[openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Wed Oct 14 05:53:00 UTC 2020 

The branch master has been updated
       via  8e596a93bc266259f1ef0d56601e58bbfe18317a (commit)
      from  58608c7c7ac664e03d8f4acffd9420e56d148320 (commit)


- Log -----------------------------------------------------------------
commit 8e596a93bc266259f1ef0d56601e58bbfe18317a
Author: Yury Is <yury.coder at gmail.com>
Date:   Tue Oct 13 02:24:52 2020 +0300

    syscall_random(): don't fail if the getentropy() function is a dummy
    
    Several embedded toolchains may provide dummy implemented getentropy()
    function which always returns -1 and sets errno to the ENOSYS.
    
    As a result the function SSL_CTX_new() fails to create a new context.
    
    Fixes #13002
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/13114)

-----------------------------------------------------------------------

Summary of changes:
 providers/implementations/rands/seeding/rand_unix.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
index 26d81d6054..ddd453fff8 100644
--- a/providers/implementations/rands/seeding/rand_unix.c
+++ b/providers/implementations/rands/seeding/rand_unix.c
@@ -376,12 +376,19 @@ static ssize_t syscall_random(void *buf, size_t buflen)
      * - OpenBSD since 5.6
      * - Linux since 3.17 with glibc 2.25
      * - FreeBSD since 12.0 (1200061)
+     *
+     * Note: Sometimes getentropy() can be provided but not implemented
+     * internally. So we need to check errno for ENOSYS
      */
 #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
 
-    if (getentropy != NULL)
-        return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+    if (getentropy != NULL) {
+        if (getentropy(buf, buflen) == 0)
+            return (ssize_t)buflen;
+        if (errno != ENOSYS)
+            return -1;
+    }
 #  elif !defined(FIPS_MODULE)
     union {
         void *p;

More information about the openssl-commits mailing list