Commit graph

650 commits

Author SHA1 Message Date
Pauli
b4b42d441d Make rand_pool buffers more dynamic in their sizing.
The rand pool support allocates maximal sized buffers -- this is typically
12288 bytes in size.  These pools are allocated in secure memory which is a
scarse resource.  They are also allocated per DRBG of which there are up to two
per thread.

This change allocates 64 byte pools and grows them dynamically if required.
64 is chosen to be sufficiently large so that pools do not normally need to
grow.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9428)

(cherry picked from commit a6a66e4511)
2019-07-23 23:30:12 +10:00
Bernd Edlinger
e8d866dcb1 Allocate DRBG additional data pool from non-secure memory
The additional data allocates 12K per DRBG instance in the
secure memory, which is not necessary. Also nonces are not
considered secret.

[extended tests]

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9424)
2019-07-23 23:14:14 +10:00
Rebecca Cran
444ec8d5e7 Fix UEFI build on FreeBSD by not including system headers
CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9149)
2019-06-19 14:39:45 +02:00
Dr. Matthias St. Pierre
ad416c8058 Revert the DEVRANDOM_WAIT feature
The DEVRANDOM_WAIT feature added a select() call to wait for the
`/dev/random` device to become readable before reading from the
`/dev/urandom` device. It was introduced in commit 38023b87f0
in order to mitigate the fact that the `/dev/urandom` device
does not block until the initial seeding of the kernel CSPRNG
has completed, contrary to the behaviour of the `getrandom()`
system call.

It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.

Fixes #9078

This partially reverts commit 38023b87f0.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

(cherry picked from commit a08714e181)

(Merged from https://github.com/openssl/openssl/pull/9118)
2019-06-09 09:53:39 +02:00
Pauli
15d7e7997e Fix broken change from b3d113e.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8606)

(cherry picked from commit 711a161f03)
2019-05-30 11:47:59 +02:00
Richard Levitte
35fd99538a Update copyright year
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9034)
2019-05-28 14:49:38 +02:00
Richard Levitte
a88bafcdb7 Revert "crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT"
I turns out that this made crypto/rand/rand_win.c to never build with
BCrypt support unless the user sets _WIN32_WINNT.  That wasn't the
intent.

This reverts commit cc8926ec8f.

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8641)

(cherry picked from commit 705a27f7e0)
2019-04-02 14:50:33 +02:00
Dr. Matthias St. Pierre
5a87dd1d34 rand_win.c: loosen version requirements for BCryptGenRandom
BCryptGenRandom() is available for Windows Vista and newer versions, see
https://docs.microsoft.com/en-us/windows/desktop/api/bcrypt/nf-bcrypt-bcryptgenrandom

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8639)

(cherry picked from commit 2621e6405d)
2019-04-02 14:29:59 +02:00
Richard Levitte
7a3c4b374b crypto/rand/rand_win.c: include "e_os.h" to get the default _WIN32_WINNT
This helps decide if the BCrypt API should be used or not.

Fixes #8635

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8638)

(cherry picked from commit cc8926ec8f)
2019-04-02 11:30:43 +02:00
Soujyu Tanaka
fd1ab9af22 Circumvent a problem of lacking GetEnvironmentVariable() in WindowsCE.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8596)

(cherry picked from commit 3d098890b2)
2019-03-29 10:02:06 +00:00
Pauli
e3568508c3 Cosmetic rand/drbg changes.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/8554)

(cherry picked from commit b3d113ed29)
2019-03-22 16:23:05 +10:00
Dr. Matthias St. Pierre
b8caae27f1 VMS: only use the high precision on VMS v8.4 and up
Fixes #8487
Amends #7230

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8488)

(cherry picked from commit 355417eb46)
2019-03-15 08:46:29 +01:00
Bernd Edlinger
c352bd07ed Fix seeding from random device w/o getrandom syscall
Use select to wait for /dev/random in readable state,
but do not actually read anything from /dev/random,
use /dev/urandom first.

Use linux define __NR_getrandom instead of the
glibc define SYS_getrandom, in case the kernel headers
are more current than the glibc headers.

