fix: openssl-3.0-fips should use separate private rand

Author: lrstewart

tests/features/S2N_LIBCRYPTO_SUPPORTS_PRIVATE_RAND.c

@@ -0,0 +1,31 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Not all libcryptos support RAND_priv_bytes.
+ *
+ * Note: the existence of RAND_priv_bytes() does NOT mean that the libcrypto
+ * actually supports a separate, private source of randomness. Some libcryptos
+ * just alias RAND_priv_bytes to RAND_bytes.
+ */
+
+#include <openssl/rand.h>
+
+int main()
+{
+    uint8_t bytes[10] = { 0 };
+    RAND_priv_bytes(bytes, sizeof(bytes));
+    return 0;
+}

tests/features/S2N_LIBCRYPTO_SUPPORTS_PRIVATE_RAND.flags

@@ -0,0 +1 @@
+

tests/unit/s2n_random_test.c

@@ -902,6 +902,12 @@ int main(int argc, char **argv)
         if (s2n_libcrypto_is_awslc()) {
 #if defined(S2N_LIBCRYPTO_SUPPORTS_ENGINE)
             FAIL_MSG("Expected ENGINE feature probe to be disabled with AWS-LC");
+#endif
+        }
+
+        if (s2n_libcrypto_is_openssl_fips()) {
+#if !S2N_LIBCRYPTO_SUPPORTS_PRIVATE_RAND
+            FAIL_MSG("Expected private rand support from openssl3 fips");
 #endif
         }
     };

utils/s2n_random.c

@@ -276,6 +276,17 @@ static S2N_RESULT s2n_ensure_uniqueness(void)
     return S2N_RESULT_OK;
 }
 
+#if S2N_LIBCRYPTO_SUPPORTS_PRIVATE_RAND
+static S2N_RESULT s2n_get_libcrypto_private_random_data(struct s2n_blob *out_blob)
+{
+    RESULT_GUARD_PTR(out_blob);
+    RESULT_GUARD_OSSL(RAND_priv_bytes(out_blob->data, out_blob->size), S2N_ERR_DRBG);
+    return S2N_RESULT_OK;
+}
+#else
+#define s2n_get_libcrypto_private_random_data s2n_get_libcrypto_random_data
+#endif
+
 static S2N_RESULT s2n_get_libcrypto_random_data(struct s2n_blob *out_blob)
 {
     RESULT_GUARD_PTR(out_blob);
@@ -308,33 +319,23 @@ static S2N_RESULT s2n_get_custom_random_data(struct s2n_blob *out_blob, struct s
     return S2N_RESULT_OK;
 }
 
-static S2N_RESULT s2n_get_random_data(struct s2n_blob *blob, struct s2n_drbg *drbg_state)
+S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob)
 {
-    /* By default, s2n-tls uses a custom random implementation to generate random data for the TLS
-     * handshake. When operating in FIPS mode, the FIPS-validated libcrypto implementation is used
-     * instead.
-     */
     if (s2n_is_in_fips_mode()) {
         RESULT_GUARD(s2n_get_libcrypto_random_data(blob));
-        return S2N_RESULT_OK;
+    } else {
+        RESULT_GUARD(s2n_get_custom_random_data(blob, &s2n_per_thread_rand_state.public_drbg));
     }
-
-    RESULT_GUARD(s2n_get_custom_random_data(blob, drbg_state));
-
-    return S2N_RESULT_OK;
-}
-
-S2N_RESULT s2n_get_public_random_data(struct s2n_blob *blob)
-{
-    RESULT_GUARD(s2n_get_random_data(blob, &s2n_per_thread_rand_state.public_drbg));
-
     return S2N_RESULT_OK;
 }
 
 S2N_RESULT s2n_get_private_random_data(struct s2n_blob *blob)
 {
-    RESULT_GUARD(s2n_get_random_data(blob, &s2n_per_thread_rand_state.private_drbg));
-
+    if (s2n_is_in_fips_mode()) {
+        RESULT_GUARD(s2n_get_libcrypto_private_random_data(blob));
+    } else {
+        RESULT_GUARD(s2n_get_custom_random_data(blob, &s2n_per_thread_rand_state.private_drbg));
+    }
     return S2N_RESULT_OK;
 }