8.9.6 updates merged

.github/workflows/.workflowTest.yml

@@ -6,9 +6,9 @@ name: CI
 on:
  # Triggers the workflow on push or pull request events but only for the "main" branch
  push:
- branches: [ "main" ]
+ branches: [ "*" ]
  pull_request:
- branches: [ "main" ]
+ branches: [ "*" ]
 
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
@@ -25,14 +25,12 @@ jobs:
  - uses: actions/checkout@v3
 
  - name: 64-bit Linux debug compile
+# export LD_LIBRARY_PATH=/home/runner/work/OpenCryptographyKitC/OpenCryptographyKitC/openssl-1.1.1/
  run: |
- cd icc
- make OPSYS=AMD64_LINUX CONFIG=debug create_all
- export LD_LIBRARY_PATH=/home/runner/work/OpenCryptographyKitC/OpenCryptographyKitC/openssl-1.1.1/
- make -k OPSYS=AMD64_LINUX CONFIG=debug all
- make -k OPSYS=AMD64_LINUX CONFIG=debug tests
- make -k OPSYS=AMD64_LINUX CONFIG=debug show_config
- cd ..
+ make -C icc -k OPSYS=AMD64_LINUX CONFIG=debug create_all
+ make -C icc -k OPSYS=AMD64_LINUX CONFIG=debug all
+ make -C icc -k OPSYS=AMD64_LINUX CONFIG=debug tests
+ make -C icc -k OPSYS=AMD64_LINUX CONFIG=debug show_config
 
  ICC-Compile:
  # a compile only -no test -quick check
@@ -42,14 +40,10 @@ jobs:
 
  - name: 64-bit Linux release compile
  run: |
- cd icc
- make -k OPSYS=AMD64_LINUX CONFIG=release create_all
- make -k OPSYS=AMD64_LINUX CONFIG=release all
- make -k OPSYS=AMD64_LINUX CONFIG=release iccpkg
- make -k OPSYS=AMD64_LINUX CONFIG=release show_config
- cd ..
- cd iccpkg
- make -k OPSYS=AMD64_LINUX CONFIG=release all
- cd ..
+ make -C icc -k OPSYS=AMD64_LINUX CONFIG=release create_all
+ make -C icc -k OPSYS=AMD64_LINUX CONFIG=release all
+ make -C icc -k OPSYS=AMD64_LINUX CONFIG=release iccpkg
+ make -C icc -k OPSYS=AMD64_LINUX CONFIG=release show_config
+ make -C iccpkg -k OPSYS=AMD64_LINUX CONFIG=release all
 
 

