020-06-05 17:31:28.046776035 +0200
@@ -1657,6 +1657,13 @@ id-pkinit 5                     : pkInit
                             : ffdhe4096
                             : ffdhe6144
@ -2374,8 +2382,8 @@ diff -up openssl-1.1.1g/crypto/objects/objects.txt.fips-dh openssl-1.1.1g/crypto
 # OIDs for DSTU-4145/DSTU-7564 (http://zakon2.rada.gov.ua/laws/show/z0423-17)
 diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto/objects/obj_mac.num
--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-05-25 18:41:00.453262123 +0200
+--- openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh	2020-06-05 17:31:28.037775960 +0200
-+++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-05-25 18:41:00.486262401 +0200
+++ openssl-1.1.1g/crypto/objects/obj_mac.num	2020-06-05 17:31:28.046776035 +0200
@@ -1196,3 +1196,9 @@ sshkdf		1195
 kbkdf		1196
 krb5kdf		1197
@ -2388,7 +2396,7 @@ diff -up openssl-1.1.1g/crypto/objects/obj_mac.num.fips-dh openssl-1.1.1g/crypto
 +modp_8192		1204
 diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/man3/DH_new_by_nid.pod
 --- openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-05-25 18:41:00.487262409 +0200
+++ openssl-1.1.1g/doc/man3/DH_new_by_nid.pod	2020-06-05 17:31:28.046776035 +0200
@@ -8,13 +8,15 @@ DH_new_by_nid, DH_get_nid - get or find
  #include <openssl/dh.h>
@ -2409,7 +2417,7 @@ diff -up openssl-1.1.1g/doc/man3/DH_new_by_nid.pod.fips-dh openssl-1.1.1g/doc/ma
 any named set. It returns the NID corresponding to the matching parameters or
 diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod
 --- openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-05-25 18:41:00.487262409 +0200
+++ openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod	2020-06-05 17:31:28.046776035 +0200
@@ -294,10 +294,11 @@ The EVP_PKEY_CTX_set_dh_pad() macro sets
 If B<pad> is zero (the default) then no padding is performed.
@ -2428,7 +2436,7 @@ diff -up openssl-1.1.1g/doc/man3/EVP_PKEY_CTX_ctrl.pod.fips-dh openssl-1.1.1g/do
 The EVP_PKEY_CTX_set_dh_rfc5114() and EVP_PKEY_CTX_set_dhx_rfc5114() macros are
 diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/crypto/bn_dh.h
 --- openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh	2020-04-21 14:22:39.000000000 +0200
-+++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-05-25 18:41:00.488262418 +0200
+++ openssl-1.1.1g/include/crypto/bn_dh.h	2020-06-05 17:31:28.047776043 +0200
@@ -1,7 +1,7 @@
 /*
 - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
@ -2478,8 +2486,8 @@ diff -up openssl-1.1.1g/include/crypto/bn_dh.h.fips-dh openssl-1.1.1g/include/cr
 +extern const BIGNUM _bignum_modp_6144_q;
 +extern const BIGNUM _bignum_modp_8192_q;
 diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include/openssl/obj_mac.h
--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-05-25 18:41:00.458262165 +0200
+--- openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh	2020-06-05 17:31:28.038775968 +0200
-+++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-05-25 18:41:00.489262426 +0200
+++ openssl-1.1.1g/include/openssl/obj_mac.h	2020-06-05 17:31:28.047776043 +0200
@@ -5115,6 +5115,24 @@
 #define SN_ffdhe8192            "ffdhe8192"
 #define NID_ffdhe8192           1130
@ -2506,8 +2514,8 @@ diff -up openssl-1.1.1g/include/openssl/obj_mac.h.fips-dh openssl-1.1.1g/include
 #define NID_ISO_UA              1150
 #define OBJ_ISO_UA              OBJ_member_body,804L
 diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-05-25 18:41:00.318260988 +0200
+--- openssl-1.1.1g/ssl/s3_lib.c.fips-dh	2020-06-05 17:31:27.996775620 +0200
-+++ openssl-1.1.1g/ssl/s3_lib.c	2020-05-26 08:52:28.102535244 +0200
+++ openssl-1.1.1g/ssl/s3_lib.c	2020-06-05 17:31:28.047776043 +0200
@@ -4858,13 +4858,51 @@ int ssl_derive(SSL *s, EVP_PKEY *privkey
 EVP_PKEY *ssl_dh_to_pkey(DH *dh)
 {
@ -2561,44 +2569,90 @@ diff -up openssl-1.1.1g/ssl/s3_lib.c.fips-dh openssl-1.1.1g/ssl/s3_lib.c
