commit 7d1f35985b6ca55233bfe2f44b03df020772bfc0
author Adam Langley <agl@google.com> Thu Apr 05 10:26:39 2018 -0700
committer Adam Langley <agl@google.com> Fri May 11 22:30:24 2018 +0000
tree a8628e3253400296db69b4d8ca4a4b326ce8de9b
parent 103ed08549a74af9f03363c633028faf9a475066

Show an error before we abort the process for an entropy failure.

Change-Id: I8d8483d38de15dcde18141bb9cc9e79d585d24ad
Reviewed-on: https://boringssl-review.googlesource.com/27045
Reviewed-by: Adam Langley <agl@google.com>

crypto/fipsmodule/rand/urandom.c

diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c
index d2be719..9eca93d 100644
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/fipsmodule/rand/urandom.c
@@ -97,7 +97,6 @@
 
 DEFINE_STATIC_ONCE(rand_once);
 
-#if defined(USE_NR_getrandom) || defined(BORINGSSL_FIPS)
 // message writes |msg| to stderr. We use this because referencing |stderr|
 // with |fprintf| generates relocations, which is a problem inside the FIPS
 // module.
@@ -107,7 +106,6 @@
     r = write(2, msg, strlen(msg));
   } while (r == -1 && errno == EINTR);
 }
-#endif
 
 // init_once initializes the state of this module to values previously
 // requested. This is the only function that modifies |urandom_fd| and
@@ -151,6 +149,9 @@
   }
 
   if (fd < 0) {
+    message("failed to open /dev/urandom: ");
+    message(strerror(errno));
+    message("\n");
     abort();
   }
 
@@ -163,6 +164,9 @@
     close(kUnset);
 
     if (fd <= 0) {
+      message("failed to dup /dev/urandom fd: ");
+      message(strerror(errno));
+      message("\n");
       abort();
     }
   }
@@ -194,11 +198,17 @@
   if (flags == -1) {
     // Native Client doesn't implement |fcntl|.
     if (errno != ENOSYS) {
+      message("failed to get flags from urandom fd: ");
+      message(strerror(errno));
+      message("\n");
       abort();
     }
   } else {
     flags |= FD_CLOEXEC;
     if (fcntl(fd, F_SETFD, flags) == -1) {
+      message("failed to set FD_CLOEXEC on urandom fd: ");
+      message(strerror(errno));
+      message("\n");
       abort();
     }
   }
@@ -208,6 +218,9 @@
 void RAND_set_urandom_fd(int fd) {
   fd = dup(fd);
   if (fd < 0) {
+    message("failed to dup supplied urandom fd: ");
+    message(strerror(errno));
+    message("\n");
     abort();
   }
 
@@ -220,6 +233,9 @@
     close(kUnset);
 
     if (fd <= 0) {
+      message("failed to dup supplied urandom fd: ");
+      message(strerror(errno));
+      message("\n");
       abort();
     }
   }
@@ -232,7 +248,8 @@
   if (*urandom_fd_bss_get() == kHaveGetrandom) {
     close(fd);
   } else if (*urandom_fd_bss_get() != fd) {
-    abort();  // Already initialized.
+    message("RAND_set_urandom_fd called after initialisation.\n");
+    abort();
   }
 }
 
@@ -261,6 +278,7 @@
 #endif  // OPENSSL_MSAN
 
 #else  // USE_NR_getrandom
+      message("urandom fd corrupt.\n");
       abort();
 #endif
     } else {
@@ -288,6 +306,9 @@
   CRYPTO_once(rand_once_bss_get(), init_once);
 
   if (!fill_with_entropy(out, requested)) {
+    message("entropy fill failed: ");
+    message(strerror(errno));
+    message("\n");
     abort();
   }