[openssl] master update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Fri Mar 1 17:29:29 UTC 2019


The branch master has been updated
       via  38023b87f037f4b832c236dfce2a76272be08763 (commit)
      from  ed86f884ba10c93a0beb53492c5db463e31a6884 (commit)


- Log -----------------------------------------------------------------
commit 38023b87f037f4b832c236dfce2a76272be08763
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Fri Feb 15 00:03:50 2019 +0100

    Fix seeding from random device w/o getrandom syscall
    
    Use select to wait for /dev/random in readable state,
    but do not actually read anything from /dev/random,
    use /dev/urandom first.
    
    Use linux define __NR_getrandom instead of the
    glibc define SYS_getrandom, in case the kernel headers
    are more current than the glibc headers.
    
    Fixes #8215
    
    Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
    (Merged from https://github.com/openssl/openssl/pull/8251)

-----------------------------------------------------------------------

Summary of changes:
 crypto/rand/rand_unix.c | 29 ++++++++++++++++++++++++++---
 e_os.h                  |  9 +++------
 2 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 35777ff..39c4e7e 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -19,7 +19,7 @@
 #include <stdio.h>
 #include "internal/dso.h"
 #if defined(__linux)
-# include <sys/syscall.h>
+# include <asm/unistd.h>
 #endif
 #if defined(__FreeBSD__)
 # include <sys/types.h>
@@ -324,8 +324,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
 #  endif
 
     /* Linux supports this since version 3.17 */
-#  if defined(__linux) && defined(SYS_getrandom)
-    return syscall(SYS_getrandom, buf, buflen, 0);
+#  if defined(__linux) && defined(__NR_getrandom)
+    return syscall(__NR_getrandom, buf, buflen, 0);
 #  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
     return sysctl_random(buf, buflen);
 #  else
@@ -510,6 +510,29 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)
     bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
     {
         size_t i;
+#ifdef DEVRANDOM_WAIT
+        static int wait_done = 0;
+
+        /*
+         * On some implementations reading from /dev/urandom is possible
+         * before it is initialized. Therefore we wait for /dev/random
+         * to be readable to make sure /dev/urandom is initialized.
+         */
+        if (!wait_done && bytes_needed > 0) {
+             int f = open(DEVRANDOM_WAIT, O_RDONLY);
+
+             if (f >= 0) {
+                 fd_set fds;
+
+                 FD_ZERO(&fds);
+                 FD_SET(f, &fds);
+                 while (select(f+1, &fds, NULL, NULL, NULL) < 0
+                        && errno == EINTR);
+                 close(f);
+             }
+             wait_done = 1;
+        }
+#endif
 
         for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths); i++) {
             ssize_t bytes = 0;
diff --git a/e_os.h b/e_os.h
index 9c0888e..472354e 100644
--- a/e_os.h
+++ b/e_os.h
@@ -27,11 +27,8 @@
  * set this to a comma-separated list of 'random' device files to try out. By
  * default, we will try to read at least one of these files
  */
-#  if defined(__s390__)
-#   define DEVRANDOM "/dev/prandom","/dev/urandom","/dev/hwrng","/dev/random"
-#  else
-#   define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-#  endif
+#  define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom"
+#  define DEVRANDOM_WAIT "/dev/random"
 # endif
 # if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
 /*
@@ -39,7 +36,7 @@
  * sockets will be tried in the order listed in case accessing the device
  * files listed in DEVRANDOM did not return enough randomness.
  */
-#  define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
+#  define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
 # endif
 
 # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)


More information about the openssl-commits mailing list