 }
 #endif
 diff -up openssl-1.1.1g/ssl/t1_lib.c.fips-dh openssl-1.1.1g/ssl/t1_lib.c
--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh	2020-05-25 18:41:00.470262266 +0200
+--- openssl-1.1.1g/ssl/t1_lib.c.fips-dh	2020-06-05 17:31:28.042776002 +0200
-+++ openssl-1.1.1g/ssl/t1_lib.c	2020-05-26 08:48:55.619713737 +0200
+++ openssl-1.1.1g/ssl/t1_lib.c	2020-06-18 14:18:13.518339214 +0200
-@@ -2482,7 +2482,7 @@ int SSL_check_chain(SSL *s, X509 *x, EVP
+@@ -2511,46 +2511,48 @@ int SSL_check_chain(SSL *s, X509 *x, EVP
 #ifndef OPENSSL_NO_DH
 DH *ssl_get_auto_dh(SSL *s)
 {
 +    DH *dhp = NULL;
 +    BIGNUM *p = NULL, *g = NULL;
     int dh_secbits = 80;
 -    if (s->cert->dh_tmp_auto == 2)
-+    if (!FIPS_mode() && s->cert->dh_tmp_auto == 2)
+-        return DH_get_1024_160();
-         return DH_get_1024_160();
+-    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
-     if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+-        if (s->s3->tmp.new_cipher->strength_bits == 256)
-         if (s->s3->tmp.new_cipher->strength_bits == 256)
+-            dh_secbits = 128;
-@@ -2495,7 +2495,7 @@ DH *ssl_get_auto_dh(SSL *s)
+-        else
-         dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
+-            dh_secbits = 80;
 -    } else {
 -        if (s->s3->tmp.cert == NULL)
 -            return NULL;
 -        dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
 +    if (s->cert->dh_tmp_auto != 2) {
 +        if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
 +            if (s->s3->tmp.new_cipher->strength_bits == 256)
 +                dh_secbits = 128;
 +            else
 +                dh_secbits = 80;
 +        } else {
 +            if (s->s3->tmp.cert == NULL)
 +                return NULL;
 +            dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
 +        }
     }
 -    if (dh_secbits >= 128) {
-+    if (dh_secbits >= 112 || FIPS_mode()) {
+-        DH *dhp = DH_new();
-         DH *dhp = DH_new();
+-        BIGNUM *p, *g;
-         BIGNUM *p, *g;
+-        if (dhp == NULL)
-         if (dhp == NULL)
+-            return NULL;
-@@ -2508,8 +2508,10 @@ DH *ssl_get_auto_dh(SSL *s)
+-        g = BN_new();
-         }
+-        if (g == NULL || !BN_set_word(g, 2)) {
-         if (dh_secbits >= 192)
+-            DH_free(dhp);
-             p = BN_get_rfc3526_prime_8192(NULL);
+-            BN_free(g);
 -            return NULL;
 -        }
 -        if (dh_secbits >= 192)
 -            p = BN_get_rfc3526_prime_8192(NULL);
 -        else
-+        else if (dh_secbits >= 128)
+-            p = BN_get_rfc3526_prime_3072(NULL);
-             p = BN_get_rfc3526_prime_3072(NULL);
+-        if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
-+        else
+-            DH_free(dhp);
-+            p = BN_get_rfc3526_prime_2048(NULL);
+-            BN_free(p);
-         if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+-            BN_free(g);
-             DH_free(dhp);
+-            return NULL;
-             BN_free(p);
+-        }
-@@ -2518,8 +2520,6 @@ DH *ssl_get_auto_dh(SSL *s)
+-        return dhp;
-         }
+    dhp = DH_new();
-         return dhp;
+    if (dhp == NULL)
 +        return NULL;
 +    g = BN_new();
 +    if (g == NULL || !BN_set_word(g, 2)) {
 +        DH_free(dhp);
 +        BN_free(g);
 +        return NULL;
 +    }
 +    if (dh_secbits >= 192)
 +        p = BN_get_rfc3526_prime_8192(NULL);
 +    else if (dh_secbits >= 152)
 +        p = BN_get_rfc3526_prime_4096(NULL);
 +    else if (dh_secbits >= 128)
 +        p = BN_get_rfc3526_prime_3072(NULL);
 +    else if (dh_secbits >= 112 || FIPS_mode())
 +        p = BN_get_rfc3526_prime_2048(NULL);
 +    else
 +        p = BN_get_rfc2409_prime_1024(NULL);
 +    if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
 +        DH_free(dhp);
 +        BN_free(p);
