[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Sun Jun 3 10:18:17 UTC 2018
The branch master has been updated
via 1e653d0ff7fc2e06a1cb1e05c01feecde84e67d3 (commit)
via 2545f9446e4a924548f393cc9e7391e6b10ed1b5 (commit)
via cf0891b8f1e85d130084c90661b7e05f4e90ec78 (commit)
via 8f57662771356882561b98d6add06a16dc479f9b (commit)
from 6da34cfbddede5e46f9c9183b724c99999dcfb41 (commit)
- Log -----------------------------------------------------------------
commit 1e653d0ff7fc2e06a1cb1e05c01feecde84e67d3
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Jun 2 18:15:32 2018 +0200
Fix checking the return value of getentropy()
Reviewed-by: Andy Polyakov <appro at openssl.org>
GH: #6405
commit 2545f9446e4a924548f393cc9e7391e6b10ed1b5
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Jun 2 17:54:29 2018 +0200
Remove support for calling getrandom(), we now always call getentropy()
Only Linux and FreeBSD provide getrandom(), but they both also provide
getentropy() since the same version and we already tried to call that.
Reviewed-by: Andy Polyakov <appro at openssl.org>
GH: #6405
commit cf0891b8f1e85d130084c90661b7e05f4e90ec78
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Jun 2 17:50:16 2018 +0200
Look up availability of getentropy() at runtime.
This will actually support most OSs, and at least adds support for
Solaris and OSX
Fixes: #6403
Reviewed-by: Andy Polyakov <appro at openssl.org>
GH: #6405
commit 8f57662771356882561b98d6add06a16dc479f9b
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Jun 2 15:22:13 2018 +0200
Add support for KERN_ARND to get random bytes on NetBSD
Reviewed-by: Andy Polyakov <appro at openssl.org>
GH: #6405
-----------------------------------------------------------------------
Summary of changes:
crypto/rand/rand_unix.c | 70 +++++++++++++++++++++++++++++--------------------
1 file changed, 41 insertions(+), 29 deletions(-)
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 1f0084d..9f17494 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -15,6 +15,7 @@
#include "rand_lcl.h"
#include "internal/rand_int.h"
#include <stdio.h>
+#include "internal/dso.h"
#if defined(__linux)
# include <sys/syscall.h>
#endif
@@ -23,7 +24,7 @@
# include <sys/sysctl.h>
# include <sys/param.h>
#endif
-#if defined(__OpenBSD__)
+#if defined(__OpenBSD__) || defined(__NetBSD__)
# include <sys/param.h>
#endif
#ifdef OPENSSL_SYS_UNIX
@@ -163,20 +164,6 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
# error "Seeding uses urandom but DEVRANDOM is not configured"
# endif
-# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
-# if __GLIBC_PREREQ(2, 25)
-# define OPENSSL_HAVE_GETRANDOM
-# endif
-# endif
-
-# if (defined(__FreeBSD__) && __FreeBSD_version >= 1200061)
-# define OPENSSL_HAVE_GETRANDOM
-# endif
-
-# if defined(OPENSSL_HAVE_GETRANDOM)
-# include <sys/random.h>
-# endif
-
# if defined(OPENSSL_RAND_SEED_OS)
# if !defined(DEVRANDOM)
# error "OS seeding requires DEVRANDOM to be configured"
@@ -189,7 +176,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
# error "librandom not (yet) supported"
# endif
-# if defined(__FreeBSD__) && defined(KERN_ARND)
+# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
/*
* sysctl_random(): Use sysctl() to read a random number from the kernel
* Returns the size on success, 0 on failure.
@@ -201,14 +188,25 @@ static size_t sysctl_random(char *buf, size_t buflen)
size_t len;
/*
- * Old implementations returned longs, newer versions support variable
- * sizes up to 256 byte. The code below would not work properly when
- * the sysctl returns long and we want to request something not a multiple
- * of longs, which should never be the case.
+ * On FreeBSD old implementations returned longs, newer versions support
+ * variable sizes up to 256 byte. The code below would not work properly
+ * when the sysctl returns long and we want to request something not a
+ * multiple of longs, which should never be the case.
*/
if (!ossl_assert(buflen % sizeof(long) == 0))
return 0;
+ /*
+ * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
+ * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
+ * it returns a variable number of bytes with the current version supporting
+ * up to 256 bytes.
+ * Just return an error on older NetBSD versions.
+ */
+#if defined(__NetBSD__) && __NetBSD_Version__ < 400000000
+ return 0;
+#endif
+
mib[0] = CTL_KERN;
mib[1] = KERN_ARND;
@@ -231,23 +229,37 @@ static size_t sysctl_random(char *buf, size_t buflen)
*/
int syscall_random(void *buf, size_t buflen)
{
-# if defined(OPENSSL_HAVE_GETRANDOM)
- return (int)getrandom(buf, buflen, 0);
-# endif
+ union {
+ void *p;
+ int (*f)(void *buffer, size_t length);
+ } p_getentropy;
+
+ /*
+ * Do runtime detection to find getentropy().
+ *
+ * We could cache the result of the lookup, but we normally don't
+ * call this function often.
+ *
+ * Known OSs that should support this:
+ * - Darwin since 16 (OSX 10.12, IOS 10.0).
+ * - Solaris since 11.3
+ * - OpenBSD since 5.6
+ * - Linux since 3.17 with glibc 2.25
+ * - FreeBSD since 12.0 (1200061)
+ */
+ p_getentropy.p = DSO_global_lookup("getentropy");
+ if (p_getentropy.p != NULL)
+ return p_getentropy.f(buf, buflen) == 0 ? buflen : 0;
+ /* Linux supports this since version 3.17 */
# if defined(__linux) && defined(SYS_getrandom)
return (int)syscall(SYS_getrandom, buf, buflen, 0);
# endif
-# if defined(__FreeBSD__) && defined(KERN_ARND)
+# if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
return (int)sysctl_random(buf, buflen);
# endif
- /* Supported since OpenBSD 5.6 */
-# if defined(__OpenBSD__) && OpenBSD >= 201411
- return getentropy(buf, buflen);
-# endif
-
return -1;
}
More information about the openssl-commits
mailing list