Fixes #8215

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/8251)

(cherry picked from commit 38023b87f0)
2019-03-01 18:29:56 +01:00
Matt Caswell
72a7a7021f Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8347)
2019-02-26 14:05:09 +00:00
Klotz, Tobias
b6d41ff733 Cleanup vxworks support to be able to compile for VxWorks 7
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7569)

(cherry picked from commit 5c8b7b4caa)
2019-01-24 17:58:27 +01:00
Bernd Edlinger
bdb8897691 Fix issues with do_rand_init/rand_cleanup_int
Fixes #7022

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7588)

(cherry picked from commit e2d227bb4a)
2018-11-09 13:37:38 +01:00
Dr. Matthias St. Pierre
abf58ed319 rand_unix.c: open random devices on first use only
Commit c7504aeb64 (pr #6432) fixed a regression for applications in
chroot environments, which compensated the fact that the new OpenSSL CSPRNG
(based on the NIST DRBG) now reseeds periodically, which the previous
one didn't. Now the reseeding could fail in the chroot environment if the
DEVRANDOM devices were not present anymore and no other entropy source
(e.g. getrandom()) was available.

The solution was to keep the file handles for the DEVRANDOM devices open
by default. In fact, the fix did more than this, it opened the DEVRANDOM
devices early and unconditionally in rand_pool_init(), which had the
unwanted side effect that the devices were opened (and kept open) even
in cases when they were not used at all, for example when the getrandom()
system call was available. Due  to a bug (issue #7419) this even happened
when the feature was disabled by the application.

This commit removes the unconditional opening of all DEVRANDOM devices.
They will now only be opened (and kept open) on first use. In particular,
if getrandom() is available, the handles will not be opened unnecessarily.

This change does not introduce a regression for applications compiled for
libcrypto 1.1.0, because the SSLEAY RNG also seeds on first use. So in the
above constellation the CSPRNG will only be properly seeded if it is happens
before the forking and chrooting.

Fixes #7419

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7437)

(cherry picked from commit 8cfc19716c)
2018-11-08 16:41:24 +01:00
Dr. Matthias St. Pierre
c39df745b0 Test: link drbgtest statically against libcrypto
and remove duplicate rand_drbg_seedlen() implementation again.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7462)

(cherry picked from commit 1c615e4ce9)
2018-11-08 16:32:30 +01:00
Pauli
f7258489d8 Add missing RAND initialisation call.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7587)

(cherry picked from commit ac765685d4)
2018-11-08 08:13:16 +10:00
Bernd Edlinger
294941aebb Rename the rand_drbg_st data member "pool" to "seed_pool"
... to make the intended use more clear and differentiate
it from the data member "adin_pool".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7575)

(cherry picked from commit 31f32abb8e)
2018-11-07 15:23:39 +01:00
Bernd Edlinger
9bc987f008 Initialize reseed_gen_counter to 1, like it is done in master
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7532)
2018-11-07 15:16:19 +01:00
Bernd Edlinger
939ef2ea11 Avoid two memory allocations in each RAND_DRBG_bytes
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7518)
2018-11-05 22:52:24 +01:00
Bernd Edlinger
c40c1ef4f3 Fix error handling in RAND_DRBG_uninstantiate
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7519)
2018-11-05 22:46:21 +01:00
Bernd Edlinger
ee5a79104c Fix error handling in rand_drbg_new
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7519)
2018-11-05 22:46:20 +01:00
Bernd Edlinger
f98a893ed4 Fix error handling in RAND_DRBG_set
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7519)
2018-11-05 22:46:20 +01:00
Bernd Edlinger
faca6bfac3 Fix a race condition in drbg_add
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7523)

(cherry picked from commit 4011bab1f8)
2018-10-30 23:28:12 +01:00
Bernd Edlinger
6101850baf Rework and simplify resource flow in drbg_add
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7504)

(cherry picked from commit f9e43929c4)
2018-10-29 12:31:21 +01:00
Dr. Matthias St. Pierre
c7a7ed3870 randfile.c: fix a Coverity warning
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7510)

(cherry picked from commit 040a03470c)
2018-10-28 23:39:13 +01:00
Dr. Matthias St. Pierre
d2953e5e7d drbg_lib: avoid NULL pointer dereference in drbg_add
Found by Coverity Scan

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7511)

(cherry picked from commit 59f90557dd)
2018-10-28 19:21:12 +01:00
Bernd Edlinger
1f98527659 Fix data race in RAND_DRBG_generate
Fixes #7394

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7399)

(cherry picked from commit a83dc59afa)
2018-10-27 13:04:55 +02:00
Dr. Matthias St. Pierre
d597a9a877 RAND_add()/RAND_seed(): fix failure on short input or low entropy
Commit 5b4cb385c1 (#7382) introduced a bug which had the effect
that RAND_add()/RAND_seed() failed for buffer sizes less than
32 bytes. The reason was that now the added random data was used
exlusively as entropy source for reseeding. When the random input
was too short or contained not enough entropy, the DRBG failed
without querying the available entropy sources.