 +        BN_free(g);
 +        return NULL;
     }
 -    if (dh_secbits >= 112)
 -        return DH_get_2048_224();
-     return DH_get_1024_160();
+-    return DH_get_1024_160();
 +    return dhp;
 }
 #endif
--- a/openssl-1.1.1-rewire-fips-drbg.patch
+++ b/openssl-1.1.1-rewire-fips-drbg.patch
@ -0,0 +1,170 @@
 diff -up openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_lib.c
 --- openssl-1.1.1g/crypto/fips/fips_drbg_lib.c.rewire-fips-drbg	2020-06-22 13:32:47.611852927 +0200
 +++ openssl-1.1.1g/crypto/fips/fips_drbg_lib.c	2020-06-22 13:32:47.675852917 +0200
@@ -337,6 +337,19 @@ static int drbg_reseed(DRBG_CTX *dctx,
 int FIPS_drbg_reseed(DRBG_CTX *dctx,
                      const unsigned char *adin, size_t adinlen)
 {
 +    int len = (int)adinlen;
 +
 +    if (len < 0 || (size_t)len != adinlen) {
 +        FIPSerr(FIPS_F_DRBG_RESEED, FIPS_R_ADDITIONAL_INPUT_TOO_LONG);
 +        return 0;
 +    }
 +    RAND_seed(adin, len);
 +    return 1;
 +}
 +
 +int FIPS_drbg_reseed_internal(DRBG_CTX *dctx,
 +                     const unsigned char *adin, size_t adinlen)
 +{
     return drbg_reseed(dctx, adin, adinlen, 1);
 }
@@ -358,6 +371,19 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, u
                        int prediction_resistance,
                        const unsigned char *adin, size_t adinlen)
 {
 +    int len = (int)outlen;
 +
 +    if (len < 0 || (size_t)len != outlen) {
 +        FIPSerr(FIPS_F_FIPS_DRBG_GENERATE, FIPS_R_REQUEST_TOO_LARGE_FOR_DRBG);
 +        return 0;
 +    }
 +    return RAND_bytes(out, len);
 +}
 +
 +int FIPS_drbg_generate_internal(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
 +                       int prediction_resistance,
 +                       const unsigned char *adin, size_t adinlen)
 +{
     int r = 0;
     if (FIPS_selftest_failed()) {
 diff -up openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_rand.c
 --- openssl-1.1.1g/crypto/fips/fips_drbg_rand.c.rewire-fips-drbg	2020-06-22 13:32:47.611852927 +0200
 +++ openssl-1.1.1g/crypto/fips/fips_drbg_rand.c	2020-06-22 13:32:47.675852917 +0200
@@ -57,6 +57,8 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/fips.h>
 +#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
 +#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
 #include <openssl/fips_rand.h>
 #include "fips_rand_lcl.h"
 diff -up openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c
 --- openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c.rewire-fips-drbg	2020-06-22 13:32:47.612852927 +0200
 +++ openssl-1.1.1g/crypto/fips/fips_drbg_selftest.c	2020-06-22 13:32:47.675852917 +0200
@@ -55,6 +55,8 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/fips.h>
 +#define FIPS_DRBG_generate FIPS_DRBG_generate_internal
 +#define FIPS_DRBG_reseed FIPS_DRBG_reseed_internal
 #include <openssl/fips_rand.h>
 #include "fips_rand_lcl.h"
 #include "fips_locl.h"
 diff -up openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_post.c
 --- openssl-1.1.1g/crypto/fips/fips_post.c.rewire-fips-drbg	2020-06-22 13:32:47.672852918 +0200
 +++ openssl-1.1.1g/crypto/fips/fips_post.c	2020-06-22 13:32:47.675852917 +0200
@@ -79,8 +79,6 @@ int FIPS_selftest(void)
         ERR_add_error_data(2, "Type=", "rand_drbg_selftest");
         rv = 0;
     }
 -    if (!FIPS_selftest_drbg())
 -        rv = 0;
     if (!FIPS_selftest_sha1())
         rv = 0;
     if (!FIPS_selftest_sha2())
 diff -up openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg openssl-1.1.1g/crypto/fips/fips_rand_lib.c
 --- openssl-1.1.1g/crypto/fips/fips_rand_lib.c.rewire-fips-drbg	2020-06-22 13:32:47.613852927 +0200
 +++ openssl-1.1.1g/crypto/fips/fips_rand_lib.c	2020-06-22 13:36:28.722817967 +0200
@@ -120,6 +120,7 @@ void FIPS_rand_reset(void)
 int FIPS_rand_seed(const void *buf, int num)
 {
 +#if 0
     if (!fips_approved_rand_meth && FIPS_module_mode()) {