README.md

@@ -26,6 +26,7 @@ make -k -C icc OPSYS=LINUX all
 make -k -C icc OPSYS=WIN64_VS2022 create_all
 make -k -C icc OPSYS=WIN64_VS2022 all
 ```
+
 This build is not constrained to MS VS 2022 but is tested on that platform. 
 #### Requirements
 Visual studio build tools are required, including mfc. 

icc/TRNG/ICC_NRBG.c

@@ -68,23 +68,29 @@ typedef struct NRBG_type_t {
  int initialized; /*!< Flag to say it was used */
 } NRBG_type;
 
+
+/* In non-FIPS, all platforms default to TRNG_OS and upgrade to TRNG_HW at runtime if available.
+ This is done to prioritise compatibility on the unpredictable range and age of the virtualisatised systems we might run on,
+ while still upgrading and using TRNG_HW in most cases.
+*/
+
 #if (NON_FIPS_ICC == 1) /* Built as non-FIPS */
 
-/* These definitions match the availability of OPENSSL_HW_rand */
+/* These definitions try mirror the availability of OPENSSL_HW_rand to avoid a mismatch (not relevant when we use TRNG_OS) */
 /* X86 Linux and Windows, Solaris x86 */
 #if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
  defined(__INTEL__) || \
  defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) ) && ( !(defined(__SunOS) && !defined(__amd64)) \
  )
-
- static TRNG_TYPE global_trng_type = TRNG_HW;
+ static int global_trng_type_attempted_upgrade = 0;
+ static TRNG_TYPE global_trng_type = TRNG_OS;
 
 #elif defined(__s390__) || defined(__MVS__)
+ static int global_trng_type_attempted_upgrade = 0;
+ static TRNG_TYPE global_trng_type = TRNG_OS;
 
- static TRNG_TYPE global_trng_type = TRNG_HW;
-
-/* We will do a runtime check for cpu support for darn, present since ISA3.0, and update to TRNG_HW if so */
 #elif defined(__ppc__) || defined(__powerpc__) || defined(_AIX)
+ /* We will do a runtime check for cpu support for darn, present since ISA3.0, and update to TRNG_HW if so */
  static int global_trng_type_attempted_upgrade = 0;
  static TRNG_TYPE global_trng_type = TRNG_OS;
 
@@ -97,7 +103,7 @@ typedef struct NRBG_type_t {
  static TRNG_TYPE global_trng_type = TRNG_FIPS;
 #endif
 
-/* If a user sets TRNG_OS on power, we don't want to upgrade even if HW is available */
+/* If a user explicitly sets a TRNG, we don't want to upgrade even if HW is available */
 int global_trng_type_user_set = 0;
 
 static void TRNG_LocalCleanup(TRNG *T);
@@ -247,6 +253,7 @@ void checkTRNGAlias(char **trngname) {
  *trngname = "TRNG_OS";
  }
  }
+ MARK("TRNG aliased to", *trngname);
  }
  }
 }
@@ -258,6 +265,12 @@ void checkTRNGAlias(char **trngname) {
 extern unsigned icc_failure; /*!< Trigger for induced failure tests */
 int SetTRNGName(char *trngname)
 {
+ if (NULL != trngname) {
+ MARK("Request to set TRNG to", trngname);
+ }
+ else {
+ MARK("Request to set NULL TRNG", "");
+ }
  int rv = 0;
  int i = 0;
  checkTRNGAlias(&trngname);
@@ -288,8 +301,11 @@ TRNG_TYPE SetDefaultTrng(TRNG_TYPE trng) {
  case TRNG_HW:
  case TRNG_FIPS:
  if(TRNG_ARRAY[trng].avail()) {
+ MARK("TRNG set to", TRNG_ARRAY[trng].name);
  global_trng_type = trng;
  global_trng_type_user_set = 1;
+ } else {
+ MARK("TRNG attempted to be set to", TRNG_ARRAY[trng].name);
  }
  break;
  default:
@@ -397,12 +413,39 @@ static void TRNG_ESourceCleanup(E_SOURCE *es)
 
 TRNG_TYPE GetDefaultTrng()
 {
-#if defined(__ppc__) || defined(__powerpc__) || defined(_AIX)
- if(!global_trng_type_attempted_upgrade && 0 == global_trng_type_user_set && 0 == strcasecmp("TRNG_OS", *trngname) && ALT4_Avail()) {