This commit makes drbg_add() act smarter: it checks the entropy
requirements explicitely. If the random input fails this check,
it won't be added as entropy input, but only as additional data.
More precisely, the behaviour depends on whether an os entropy
source was configured (which is the default on most os):

- If an os entropy source is avaible then we declare the buffer
  content as additional data by setting randomness to zero and
  trigger a regular   reseeding.

- If no os entropy source is available, a reseeding will fail
  inevitably. So drbg_add() uses a trick to mix the buffer contents
  into the DRBG state without forcing a reseeding: it generates a
  dummy random byte, using the buffer content as additional data.

Related-to: #7449

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7456)

(cherry picked from commit 8817215d5c)
2018-10-27 13:03:35 +02:00
Dr. Matthias St. Pierre
35a34508ef Backport some DRBG renamings and typo fixes
In commit 8bf3665196 some renamings andd typo fixes were made
while adding back the DRBG-HMAC and DRBG-HASH implementation.
Since the commit could not be backported, a lot of unnecessary
differences between master and 1.1.1 were introduced.

These differences result in tiresome merge conflicts when
cherry-picking. To minimize these merge-conflicts, this patch
ports all 'non-feature' changes of commit 8bf3665196
(e.g., renamings of private variables, fixes of typographical
errors, comment changes) manually back to 1.1.1.

The commits a83dc59afa (#7399) and 8817215d5c (#7456)
failed to cherry-pick previously to 1.1.1, with this patch
they both cherry-pick without conflicts.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7505)
2018-10-26 23:04:23 +02:00
Bernd Edlinger
f3f7f1a826 Fix a possible crash in rand_drbg_get_entropy
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7474)

(cherry picked from commit 21311777ad)
2018-10-26 15:26:21 +02:00
Dr. Matthias St. Pierre
1d0671b81f RAND_load_file(): avoid adding small chunks to RAND_add()
Increase the load buffer size such that it exceeds the chunk
size by a comfortable amount. This is done to avoid calling
RAND_add() with a small final chunk. Instead, such a small
final chunk will be added together with the previous chunk
(unless it's the only one).

Related-to: #7449

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7456)
2018-10-26 08:50:26 +02:00
Dr. Matthias St. Pierre
13ce86259e RAND_load_file(): return error if reseeding failed
The failure of RAND_load_file was only noticed because of the
heap corruption which was reported in #7499 and fixed in commit
5b4cb385c1. To prevent this in the future, RAND_load_file()
now explicitly checks RAND_status() and reports an error if it
fails.

Related-to: #7449

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7456)
2018-10-26 08:50:26 +02:00
Richard Levitte
28361a0b82 RAND: ensure INT32_MAX is defined
This value is used to set DRBG_MAX_LENGTH

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7467)

(cherry picked from commit f81b043ad8)
2018-10-23 10:56:59 +02:00
Dr. Matthias St. Pierre
ece482ff3a RAND_add(): fix heap corruption in error path
This bug was introduced by #7382 which enhanced RAND_add() to
accept large buffer sizes. As a consequence, RAND_add() now fails
for buffer sizes less than 32 bytes (i.e. less than 256 bits).
In addition, rand_drbg_get_entropy() forgets to reset the attached
drbg->pool in the case of an error, which leads to the heap corruption.

The problem occurred with RAND_load_file(), which reads the file in
chunks of 1024 bytes each. If the size of the final chunk is less than
32 bytes, then RAND_add() fails, whence RAND_load_file() fails
silently for buffer sizes n = k * 1024 + r with r = 1,...,31.

This commit fixes the heap corruption only. The other issues will
be addressed in a separate pull request.

Thanks to Gisle Vanem for reporting this issue.

Fixes #7449

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7455)

(cherry picked from commit 5b4cb385c1)
2018-10-22 14:57:04 +02:00
Dr. Matthias St. Pierre
dbf0a49625 DRBG: fix reseeding via RAND_add()/RAND_seed() with large input
In pull request #4328 the seeding of the DRBG via RAND_add()/RAND_seed()
was implemented by buffering the data in a random pool where it is
picked up later by the rand_drbg_get_entropy() callback. This buffer
was limited to the size of 4096 bytes.

When a larger input was added via RAND_add() or RAND_seed() to the DRBG,
the reseeding failed, but the error returned by the DRBG was ignored
by the two calling functions, which both don't return an error code.
As a consequence, the data provided by the application was effectively
ignored.

This commit fixes the problem by a more efficient implementation which
does not copy the data in memory and by raising the buffer the size limit
to INT32_MAX (2 gigabytes). This is less than the NIST limit of 2^35 bits
but it was chosen intentionally to avoid platform dependent problems
like integer sizes and/or signed/unsigned conversion.

