Revert "crypto/rand: Fix a crash bug in RAND_enable_fork_unsafe_buffering." and "Enable getrandom for entropy gathering." This reverts commits 36ca21415a0ef94f304ba174700e53d48aaa58ab and 7b668a873eca79116a429e3f3e4dc51107b968a3. We believe that we need to update ASAN to be aware of getrandom before we can use it. Otherwise it believes that the memory with the entropy from this syscall is uninitialised. Change-Id: I1ea1c4d3038b3b2cd080be23d7d8b60fc0c83df2 Reviewed-on: https://boringssl-review.googlesource.com/12901 Reviewed-by: Adam Langley <alangley@gmail.com> Commit-Queue: Adam Langley <alangley@gmail.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/rand/urandom.c b/crypto/rand/urandom.c index 14d2e8a..2572625 100644 --- a/crypto/rand/urandom.c +++ b/crypto/rand/urandom.c
@@ -21,7 +21,6 @@ #include <assert.h> #include <errno.h> #include <fcntl.h> -#include <stdio.h> #include <string.h> #include <unistd.h> @@ -88,16 +87,12 @@ /* requested_lock is used to protect the |*_requested| variables. */ static struct CRYPTO_STATIC_MUTEX requested_lock = CRYPTO_STATIC_MUTEX_INIT; -/* The following constants are magic values of |urandom_fd|. */ -static const int kUnset = -2; -static const int kHaveGetrandom = -3; - -/* urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by +/* urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by * |requested_lock|. */ -static int urandom_fd_requested = -2 /* kUnset */; +static int urandom_fd_requested = -2; /* urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. */ -static int urandom_fd = -2 /* kUnset */; +static int urandom_fd = -2; /* urandom_buffering_requested is set by |RAND_enable_fork_unsafe_buffering|. * It's protected by |requested_lock|. */ @@ -120,31 +115,12 @@ CRYPTO_STATIC_MUTEX_unlock_read(&requested_lock); #if defined(USE_SYS_getrandom) + /* Initial test of getrandom to find any unexpected behavior. */ uint8_t dummy; - long getrandom_ret = - syscall(SYS_getrandom, &dummy, sizeof(dummy), GRND_NONBLOCK); + syscall(SYS_getrandom, &dummy, sizeof(dummy), GRND_NONBLOCK); +#endif - if (getrandom_ret == 1) { - urandom_fd = kHaveGetrandom; - return; - } else if (getrandom_ret == -1 && errno == EAGAIN) { - fprintf(stderr, - "getrandom indicates that the entropy pool has not been " - "initialized. Rather than continue with poor entropy, this process " - "will block until entropy is available.\n"); - do { - getrandom_ret = - syscall(SYS_getrandom, &dummy, sizeof(dummy), 0 /* no flags */); - } while (getrandom_ret == -1 && errno == EINTR); - - if (getrandom_ret == 1) { - urandom_fd = kHaveGetrandom; - return; - } - } -#endif /* USE_SYS_getrandom */ - - if (fd == kUnset) { + if (fd == -2) { do { fd = open("/dev/urandom", O_RDONLY); } while (fd == -1 && errno == EINTR); @@ -180,9 +156,7 @@ CRYPTO_STATIC_MUTEX_unlock_write(&requested_lock); CRYPTO_once(&once, init_once); - if (urandom_fd == kHaveGetrandom) { - close(fd); - } else if (urandom_fd != fd) { + if (urandom_fd != fd) { abort(); // Already initialized. } } @@ -194,7 +168,7 @@ abort(); } } else { - fd = kUnset; + fd = -2; } CRYPTO_STATIC_MUTEX_lock_write(&requested_lock); @@ -203,16 +177,8 @@ CRYPTO_STATIC_MUTEX_unlock_write(&requested_lock); CRYPTO_once(&once, init_once); - if (urandom_buffering != 1) { - abort(); // Already initialized - } - - if (fd >= 0) { - if (urandom_fd == kHaveGetrandom) { - close(fd); - } else if (urandom_fd != fd) { - abort(); // Already initialized. - } + if (urandom_buffering != 1 || (fd >= 0 && urandom_fd != fd)) { + abort(); // Already initialized. } } @@ -243,19 +209,9 @@ ssize_t r; while (len > 0) { - if (urandom_fd == kHaveGetrandom) { -#if defined(USE_SYS_getrandom) - do { - r = syscall(SYS_getrandom, out, len, 0 /* no flags */); - } while (r == -1 && errno == EINTR); -#else - abort(); -#endif - } else { - do { - r = read(urandom_fd, out, len); - } while (r == -1 && errno == EINTR); - } + do { + r = read(urandom_fd, out, len); + } while (r == -1 && errno == EINTR); if (r <= 0) { return 0;