From c2321e5b8fa6792662deaaeb05f1c24bd71503eb Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Thu, 7 May 2020 10:34:12 +0000
Subject: [PATCH] mod_ssl: Drop SSLRandomSeed implementation with OpenSSL
 1.1.1. Require that OpenSSL is configured with a suitable entropy source, or
 fail startup otherwise.

* modules/ssl/ssl_private.h:
  Define MODSSL_USE_SSLRAND for OpenSSL < 1.1.1.
  (SSLModConfigRec): Only define pid, aRandSeed for <1.1.1.
  (ssl_rand_seed): Define as noop if !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_init.c (ssl_init_Module):
  Only initialize mc->pid for MODSSL_USE_SSLRAND.
  Fail if RAND_status() returns zero.
  (ssl_init_Child): Drop getpid and srand for !MODSSL_USE_SSLRAND.

* modules/ssl/ssl_engine_rand.c: ifdef-out for !MODSSL_USE_SSLRAND.
  (ssl_rand_seed): Drop warning if PRNG not seeded (now a startup
  error as above).

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Drop
  aRandSeed initialization.  (ssl_cmd_SSLRandomSeed): Log a warning if
  used w/!MODSSL_USE_SSLRAND.

Github: closes #123


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877467 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                           |  4 ++++
 docs/log-message-tags/next-number |  2 +-
 modules/ssl/ssl_engine_config.c   |  9 +++++++++
 modules/ssl/ssl_engine_init.c     | 12 ++++++++++++
 modules/ssl/ssl_engine_rand.c     | 11 ++++-------
 modules/ssl/ssl_private.h         | 15 +++++++++++++--
 6 files changed, 43 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0e1b976bf5..7250cdab2e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_ssl: With OpenSSL 1.1.1 and later, SSLRandomSeed is now
+     ignored.  OpenSSL must be configured with a suitable entropy
+     source, or mod_ssl will fail to start up.  [Joe Orton]
+
   *) mod_ssl: With OpenSSL 1.1.1 and later, client-initiated
      renegotiation in TLSv1.2 and earlier is blocked at SSL library
      level (with a TLS warning alert sent), rather than by aborting
diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
index 5ed9a8cf20..e41aa417c3 100644
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-10235
+10236
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index b0faf55b82..4d57e522ec 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -59,8 +59,10 @@ static SSLModConfigRec *ssl_config_global_create(apr_pool_t *pool, server_rec *s
      * initialize per-module configuration
      */
     mc->sesscache_mode         = SSL_SESS_CACHE_OFF;
+#ifdef MODSSL_USE_SSLRAND
     mc->aRandSeed              = apr_array_make(pool, 4,
                                                 sizeof(ssl_randseed_t));
+#endif
 #ifdef HAVE_FIPS
     mc->fips = UNSET;
 #endif
@@ -713,6 +715,7 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd,
                                   const char *arg2,
                                   const char *arg3)
 {
+#ifdef MODSSL_USE_SSLRAND
     SSLModConfigRec *mc = myModConfig(cmd->server);
     const char *err;
     ssl_randseed_t *seed;
@@ -801,6 +804,12 @@ const char *ssl_cmd_SSLRandomSeed(cmd_parms *cmd,
         }
     }
 
+#else
+    ap_log_error(APLOG_MARK, APLOG_WARNING, 0, cmd->server, APLOGNO(10235)
+                 "SSLRandomSeed is deprecated and has no effect "
+                 "with OpenSSL 1.1.1 and later");
+#endif
+
     return NULL;
 }
 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 129d09824a..e3209f3e97 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -237,11 +237,13 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
                      MODSSL_LIBRARY_TEXT, MODSSL_LIBRARY_DYNTEXT);
     }
 
+#ifdef MODSSL_USE_SSLRAND
     /* We initialize mc->pid per-process in the child init,
      * but it should be initialized for startup before we
      * call ssl_rand_seed() below.
      */
     mc->pid = getpid();
+#endif
 
     /*
      * Let us cleanup on restarts and exits
@@ -330,6 +332,14 @@ apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
      */
     ssl_rand_seed(base_server, ptemp, SSL_RSCTX_STARTUP, "Init: ");
 
