Show an error before we abort the process for an entropy failure.

Change-Id: I8d8483d38de15dcde18141bb9cc9e79d585d24ad Reviewed-on: https://boringssl-review.googlesource.com/27045 Reviewed-by: Adam Langley <agl@google.com>
2018-04-05 10:26:39 -07:00 · 2018-04-05 10:26:39 -07:00 · 7d1f35985b
commit 7d1f35985b
parent 103ed08549
1 changed files with 24 additions and 3 deletions
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/fipsmodule/rand/urandom.c
@ -97,7 +97,6 @@ DEFINE_BSS_GET(int, urandom_fd);

 DEFINE_STATIC_ONCE(rand_once);

-#if defined(USE_NR_getrandom) || defined(BORINGSSL_FIPS)
 // message writes |msg| to stderr. We use this because referencing |stderr|
 // with |fprintf| generates relocations, which is a problem inside the FIPS
 // module.
@ -107,7 +106,6 @@ static void message(const char *msg) {
    r = write(2, msg, strlen(msg));
  } while (r == -1 && errno == EINTR);
 }
-#endif

 // init_once initializes the state of this module to values previously
 // requested. This is the only function that modifies |urandom_fd| and
@ -151,6 +149,9 @@ static void init_once(void) {
  }

  if (fd < 0) {
+    message("failed to open /dev/urandom: ");
+    message(strerror(errno));
+    message("\n");
    abort();
  }

@ -163,6 +164,9 @@ static void init_once(void) {
    close(kUnset);

    if (fd <= 0) {
+      message("failed to dup /dev/urandom fd: ");
+      message(strerror(errno));
+      message("\n");
      abort();
    }
  }
@ -194,11 +198,17 @@ static void init_once(void) {
  if (flags == -1) {
    // Native Client doesn't implement |fcntl|.
    if (errno != ENOSYS) {
+      message("failed to get flags from urandom fd: ");
+      message(strerror(errno));
+      message("\n");
      abort();
    }
  } else {
    flags |= FD_CLOEXEC;
    if (fcntl(fd, F_SETFD, flags) == -1) {
+      message("failed to set FD_CLOEXEC on urandom fd: ");
+      message(strerror(errno));
+      message("\n");
      abort();
    }
  }
@ -208,6 +218,9 @@ static void init_once(void) {
 void RAND_set_urandom_fd(int fd) {
  fd = dup(fd);
  if (fd < 0) {
+    message("failed to dup supplied urandom fd: ");
+    message(strerror(errno));
+    message("\n");
    abort();
  }

@ -220,6 +233,9 @@ void RAND_set_urandom_fd(int fd) {
    close(kUnset);

    if (fd <= 0) {
+      message("failed to dup supplied urandom fd: ");
+      message(strerror(errno));
+      message("\n");
      abort();
    }
  }
@ -232,7 +248,8 @@ void RAND_set_urandom_fd(int fd) {
  if (*urandom_fd_bss_get() == kHaveGetrandom) {
    close(fd);
  } else if (*urandom_fd_bss_get() != fd) {
-    abort();  // Already initialized.
+    message("RAND_set_urandom_fd called after initialisation.\n");
+    abort();
  }
 }

@ -261,6 +278,7 @@ static char fill_with_entropy(uint8_t *out, size_t len) {
 #endif  // OPENSSL_MSAN

 #else  // USE_NR_getrandom
+      message("urandom fd corrupt.\n");
      abort();
 #endif
    } else {
@ -288,6 +306,9 @@ void CRYPTO_sysrand(uint8_t *out, size_t requested) {
  CRYPTO_once(rand_once_bss_get(), init_once);

  if (!fill_with_entropy(out, requested)) {
+    message("entropy fill failed: ");
+    message(strerror(errno));
+    message("\n");
    abort();
  }