Original text:
Check if a random "file" is really a device file, and treat it
specially if it is.
Add a few OpenBSD-specific cases.
This is part of a large change submitted by Markus Friedl <markus@openbsd.or
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)
-# elif defined __OpenBSD__
-int RAND_poll(void)
-{
- u_int32_t rnd = 0, i;
- unsigned char buf[ENTROPY_NEEDED];
-
- for (i = 0; i < sizeof(buf); i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- buf[i] = rnd;
- rnd >>= 8;
- }
- RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
- OPENSSL_cleanse(buf, sizeof(buf));
-
- return 1;
-}
-# else /* !defined(__OpenBSD__) */
int RAND_poll(void)
{
unsigned long l;
int RAND_poll(void)
{
unsigned long l;
goto err;
RAND_add(&sb, sizeof(sb), 0.0);
goto err;
RAND_add(&sb, sizeof(sb), 0.0);
-# if defined(S_ISBLK) && defined(S_ISCHR)
- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
- /*
- * this file is a device. we don't want read an infinite number of
- * bytes from a random device, nor do we want to use buffered I/O
- * because we will waste system entropy.
- */
- bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
- setbuf(in, NULL); /* don't do buffered reads */
- }
-# endif
#endif
for (;;) {
if (bytes > 0)
#endif
for (;;) {
if (bytes > 0)
FILE *out = NULL;
int n;
#ifndef OPENSSL_NO_POSIX_IO
FILE *out = NULL;
int n;
#ifndef OPENSSL_NO_POSIX_IO
# if defined(S_ISBLK) && defined(S_ISCHR)
# ifdef _WIN32
# if defined(S_ISBLK) && defined(S_ISCHR)
# ifdef _WIN32
* because driver paths are always ASCII.
*/
# endif
* because driver paths are always ASCII.
*/
# endif
- i = stat(file, &sb);
- if (i != -1) {
- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
- /*
- * this file is a device. we don't write back to it. we
- * "succeed" on the assumption this is some sort of random
- * device. Otherwise attempting to write to and chmod the device
- * causes problems.
- */
- return 1;
- }
- }
{
char *s = NULL;
int use_randfile = 1;
{
char *s = NULL;
int use_randfile = 1;
-#ifdef __OpenBSD__
- struct stat sb;
-#endif
#if defined(_WIN32) && defined(CP_UTF8)
DWORD len;
#if defined(_WIN32) && defined(CP_UTF8)
DWORD len;
buf[0] = '\0'; /* no file name */
}
buf[0] = '\0'; /* no file name */
}
-#ifdef __OpenBSD__
- /*
- * given that all random loads just fail if the file can't be seen on a
- * stat, we stat the file we're returning, if it fails, use /dev/arandom
- * instead. this allows the user to use their own source for good random
- * data, but defaults to something hopefully decent if that isn't
- * available.
- */
-
- if (!buf[0] || stat(buf, &sb) == -1)
- if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
- return NULL;
- }
-#endif
return buf[0] ? buf : NULL;
}
return buf[0] ? buf : NULL;
}
projects / openssl.git / commitdiff