Additionally, the DRBG is now less permissive on errors: In addition to
pushing a message to the openssl error stack, it enters the error state,
which forces a reinstantiation on next call.

Thanks go to Dr. Falko Strenzke for reporting this issue to the
openssl-security mailing list. After internal discussion the issue
has been categorized as not being security relevant, because the DRBG
reseeds automatically and is fully functional even without additional
randomness provided by the application.

Fixes #7381

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7382)

(cherry picked from commit 3064b55134)
2018-10-16 22:32:42 +02:00
FdaSilvaYY
7f0e220f4d crypto/rand: fix some style nit's
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7378)

(cherry picked from commit c2e33a05b1)
2018-10-10 14:02:45 +02:00
Dr. Matthias St. Pierre
b99f047f3f rand_unix.c: fix --with-rand-seed=none build
Fixes a compiler warning about an unused syscall_random()
and cleans up the OPENSSL_RAND_SEED preprocessor logic.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/779)

(cherry picked from commit d90e128be6)
2018-10-10 12:40:52 +02:00
Pauli
79c2c74130 Use secure_getenv(3) when available.
Change all calls to getenv() inside libcrypto to use a new wrapper function
that use secure_getenv() if available and an issetugid then getenv if not.

CPU processor override flags are unchanged.

Extra checks for OPENSSL_issetugid() have been removed in favour of the
safe getenv.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7047)

(cherry picked from commit 5c39a55d04)
2018-09-24 11:22:22 +10:00
Richard Levitte
d6d6aa3521 VMS: only use the high precision on VMS v8.4 and up
It simply isn't available on older versions.

Issue submitted by Mark Daniels

Fixes #7229

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7230)
2018-09-15 14:59:06 +02:00
Dr. Matthias St. Pierre
b262a00229 Replace the public RAND_DRBG_USED_FLAGS #define by an internal constant
The new DRBG API added the aforementioned #define. However, it is
used internally only and having it defined publicly does not serve
any purpose except causing potential version compatibility problems.

Fixes #7182

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7190)

(cherry picked from commit c402e943cd)
2018-09-12 23:48:18 +02:00
Dr. Matthias St. Pierre
bc420ebea2 rand_lib.c: Don't open random devices while cleaning up.
Fixes #7022

In pull request #6432 a change was made to keep the handles to the
random devices opened in order to avoid reseeding problems for
applications in chroot environments.

As a consequence, the handles of the random devices were leaked at exit
if the random generator was not used by the application. This happened,
because the call to RAND_set_rand_method(NULL) in rand_cleanup_int()
triggered a call to the call_once function do_rand_init, which opened
the random devices via rand_pool_init().

Thanks to GitHub user @bwelling for reporting this issue.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7023)
2018-08-22 10:53:49 +02:00
Dr. Matthias St. Pierre
cca9962178 rand_unix.c: don't discard entropy bytes from /dev/*random
Don't discard partial reads from /dev/*random and retry instead.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6990)
2018-08-19 12:44:05 +02:00
Dr. Matthias St. Pierre
630ce41e83 rand_unix.c: don't discard entropy bytes from syscall_random()
Fixes #6978

Don't discard partial reads from syscall_random() and retry instead.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6990)
2018-08-19 12:44:05 +02:00
Dr. Matthias St. Pierre
9b5f1c8fd8 rand_unix.c: assimilate syscall_random() with getrandom(2)
Change return value type to ssize_t and ensure that a negative value
is returned only if a corresponding errno is set.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6990)
2018-08-19 12:44:05 +02:00
Shane Lontis
7c226dfc43 Fixed issue where DRBG_CTR fails if NO_DF is used - when entropy is called
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6778)
2018-07-26 06:58:44 +10:00
Andy Polyakov
a0e53000a8 rand/rand_unix.c: address macro redifinition warning.
Occasionally, e.g. when compiling for elderly glibc, you end up passing
-D_GNU_SOURCE on command line, and doing so triggered warning...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6616)
2018-07-01 12:05:54 +02:00
Pauli
c7504aeb64 Modify the DEVRANDOM source so that the files are kept open persistently.
This allows operation inside a chroot environment without having the
random device present.

A new call, RAND_keep_random_devices_open(), has been introduced that can
be used to control file descriptor use by the random seed sources. Some
seed sources maintain open file descriptors by default, which allows
such sources to operate in a chroot(2) jail without the associated device
nodes being available.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/6432)
2018-06-27 07:15:36 +10:00