+#if (NON_FIPS_ICC == 1)
+
+#if (\
+ (( defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+ defined(__INTEL__) || \
+ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)) && (!(defined(__SunOS) && !defined(__amd64)))) \
+ || \
+ ( defined(__s390__) || defined(__MVS__)) \
+ || \
+ ( defined(__ppc__) || defined(__powerpc__) || defined(_AIX)) \
+ )
+ if(!global_trng_type_attempted_upgrade) {
+ MARK("Testing the availability of TRNG_HW", "");
+
+ if(0 == global_trng_type_user_set) {
+ if (TRNG_FIPS != global_trng_type) {
+ if (ALT4_Avail()) {
+ MARK("Found, switching to TRNG_HW", "");
  global_trng_type = TRNG_HW;
+ } else {
+ MARK("TRNG_HW not available, remaining with", TRNG_ARRAY[global_trng_type].name); 
+ }
+ } else {
+ MARK("TRNG_FIPS set, remaining with", TRNG_ARRAY[global_trng_type].name);
+ }
+ } else {
+ MARK("User TRNG set, remaining with", TRNG_ARRAY[global_trng_type].name);
  }
  global_trng_type_attempted_upgrade = 1;
-#endif
+ }
+
+#endif /*x86_64, z/architecture, power */
+#endif /*non-FIPS*/
  return global_trng_type;
 }
 /*!

icc/TRNG/TRNG_ALT.c

@@ -40,7 +40,9 @@
 
 
 static int fd_alt = -1;
-
+#if defined(_WIN32)
+static BCRYPT_ALG_HANDLE hProvider = NULL;
+#endif
 /*! Pre-init function for TRNG_ALT
 
 */
@@ -89,10 +91,12 @@ static int alt_read(unsigned char *buffer,int n)
  break;
  case -3:
 #if defined(_WIN32)
+ {
  NTSTATUS status = 0;
- status = BCryptGenRandom(BCRYPT_RNG_ALG_HANDLE, (PUCHAR)buffer, n, 0);
- if(status != STATUS_SUCCESS) {
- rv = TRNG_REQ_SIZE; /* One of the parameters was likely not correct */
+ status = BCryptGenRandom(hProvider, (PUCHAR)buffer, n, 0);
+ if(!BCRYPT_SUCCESS(status)) {
+ rv = TRNG_REQ_SIZE; /* One of the parameters was likely not correct, or bad provider */
+ }
  }
 #endif
  break;
@@ -124,18 +128,17 @@ TRNG_ERRORS ALT_Init(E_SOURCE *E, unsigned char *pers, int perl)
  /* Else probe for something else */
  if(-1 == fd_alt) {
 #if defined(_WIN32)
+ {
  #define SIZE 8
  /* ON Windows ..... */
  /* If no HW RNG, OS RNG source */
  NTSTATUS status = 0;
- int tmpSize = SIZE; /* 64 bits, small test of availability */
- unsigned char tmp[SIZE];
- status = BCryptGenRandom(BCRYPT_RNG_ALG_HANDLE, (PUCHAR)&tmp, tmpSize, 0); /* Using a pseudo-handle */
-
- if(status == STATUS_SUCCESS) {
+ status = BCryptOpenAlgorithmProvider(&hProvider, BCRYPT_RNG_ALGORITHM, NULL, 0);
+ if(BCRYPT_SUCCESS(status)) {
  fd_alt = -3;
  } else {
- rv = TRNG_INIT;
+ rv = TRNG_INIT; /*error*/
+ }
  }
 #else
  /* On Unix .... */
@@ -209,11 +212,15 @@ TRNG_ERRORS ALT_Cleanup(E_SOURCE *E)
 
 void ALT_Final()
 {
-#if !defined(_WIN32)
+#if defined(_WIN32)
+ if((-3 == fd_alt) && (0 != hProvider)) {
+ BCryptCloseAlgorithmProvider(hProvider, 0);
+ hProvider = 0;
+ }
+#else 
  if(fd_alt >= 0) {
  close(fd_alt);
  fd_alt = -1;
  }
 #endif
-
 }

icc/TRNG/entropy_to_NRBG.c

@@ -68,16 +68,13 @@ int conditioner(TRNG *T, unsigned char* outbuf, unsigned len)
  if( 0 != trng_raw(&(T->econd),tbuf,SHA_DIGEST_SIZE) ) {
  rv = SetRNGError("Insufficient entropy",__FILE__,__LINE__);
  if(TRNG_OK != rv) {
- break;
+ HMAC_CTX_cleanup(T->cond.hctx);
+ return rv;
  } 
  }
  HMAC_Update(T->cond.hctx,tbuf,sizeof(tbuf));
  }
- if(TRNG_RESTART == rv) {
- TRNG_TRNG_Init(T,-1);
- rv = TRNG_OK;
- continue;
- }
+
  HMAC_Final(T->cond.hctx,tbuf,&mlen);
 
  for(i = 0; (i < mlen) && (n < len); ) {
@@ -120,7 +117,10 @@ TRNG_ERRORS Entropy_to_TRNG(TRNG *T, unsigned char *data, unsigned int len)