         FIPSerr(FIPS_F_FIPS_RAND_SEED, FIPS_R_NON_FIPS_METHOD);
         return 0;
@@ -127,10 +128,15 @@ int FIPS_rand_seed(const void *buf, int
     if (fips_rand_meth && fips_rand_meth->seed)
         fips_rand_meth->seed(buf, num);
     return 1;
 +#else
 +    RAND_seed(buf, num);
 +    return 1;
 +#endif
 }
 int FIPS_rand_bytes(unsigned char *buf, int num)
 {
 +#if 0
     if (!fips_approved_rand_meth && FIPS_module_mode()) {
         FIPSerr(FIPS_F_FIPS_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
         return 0;
@@ -138,10 +144,14 @@ int FIPS_rand_bytes(unsigned char *buf,
     if (fips_rand_meth && fips_rand_meth->bytes)
         return fips_rand_meth->bytes(buf, num);
     return 0;
 +#else
 +    return RAND_bytes(buf, num);
 +#endif
 }
 int FIPS_rand_status(void)
 {
 +#if 0
     if (!fips_approved_rand_meth && FIPS_module_mode()) {
         FIPSerr(FIPS_F_FIPS_RAND_STATUS, FIPS_R_NON_FIPS_METHOD);
         return 0;
@@ -149,6 +159,9 @@ int FIPS_rand_status(void)
     if (fips_rand_meth && fips_rand_meth->status)
         return fips_rand_meth->status();
     return 0;
 +#else
 +    return RAND_status();
 +#endif
 }
 /* Return instantiated strength of PRNG. For DRBG this is an internal
 diff -up openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips.h
 --- openssl-1.1.1g/include/openssl/fips.h.rewire-fips-drbg	2020-06-22 13:32:47.672852918 +0200
 +++ openssl-1.1.1g/include/openssl/fips.h	2020-06-22 13:32:47.675852917 +0200
@@ -64,6 +64,11 @@ extern "C" {
     int FIPS_selftest(void);
     int FIPS_selftest_failed(void);
 +
 +    /*
 +     * This function is deprecated as it performs selftest of the old FIPS drbg
 +     * implementation that is not validated.
 +     */
     int FIPS_selftest_drbg_all(void);
     int FIPS_dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
 diff -up openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg openssl-1.1.1g/include/openssl/fips_rand.h
 --- openssl-1.1.1g/include/openssl/fips_rand.h.rewire-fips-drbg	2020-06-22 13:32:47.617852926 +0200
 +++ openssl-1.1.1g/include/openssl/fips_rand.h	2020-06-22 13:32:47.675852917 +0200
@@ -60,6 +60,20 @@
 #  ifdef  __cplusplus
 extern "C" {
 #  endif
 +
 +/*
 + * IMPORTANT NOTE:
 + * All functions in this header file are deprecated and should not be used
 + * as they use the old FIPS_drbg implementation that is not FIPS validated
 + * anymore.
 + * To provide backwards compatibility for applications that need FIPS compliant
 + * RNG number generation and use FIPS_drbg_generate, this function was
 + * re-wired to call the FIPS validated DRBG instance instead through
 + * the RAND_bytes() call.
 + *
 + * All these functions will be removed in future.
 + */
 +
     typedef struct drbg_ctx_st DRBG_CTX;
 /* DRBG external flags */
 /* Flag for CTR mode only: use derivation function ctr_df */
--- a/openssl.spec
+++ b/openssl.spec
@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1g
-Release: 9%{?dist}
+Release: 10%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -71,6 +71,7 @@ Patch66: openssl-1.1.1-fips-dh.patch
 Patch67: openssl-1.1.1-kdf-selftest.patch
 Patch68: openssl-1.1.1-reneg-no-extms.patch
 Patch69: openssl-1.1.1-alpn-cb.patch
 Patch70: openssl-1.1.1-rewire-fips-drbg.patch
 # Backported fixes including security fixes
 Patch52: openssl-1.1.1-s390x-update.patch
 Patch53: openssl-1.1.1-fips-crng-test.patch
@ -187,6 +188,7 @@ cp %{SOURCE13} test/
 %patch67 -p1 -b .kdf-selftest
 %patch68 -p1 -b .reneg-no-extms
 %patch69 -p1 -b .alpn-cb
 %patch70 -p1 -b .rewire-fips-drbg
 %build
@ -473,6 +475,9 @@ export LD_LIBRARY_PATH
 %ldconfig_scriptlets libs
 %changelog
 * Mon Jun 22 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-10
 - Rewire FIPS_drbg API to use the RAND_DRBG
 * Fri Jun  5 2020 Tomáš Mráz <tmraz@redhat.com> 1.1.1g-9
 - Disallow dropping Extended Master Secret extension
  on renegotiation