Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752649281, "reponame":"openssl", "desc":"OpenSSL", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://warmcat.com/repo/openssl", "f":3, "items": [ {"schema":"libjg2-1", "cid":"f1ab1bef608986b7d178fb2b9076f62a", "commit": {"type":"commit", "time": 1524420962, "time_ofs": 120, "oid_tree": { "oid": "2919b8e7d2c9f337ade699d4030b0f140c7db2ba", "alias": []}, "oid":{ "oid": "148796291e47ad402ddfd1bbe6f34a2652657ec2", "alias": []}, "msg": "Add support for getrandom() or equivalent system calls and use them by default", "sig_commit": { "git_time": { "time": 1524420962, "offset": 120 }, "name": "Kurt Roeckx", "email": "kurt@roeckx.be", "md5": "07d47d7a232d566ec15a49b65d5dd9c1" }, "sig_author": { "git_time": { "time": 1523211625, "offset": 120 }, "name": "Kurt Roeckx", "email": "kurt@roeckx.be", "md5": "07d47d7a232d566ec15a49b65d5dd9c1" }}, "body": "Add support for getrandom() or equivalent system calls and use them by default\n\nReviewed-by: Dr. Matthias St. Pierre \u003cMatthias.St.Pierre@ncp-e.com\u003e\nGH: #5910\n" , "diff": "diff --git a/INSTALL b/INSTALL\nindex c0163a9..a0ebef9 100644\n--- a/INSTALL\n+++ b/INSTALL\n@@ -224,7 +224,8 @@\n os: Use a trusted operating system entropy source.\n This is the default method if such an entropy\n source exists.\n- getrandom: Use the L\u003cgetrandom(2)\u003e system call if available.\n+ getrandom: Use the L\u003cgetrandom(2)\u003e or equivalent system\n+ call.\n devrandom: Use the the first device from the DEVRANDOM list\n which can be opened to read random bytes. The\n DEVRANDOM preprocessor constant expands to\ndiff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c\nindex beb35a3..f6fef9a 100644\n--- a/crypto/rand/rand_unix.c\n+++ b/crypto/rand/rand_unix.c\n@@ -7,6 +7,7 @@\n * https://www.openssl.org/source/license.html\n */\n \n+#define _GNU_SOURCE\n #include \u0022e_os.h\u0022\n #include \u003cstdio.h\u003e\n #include \u0022internal/cryptlib.h\u0022\n@@ -14,6 +15,17 @@\n #include \u0022rand_lcl.h\u0022\n #include \u0022internal/rand_int.h\u0022\n #include \u003cstdio.h\u003e\n+#if defined(__linux)\n+# include \u003csys/syscall.h\u003e\n+#endif\n+#if defined(__FreeBSD__)\n+# include \u003csys/types.h\u003e\n+# include \u003csys/sysctl.h\u003e\n+# include \u003csys/param.h\u003e\n+#endif\n+#if defined(__OpenBSD__)\n+# include \u003csys/param.h\u003e\n+#endif\n #ifdef OPENSSL_SYS_UNIX\n # include \u003csys/types.h\u003e\n # include \u003cunistd.h\u003e\n@@ -59,6 +71,8 @@ static uint64_t get_timer_bits(void);\n # endif\n #endif\n \n+int syscall_random(void *buf, size_t buflen);\n+\n #if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) \u0026\u0026 \u005c\n !defined(OPENSSL_RAND_SEED_NONE)\n # error \u0022UEFI and VXWorks only support seeding NONE\u0022\n@@ -149,26 +163,93 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)\n # error \u0022Seeding uses urandom but DEVRANDOM is not configured\u0022\n # endif\n \n+# if defined(__GLIBC__) \u0026\u0026 defined(__GLIBC_PREREQ)\n+# if __GLIBC_PREREQ(2, 