kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Show an error before we abort the process for an entropy failure.

Browse Source 
Change-Id: I8d8483d38de15dcde18141bb9cc9e79d585d24ad
Reviewed-on: https://boringssl-review.googlesource.com/27045
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
Adam Langley 2018-04-05 10:26:39 -07:00
parent 103ed08549
commit 7d1f35985b
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
crypto/fipsmodule/rand/urandom.c
View File

@ -97,7 +97,6 @@ DEFINE_BSS_GET(int, urandom_fd);
DEFINE_STATIC_ONCE(rand_once); DEFINE_STATIC_ONCE(rand_once);
#if defined(USE_NR_getrandom) || defined(BORINGSSL_FIPS)
// message writes |msg| to stderr. We use this because referencing |stderr| // message writes |msg| to stderr. We use this because referencing |stderr|
// with |fprintf| generates relocations, which is a problem inside the FIPS // with |fprintf| generates relocations, which is a problem inside the FIPS
// module. // module.
@ -107,7 +106,6 @@ static void message(const char *msg) {
r = write(2, msg, strlen(msg)); r = write(2, msg, strlen(msg));
} while (r == -1 && errno == EINTR); } while (r == -1 && errno == EINTR);
} }
#endif
// init_once initializes the state of this module to values previously // init_once initializes the state of this module to values previously
// requested. This is the only function that modifies |urandom_fd| and // requested. This is the only function that modifies |urandom_fd| and
@ -151,6 +149,9 @@ static void init_once(void) {
} }
if (fd < 0) { if (fd < 0) {
message("failed to open /dev/urandom: ");
message(strerror(errno));
message("\n");
abort(); abort();
} }
@ -163,6 +164,9 @@ static void init_once(void) {
close(kUnset); close(kUnset);
if (fd <= 0) { if (fd <= 0) {
message("failed to dup /dev/urandom fd: ");
message(strerror(errno));
message("\n");
abort(); abort();
} }
} }
@ -194,11 +198,17 @@ static void init_once(void) {
if (flags == -1) { if (flags == -1) {
// Native Client doesn't implement |fcntl|. // Native Client doesn't implement |fcntl|.
if (errno != ENOSYS) { if (errno != ENOSYS) {
message("failed to get flags from urandom fd: ");
message(strerror(errno));
message("\n");
abort(); abort();
} }
} else { } else {
flags |= FD_CLOEXEC; flags |= FD_CLOEXEC;
if (fcntl(fd, F_SETFD, flags) == -1) { if (fcntl(fd, F_SETFD, flags) == -1) {
message("failed to set FD_CLOEXEC on urandom fd: ");
message(strerror(errno));
message("\n");
abort(); abort();
} }
} }
@ -208,6 +218,9 @@ static void init_once(void) {
void RAND_set_urandom_fd(int fd) { void RAND_set_urandom_fd(int fd) {
fd = dup(fd); fd = dup(fd);
if (fd < 0) { if (fd < 0) {
message("failed to dup supplied urandom fd: ");
message(strerror(errno));
message("\n");
abort(); abort();
} }
@ -220,6 +233,9 @@ void RAND_set_urandom_fd(int fd) {
close(kUnset); close(kUnset);
if (fd <= 0) { if (fd <= 0) {
message("failed to dup supplied urandom fd: ");
message(strerror(errno));
message("\n");
abort(); abort();
} }
} }
@ -232,7 +248,8 @@ void RAND_set_urandom_fd(int fd) {
if (*urandom_fd_bss_get() == kHaveGetrandom) { if (*urandom_fd_bss_get() == kHaveGetrandom) {
close(fd); close(fd);
} else if (*urandom_fd_bss_get() != fd) { } else if (*urandom_fd_bss_get() != fd) {
abort(); // Already initialized. message("RAND_set_urandom_fd called after initialisation.\n");
abort();
} }
} }
@ -261,6 +278,7 @@ static char fill_with_entropy(uint8_t *out, size_t len) {
#endif // OPENSSL_MSAN #endif // OPENSSL_MSAN
#else // USE_NR_getrandom #else // USE_NR_getrandom
message("urandom fd corrupt.\n");
abort(); abort();
#endif #endif
} else { } else {
@ -288,6 +306,9 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
CRYPTO_once(rand_once_bss_get(), init_once); CRYPTO_once(rand_once_bss_get(), init_once);
if (!fill_with_entropy(out, requested)) { if (!fill_with_entropy(out, requested)) {
message("entropy fill failed: ");
message(strerror(errno));
message("\n");
abort(); abort();
} }