The branch OpenSSL_1_1_1-stable has been updated via 7b18d1a53f932391bbc599a4717d6f98a597849c (commit) via 10cb54d75b401f034ead4e59fe1e2fba166085d3 (commit) from aa20a9b3e098f8ed95184a33ffbf2166039f2fd1 (commit)
- Log ----------------------------------------------------------------- commit 7b18d1a53f932391bbc599a4717d6f98a597849c Author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Date: Mon Sep 30 01:00:59 2019 +0200 Move random-related defines from e_os.h to rand_unix.c Fixes #10049 Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10050) (cherry picked from commit 01036e2afbe116d608be048ed15930fc885ab2a8) commit 10cb54d75b401f034ead4e59fe1e2fba166085d3 Author: Dr. Matthias St. Pierre <matthias.st.pie...@ncp-e.com> Date: Mon Sep 30 09:05:44 2019 +0200 rand_unix.c: correct include guard comments Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10050) (cherry picked from commit 2a7e6ed86be20bd472696a3eafe5d20ec9579dab) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++-- e_os.h | 45 --------------------------------------- 2 files changed, 54 insertions(+), 47 deletions(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index f88470d35f..c60a457d8c 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -19,6 +19,56 @@ #include "crypto/rand.h" #include <stdio.h> #include "internal/dso.h" + +/* + * Defines related to seed sources + */ +#ifndef DEVRANDOM +/* + * set this to a comma-separated list of 'random' device files to try out. By + * default, we will try to read at least one of these files + */ +# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" +# if defined(__linux) && !defined(__ANDROID__) +# ifndef DEVRANDOM_WAIT +# define DEVRANDOM_WAIT "/dev/random" +# endif +/* + * Linux kernels 4.8 and later changes how their random device works and there + * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2) + * should be used instead. + */ +# ifndef DEVRANDOM_SAFE_KERNEL +# define DEVRANDOM_SAFE_KERNEL 4, 8 +# endif +/* + * Some operating systems do not permit select(2) on their random devices, + * defining this to zero will force the use of read(2) to extract one byte + * from /dev/random. + */ +# ifndef DEVRANDM_WAIT_USE_SELECT +# define DEVRANDM_WAIT_USE_SELECT 1 +# endif +/* + * Define the shared memory identifier used to indicate if the operating + * system has properly seeded the DEVRANDOM source. + */ +# ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID +# define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114 +# endif + +# endif +#endif + +#if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) +/* + * set this to a comma-separated list of 'egd' sockets to try out. These + * sockets will be tried in the order listed in case accessing the device + * files listed in DEVRANDOM did not return enough randomness. + */ +# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" +#endif + #ifdef __linux # include <sys/syscall.h> # ifdef DEVRANDOM_WAIT @@ -80,7 +130,8 @@ static uint64_t get_timer_bits(void); # define OSSL_POSIX_TIMER_OKAY # endif # endif -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) + || defined(__DJGPP__) */ #if defined(OPENSSL_RAND_SEED_NONE) /* none means none. this simplifies the following logic */ @@ -860,4 +911,5 @@ static uint64_t get_timer_bits(void) # endif return time(NULL); } -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */ +#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS)) + || defined(__DJGPP__) */ diff --git a/e_os.h b/e_os.h index f607045e14..336c821c3b 100644 --- a/e_os.h +++ b/e_os.h @@ -22,51 +22,6 @@ * outside; this file e_os.h is not part of the exported interface. */ -# ifndef DEVRANDOM -/* - * set this to a comma-separated list of 'random' device files to try out. By - * default, we will try to read at least one of these files - */ -# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" -# if defined(__linux) && !defined(__ANDROID__) -# ifndef DEVRANDOM_WAIT -# define DEVRANDOM_WAIT "/dev/random" -# endif -/* - * Linux kernels 4.8 and later changes how their random device works and there - * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2) - * should be used instead. - */ -# ifndef DEVRANDOM_SAFE_KERNEL -# define DEVRANDOM_SAFE_KERNEL 4, 8 -# endif -/* - * Some operating systems do not permit select(2) on their random devices, - * defining this to zero will force the use of read(2) to extract one byte - * from /dev/random. - */ -# ifndef DEVRANDM_WAIT_USE_SELECT -# define DEVRANDM_WAIT_USE_SELECT 1 -# endif -/* - * Define the shared memory identifier used to indicate if the operating - * system has properly seeded the DEVRANDOM source. - */ -# ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID -# define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114 -# endif - -# endif -# endif -# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) -/* - * set this to a comma-separated list of 'egd' sockets to try out. These - * sockets will be tried in the order listed in case accessing the device - * files listed in DEVRANDOM did not return enough randomness. - */ -# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" -# endif - # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) # define NO_CHMOD # define NO_SYSLOG