[openssl-commits] [openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Thu Nov 8 15:40:18 UTC 2018 

The branch master has been updated
       via  8cfc19716c22dac737ec8cfc5f7d085e7c37f4d8 (commit)
      from  1901516a4ba909fff12e0e7815aa2d499f4d6d67 (commit)


- Log -----------------------------------------------------------------
commit 8cfc19716c22dac737ec8cfc5f7d085e7c37f4d8
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Thu Oct 18 13:27:14 2018 +0200

    rand_unix.c: open random devices on first use only
    
    Commit c7504aeb640a (pr #6432) fixed a regression for applications in
    chroot environments, which compensated the fact that the new OpenSSL CSPRNG
    (based on the NIST DRBG) now reseeds periodically, which the previous
    one didn't. Now the reseeding could fail in the chroot environment if the
    DEVRANDOM devices were not present anymore and no other entropy source
    (e.g. getrandom()) was available.
    
    The solution was to keep the file handles for the DEVRANDOM devices open
    by default. In fact, the fix did more than this, it opened the DEVRANDOM
    devices early and unconditionally in rand_pool_init(), which had the
    unwanted side effect that the devices were opened (and kept open) even
    in cases when they were not used at all, for example when the getrandom()
    system call was available. Due  to a bug (issue #7419) this even happened
    when the feature was disabled by the application.
    
    This commit removes the unconditional opening of all DEVRANDOM devices.
    They will now only be opened (and kept open) on first use. In particular,
    if getrandom() is available, the handles will not be opened unnecessarily.
    
    This change does not introduce a regression for applications compiled for
    libcrypto 1.1.0, because the SSLEAY RNG also seeds on first use. So in the
    above constellation the CSPRNG will only be properly seeded if it is happens
    before the forking and chrooting.
    
    Fixes #7419
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/7437)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/rand_unix.c | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index cb3a6b2..9d8ffdd 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -386,21 +386,13 @@ static void close_random_device(size_t n)
     rd->fd = -1;
 }
 
-static void open_random_devices(void)
-{
-    size_t i;
-
-    for (i = 0; i < OSSL_NELEM(random_devices); i++)
-        (void)get_random_device(i);
-}
-
 int rand_pool_init(void)
 {
     size_t i;
 
     for (i = 0; i < OSSL_NELEM(random_devices); i++)
         random_devices[i].fd = -1;
-    open_random_devices();
+
     return 1;
 }
 
@@ -414,10 +406,9 @@ void rand_pool_cleanup(void)
 
 void rand_pool_keep_random_devices_open(int keep)
 {
-    if (keep)
-        open_random_devices();
-    else
+    if (!keep)
         rand_pool_cleanup();
+
     keep_random_devices_open = keep;
 }

More information about the openssl-commits mailing list