diff options
| author | beck <> | 2017-04-29 18:43:31 +0000 |
|---|---|---|
| committer | beck <> | 2017-04-29 18:43:31 +0000 |
| commit | 8091128d66e4d00c534d48931f3bf1315266f5a9 (patch) | |
| tree | 9d2dfa9d8453f3e8a200772549cd3e1a28bb583d | |
| parent | 5a18a8b528471ac0ae619a87a6421a9bc82fe614 (diff) | |
| download | openbsd-8091128d66e4d00c534d48931f3bf1315266f5a9.tar.gz openbsd-8091128d66e4d00c534d48931f3bf1315266f5a9.tar.bz2 openbsd-8091128d66e4d00c534d48931f3bf1315266f5a9.zip | |
Switch Linux getrandom() usage to non-blocking mode, continuing to
use fallback mechanims if unsuccessful.
The design of Linux getrandom is broken. It has an
uninitialized phase coupled with blocking behaviour, which
is unacceptable from within a library at boot time without
possible recovery.
ok deraadt@ jsing@
| -rw-r--r-- | src/lib/libcrypto/arc4random/getentropy_linux.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/lib/libcrypto/arc4random/getentropy_linux.c b/src/lib/libcrypto/arc4random/getentropy_linux.c index ac97658efe..a845239eb3 100644 --- a/src/lib/libcrypto/arc4random/getentropy_linux.c +++ b/src/lib/libcrypto/arc4random/getentropy_linux.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: getentropy_linux.c,v 1.43 2016/08/07 03:27:21 tb Exp $ */ | 1 | /* $OpenBSD: getentropy_linux.c,v 1.44 2017/04/29 18:43:31 beck Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> | 4 | * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> |
| @@ -96,13 +96,16 @@ getentropy(void *buf, size_t len) | |||
| 96 | 96 | ||
| 97 | #ifdef SYS_getrandom | 97 | #ifdef SYS_getrandom |
| 98 | /* | 98 | /* |
| 99 | * Try descriptor-less getrandom() | 99 | * Try descriptor-less getrandom(), in non-blocking mode. |
| 100 | * | ||
| 101 | * The design of Linux getrandom is broken. It has an | ||
| 102 | * uninitialized phase coupled with blocking behaviour, which | ||
| 103 | * is unacceptable from within a library at boot time without | ||
| 104 | * possible recovery. See http://bugs.python.org/issue26839#msg267745 | ||
| 100 | */ | 105 | */ |
| 101 | ret = getentropy_getrandom(buf, len); | 106 | ret = getentropy_getrandom(buf, len); |
| 102 | if (ret != -1) | 107 | if (ret != -1) |
| 103 | return (ret); | 108 | return (ret); |
| 104 | if (errno != ENOSYS) | ||
| 105 | return (-1); | ||
| 106 | #endif | 109 | #endif |
| 107 | 110 | ||
| 108 | /* | 111 | /* |
| @@ -156,7 +159,7 @@ getentropy(void *buf, size_t len) | |||
| 156 | * - Do the best under the circumstances.... | 159 | * - Do the best under the circumstances.... |
| 157 | * | 160 | * |
| 158 | * This code path exists to bring light to the issue that Linux | 161 | * This code path exists to bring light to the issue that Linux |
| 159 | * does not provide a failsafe API for entropy collection. | 162 | * still does not provide a failsafe API for entropy collection. |
| 160 | * | 163 | * |
| 161 | * We hope this demonstrates that Linux should either retain their | 164 | * We hope this demonstrates that Linux should either retain their |
| 162 | * sysctl ABI, or consider providing a new failsafe API which | 165 | * sysctl ABI, or consider providing a new failsafe API which |
| @@ -199,7 +202,7 @@ getentropy_getrandom(void *buf, size_t len) | |||
| 199 | if (len > 256) | 202 | if (len > 256) |
| 200 | return (-1); | 203 | return (-1); |
| 201 | do { | 204 | do { |
| 202 | ret = syscall(SYS_getrandom, buf, len, 0); | 205 | ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); |
| 203 | } while (ret == -1 && errno == EINTR); | 206 | } while (ret == -1 && errno == EINTR); |
| 204 | 207 | ||
| 205 | if (ret != len) | 208 | if (ret != len) |