  {
  for (l = 0; l < len; l += SHA_DIGEST_SIZE)
  {
- conditioner(T, buffer, SHA_DIGEST_SIZE);
+ rv = conditioner(T, buffer, SHA_DIGEST_SIZE);
+ if (TRNG_OK != rv) {
+ return rv;
+ }
  e = pmax4(buffer,SHA_DIGEST_SIZE);
  if(e < 50) {
  break;
@@ -137,9 +137,8 @@ TRNG_ERRORS Entropy_to_TRNG(TRNG *T, unsigned char *data, unsigned int len)
  if (j >= TRNG_RETRIES)
  {
  rv = SetRNGError("Unable to obtain sufficient entropy", __FILE__, __LINE__);
- if(TRNG_OK == rv) {
- j = 0;
- continue;
+ if(TRNG_OK != rv) {
+ return rv;
  }
  }
  /* Final sanity check, we got out, is our overall entropy good with a compression function 
@@ -149,7 +148,9 @@ TRNG_ERRORS Entropy_to_TRNG(TRNG *T, unsigned char *data, unsigned int len)
  if (!EntropyOK(T))
  {
  rv = SetRNGError("Long term entropy is below acceptable limits", __FILE__, __LINE__);
- if(TRNG_OK == rv) continue;
+ if (TRNG_OK != rv) {
+ return rv;
+ }
  }
  /*!
  \FIPS
@@ -171,10 +172,10 @@ TRNG_ERRORS Entropy_to_TRNG(TRNG *T, unsigned char *data, unsigned int len)
  m++;
  if(m > 5) {
  rv = SetRNGError("Repeated duplicate seeds from TRNG", __FILE__, __LINE__);
- if(TRNG_OK == rv) {
- continue;
+ if (TRNG_OK != rv) {
+ EVP_MD_CTX_reset(T->md_ctx);
+ return rv;
  }
- break;
  }
  continue;
  }

icc/TRNG/noise_to_entropy.c

@@ -90,6 +90,9 @@ int trng_raw(E_SOURCE *E,
  /* 201 is a transient failure, 202 persistent */
  if((icc_failure == 201) || (icc_failure == 202)) {
  failcount = MAX_HT_FAIL +1;
+ /* Pretend to clear the buffer so we goto error */
+ k = 0;
+ E->cnt = 0;
  }
  if(0 == k) {
  E->impl.gb(E,&(E->nbuf[0]), E_ESTB_BUFLEN);

icc/TRNG/timer_entropy.c

@@ -131,9 +131,9 @@ ICC_UINT64 RdCTR_raw() {
 #elif defined(__sun__) && defined(__i386__) && defined(__GNUC__)
 
 ICC_UINT64 RdCTR_raw() {
- ICC_UINT64 lo;
+ ICC_UINT32 lo;
  __asm__ __volatile__("rdtsc\n" : "=a" (lo) : : "edx");
- return lo;
+ return (ICC_UINT64)lo;
 }
 
 /* End Solaris x86 */

icc/fips-prng/SP800-90.c

@@ -332,7 +332,7 @@ TRNG_ERRORS PRNG_GenerateRandomSeed(PRNG_CTX *P, unsigned int n,
  icc_failure = 0; /* Simulate a transient failure of a TRNG */
  }
  /* Try again, we should have changed the TRNG now */
- rv = TRNG_GenerateRandomSeed(prng->trng, n, buf);
+ /* rv = TRNG_GenerateRandomSeed(prng->trng, n, buf); */
  if((TRNG_OK != rv) || (406 == icc_failure) ) {
  prng->state = SP800_90CRIT;
  prng->error_reason = ERRAT("TRNG failure, low entropy");
@@ -1326,6 +1326,8 @@ SP800_90STATE RNG_ReSeed(PRNG_CTX *ctx, unsigned char *adata,
 
  /*
  check that the global TRNG type hasn't changed
+ - And that we aren't the synthetic PRNG under TRNG_ALT2
+ which uses an assumed low entropy source (TRNG_MINIMAL) and an SP800_90 PRNG as a compressor
  */
  type = TRNG_type(ictx->trng);
  if (type != GetDefaultTrng())

icc/iccdef.h

@@ -6,14 +6,16 @@
 // in the file LICENSE in the source distribution.
 *************************************************************************/
 
-#if defined(WIN64)
+#if defined(_WIN32)
 #include "BaseTsd.h"
+#elif defined(__sun)
+#include <inttypes.h>
 #else
 #include <stdint.h>
 #endif
 
 
-#if defined(_WIN64)
+#if defined(_WIN32)
 #define ICC_INT32 INT32
 #define ICC_UINT32 UINT32
 #else
@@ -24,7 +26,7 @@
 /* Can't trust long, which is 4 bytes on windows, 8 on linux
  stdint.h should be available everywhere. */
 
-#if defined(WIN64)
+#if defined(_WIN32)
 #define ICC_INT64 INT64
 #define ICC_UINT64 UINT64
 #else