From 3531439f8a09dd40102ac0e336cb962e86d8bf57 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sun, 2 Dec 2018 13:13:02 +0800 Subject: switch osrandom engine to blocking mode when getting entropy (#4620) * switch osrandom engine to blocking mode when getting entropy * review feedback * we can remove this too --- src/_cffi_src/openssl/src/osrandom_engine.c | 17 +++-------------- src/_cffi_src/openssl/src/osrandom_engine.h | 1 - 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c index 947c79aa..e6a76a34 100644 --- a/src/_cffi_src/openssl/src/osrandom_engine.c +++ b/src/_cffi_src/openssl/src/osrandom_engine.c @@ -281,7 +281,8 @@ static int osrandom_init(ENGINE *e) { if (getrandom_works != CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS) { long n; char dest[1]; - n = syscall(SYS_getrandom, dest, sizeof(dest), GRND_NONBLOCK); + /* if the kernel CSPRNG is not initialized this will block */ + n = syscall(SYS_getrandom, dest, sizeof(dest), 0); if (n == sizeof(dest)) { getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS; } else { @@ -295,15 +296,6 @@ static int osrandom_init(ENGINE *e) { /* Fallback: seccomp prevents syscall */ getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK; break; - case EAGAIN: - /* Failure: Kernel CRPNG has not been seeded yet */ - ERR_Cryptography_OSRandom_error( - CRYPTOGRAPHY_OSRANDOM_F_INIT, - CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_EAGAIN, - __FILE__, __LINE__ - ); - getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED; - break; default: /* EINTR cannot occur for buflen < 256. */ ERR_Cryptography_OSRandom_error( @@ -350,7 +342,7 @@ static int osrandom_rand_bytes(unsigned char *buffer, int size) { case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS: while (size > 0) { do { - n = syscall(SYS_getrandom, buffer, size, GRND_NONBLOCK); + n = syscall(SYS_getrandom, buffer, size, 0); } while (n < 0 && errno == EINTR); if (n <= 0) { @@ -532,9 +524,6 @@ static ERR_STRING_DATA CRYPTOGRAPHY_OSRANDOM_str_reasons[] = { "Reading from /dev/urandom fd failed."}, {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED), "getrandom() initialization failed."}, - {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_EAGAIN), - "getrandom() initialization failed with EAGAIN. Most likely Kernel " - "CPRNG is not seeded yet."}, {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED), "getrandom() initialization failed with unexpected errno."}, {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED), diff --git a/src/_cffi_src/openssl/src/osrandom_engine.h b/src/_cffi_src/openssl/src/osrandom_engine.h index 077046d9..e7a55c5e 100644 --- a/src/_cffi_src/openssl/src/osrandom_engine.h +++ b/src/_cffi_src/openssl/src/osrandom_engine.h @@ -94,7 +94,6 @@ static void ERR_Cryptography_OSRandom_error(int function, int reason, #define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED 301 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED 400 -#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_EAGAIN 401 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED 402 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED 403 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT 404 -- cgit v1.2.3