+    if (RAND_status() == 0) {
+        ap_log_error(APLOG_MARK, APLOG_CRIT, 0, base_server, APLOGNO(01990)
+                     MODSSL_LIBRARY_NAME " PRNG does not contain sufficient "
+                     "randomness.  Build the SSL library with a suitable "
+                     "entropy source configured.");
+        return APR_EGENERAL;
+    }
+
 #ifdef HAVE_FIPS
     if (!FIPS_mode() && mc->fips == TRUE) {
         if (!FIPS_mode_set(1)) {
@@ -2277,11 +2287,13 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
 
 void ssl_init_Child(apr_pool_t *p, server_rec *s)
 {
+#ifdef MODSSL_USE_SSLRAND
     SSLModConfigRec *mc = myModConfig(s);
     mc->pid = getpid(); /* only call getpid() once per-process */
 
     /* XXX: there should be an ap_srand() function */
     srand((unsigned int)time(NULL));
+#endif
 
     /* open the mutex lockfile */
     ssl_mutex_reinit(s, p);
diff --git a/modules/ssl/ssl_engine_rand.c b/modules/ssl/ssl_engine_rand.c
index 3b6bf07613..b9445268eb 100644
--- a/modules/ssl/ssl_engine_rand.c
+++ b/modules/ssl/ssl_engine_rand.c
@@ -29,6 +29,8 @@
 
 #include "ssl_private.h"
 
+#ifdef MODSSL_USE_SSLRAND
+
 #if HAVE_VALGRIND
 #include <valgrind.h>
 #include <memcheck.h>
@@ -43,7 +45,7 @@
 static int ssl_rand_choosenum(int, int);
 static int ssl_rand_feedfp(apr_pool_t *, apr_file_t *, int);
 
-int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
+void ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
 {
     SSLModConfigRec *mc;
     apr_array_header_t *apRandSeed;
@@ -134,12 +136,6 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
     }
     ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s,
                  "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
-
-    if (RAND_status() == 0)
-        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(01990)
-                     "%sPRNG still contains insufficient entropy!", prefix);
-
-    return nDone;
 }
 
 #define BUFSIZE 8192
@@ -185,3 +181,4 @@ static int ssl_rand_choosenum(int l, int h)
     return i;
 }
 
+#endif /* MODSSL_USE_SSLRAND */
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
index a4b88a531d..d7d71ec26a 100644
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -147,6 +147,10 @@
 #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
 #endif
 
+#if OPENSSL_VERSION_NUMBER < 0x10101000
+#define MODSSL_USE_SSLRAND
+#endif
+
 #if defined(OPENSSL_FIPS)
 #define HAVE_FIPS
 #endif
@@ -590,7 +594,6 @@ typedef struct {
 } modssl_retained_data_t;
 
 typedef struct {
-    pid_t           pid;
     BOOL            bFixed;
 
     /* OpenSSL SSL_SESS_CACHE_* flags: */
@@ -605,7 +608,11 @@ typedef struct {
     ap_socache_instance_t *sesscache_context;
 
     apr_global_mutex_t   *pMutex;
+
+#ifdef MODSSL_USE_SSLRAND
+    pid_t           pid; /* used for seeding after fork() */
     apr_array_header_t   *aRandSeed;
+#endif
 
 #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
     const char     *szCryptoDevice;
@@ -1008,8 +1015,12 @@ long         ssl_io_data_cb(BIO *, int, const char *, int, long, long);
  * to allow an SSL renegotiation to take place. */
 int          ssl_io_buffer_fill(request_rec *r, apr_size_t maxlen);
 
+#ifdef MODSSL_USE_SSLRAND
 /**  PRNG  */
-int          ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
+void         ssl_rand_seed(server_rec *, apr_pool_t *, ssl_rsctx_t, char *);
+#else
+#define      ssl_rand_seed(s, p, ctx, c) /* noop */
+#endif
 
 /**  Utility Functions  */
 char        *ssl_util_vhostid(apr_pool_t *, server_rec *);