From 38023b87f037f4b832c236dfce2a76272be08763 Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Fri, 15 Feb 2019 00:03:50 +0100 Subject: Fix seeding from random device w/o getrandom syscall Use select to wait for /dev/random in readable state, but do not actually read anything from /dev/random, use /dev/urandom first. Use linux define __NR_getrandom instead of the glibc define SYS_getrandom, in case the kernel headers are more current than the glibc headers. Fixes #8215 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/8251) --- e_os.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'e_os.h') diff --git a/e_os.h b/e_os.h index 9c0888e436..472354e094 100644 --- a/e_os.h +++ b/e_os.h @@ -27,11 +27,8 @@ * set this to a comma-separated list of 'random' device files to try out. By * default, we will try to read at least one of these files */ -# if defined(__s390__) -# define DEVRANDOM "/dev/prandom","/dev/urandom","/dev/hwrng","/dev/random" -# else -# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" -# endif +# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" +# define DEVRANDOM_WAIT "/dev/random" # endif # if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) /* @@ -39,7 +36,7 @@ * sockets will be tried in the order listed in case accessing the device * files listed in DEVRANDOM did not return enough randomness. */ -# define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy" +# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" # endif # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) -- cgit v1.2.3