diff options
| author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-02-15 00:03:50 +0100 |
|---|---|---|
| committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-03-01 18:28:11 +0100 |
| commit | 38023b87f037f4b832c236dfce2a76272be08763 (patch) | |
| tree | e661710e8dfc8b7ff5b1cef8861216737dce6762 /e_os.h | |
| parent | ed86f884ba10c93a0beb53492c5db463e31a6884 (diff) | |
| download | openssl-new-38023b87f037f4b832c236dfce2a76272be08763.tar.gz | |
Fix seeding from random device w/o getrandom syscall
Use select to wait for /dev/random in readable state,
but do not actually read anything from /dev/random,
use /dev/urandom first.
Use linux define __NR_getrandom instead of the
glibc define SYS_getrandom, in case the kernel headers
are more current than the glibc headers.
Fixes #8215
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8251)
Diffstat (limited to 'e_os.h')
| -rw-r--r-- | e_os.h | 9 |
1 files changed, 3 insertions, 6 deletions
@@ -27,11 +27,8 @@ * set this to a comma-separated list of 'random' device files to try out. By * default, we will try to read at least one of these files */ -# if defined(__s390__) -# define DEVRANDOM "/dev/prandom","/dev/urandom","/dev/hwrng","/dev/random" -# else -# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" -# endif +# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" +# define DEVRANDOM_WAIT "/dev/random" # endif # if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) /* @@ -39,7 +36,7 @@ * sockets will be tried in the order listed in case accessing the device * files listed in DEVRANDOM did not return enough randomness. */ -# define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" +# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" # endif # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) |