25)\n+# define OPENSSL_HAVE_GETRANDOM\n+# endif\n+# endif\n+\n+# if (defined(__FreeBSD__) \u0026\u0026 __FreeBSD_version \u003e\u003d 1200061)\n+# define OPENSSL_HAVE_GETRANDOM\n+# endif\n+\n+# if defined(OPENSSL_HAVE_GETRANDOM)\n+# include \u003csys/random.h\u003e\n+# endif\n+\n # if defined(OPENSSL_RAND_SEED_OS)\n # if !defined(DEVRANDOM)\n # error \u0022OS seeding requires DEVRANDOM to be configured\u0022\n # endif\n+# define OPENSSL_RAND_SEED_GETRANDOM\n # define OPENSSL_RAND_SEED_DEVRANDOM\n-# if defined(__GLIBC__) \u0026\u0026 defined(__GLIBC_PREREQ)\n-# if __GLIBC_PREREQ(2, 25)\n-# define OPENSSL_RAND_SEED_GETRANDOM\n-# endif\n-# endif\n-# endif\n-\n-# ifdef OPENSSL_RAND_SEED_GETRANDOM\n-# include \u003csys/random.h\u003e\n # endif\n \n # if defined(OPENSSL_RAND_SEED_LIBRANDOM)\n # error \u0022librandom not (yet) supported\u0022\n # endif\n \n+# if defined(__FreeBSD__) \u0026\u0026 defined(KERN_ARND)\n+/*\n+ * sysctl_random(): Use sysctl() to read a random number from the kernel\n+ * Returns the size on success, 0 on failure.\n+ */\n+static size_t sysctl_random(char *buf, size_t buflen)\n+{\n+ int mib[2];\n+ size_t done \u003d 0;\n+ size_t len;\n+\n+ /*\n+ * Old implementations returned longs, newer versions support variable\n+ * sizes up to 256 byte. The code below would not work properly when\n+ * the sysctl returns long and we want to request something not a multiple\n+ * of longs, which should never be the case.\n+ */\n+ ossl_assert(buflen % sizeof(long) \u003d\u003d 0);\n+\n+ mib[0] \u003d CTL_KERN;\n+ mib[1] \u003d KERN_ARND;\n+\n+ do {\n+ len \u003d buflen;\n+ if (sysctl(mib, 2, buf, \u0026len, NULL, 0) \u003d\u003d -1)\n+ return done;\n+ done +\u003d len;\n+ buf +\u003d len;\n+ buflen -\u003d len;\n+ } while (buflen \u003e 0);\n+\n+ return done;\n+}\n+# endif\n+\n+/*\n+ * syscall_random(): Try to get random data using a system call\n+ * returns the number of bytes returned in buf, or \u003c\u003d 0 on error.\n+ */\n+int syscall_random(void *buf, size_t buflen)\n+{\n+# if defined(OPENSSL_HAVE_GETRANDOM)\n+ return (int)getrandom(buf, buflen, 0);\n+# endif\n+\n+# if defined(__linux) \u0026\u0026 defined(SYS_getrandom)\n+ return (int)syscall(SYS_getrandom, buf, buflen, 0);\n+# endif\n+\n+# if defined(__FreeBSD__) \u0026\u0026 defined(KERN_ARND)\n+ return (int)sysctl_random(buf, buflen);\n+# endif\n+\n+ /* Supported since OpenBSD 5.6 */\n+# if defined(__OpenBSD__) \u0026\u0026 OpenBSD \u003e\u003d 201411\n+ return getentropy(buf, buflen);\n+# endif\n+\n+ return -1;\n+}\n+\n /*\n * Try the various seeding methods in turn, exit when successful.\n *\n@@ -201,7 +282,7 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool)\n if (buffer !\u003d NULL) {\n size_t bytes \u003d 0;\n \n- if (getrandom(buffer, bytes_needed, 0) \u003d\u003d (int)bytes_needed)\n+ if (syscall_random(buffer, bytes_needed) \u003d\u003d (int)bytes_needed)\n bytes \u003d bytes_needed;\n \n rand_pool_add_end(pool, bytes, 8 * bytes);\n","s":{"c":1752649281,"u": 36818}} ],"g": 37703,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}