Show an error before we abort the process for an entropy failure.
Change-Id: I8d8483d38de15dcde18141bb9cc9e79d585d24ad
Reviewed-on: https://boringssl-review.googlesource.com/27045
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c
index d2be719..9eca93d 100644
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/fipsmodule/rand/urandom.c
@@ -97,7 +97,6 @@
DEFINE_STATIC_ONCE(rand_once);
-#if defined(USE_NR_getrandom) || defined(BORINGSSL_FIPS)
// message writes |msg| to stderr. We use this because referencing |stderr|
// with |fprintf| generates relocations, which is a problem inside the FIPS
// module.
@@ -107,7 +106,6 @@
r = write(2, msg, strlen(msg));
} while (r == -1 && errno == EINTR);
}
-#endif
// init_once initializes the state of this module to values previously
// requested. This is the only function that modifies |urandom_fd| and
@@ -151,6 +149,9 @@
}
if (fd < 0) {
+ message("failed to open /dev/urandom: ");
+ message(strerror(errno));
+ message("\n");
abort();
}
@@ -163,6 +164,9 @@
close(kUnset);
if (fd <= 0) {
+ message("failed to dup /dev/urandom fd: ");
+ message(strerror(errno));
+ message("\n");
abort();
}
}
@@ -194,11 +198,17 @@
if (flags == -1) {
// Native Client doesn't implement |fcntl|.
if (errno != ENOSYS) {
+ message("failed to get flags from urandom fd: ");
+ message(strerror(errno));
+ message("\n");
abort();
}
} else {
flags |= FD_CLOEXEC;
if (fcntl(fd, F_SETFD, flags) == -1) {
+ message("failed to set FD_CLOEXEC on urandom fd: ");
+ message(strerror(errno));
+ message("\n");
abort();
}
}
@@ -208,6 +218,9 @@
void RAND_set_urandom_fd(int fd) {
fd = dup(fd);
if (fd < 0) {
+ message("failed to dup supplied urandom fd: ");
+ message(strerror(errno));
+ message("\n");
abort();
}
@@ -220,6 +233,9 @@
close(kUnset);
if (fd <= 0) {
+ message("failed to dup supplied urandom fd: ");
+ message(strerror(errno));
+ message("\n");
abort();
}
}
@@ -232,7 +248,8 @@
if (*urandom_fd_bss_get() == kHaveGetrandom) {
close(fd);
} else if (*urandom_fd_bss_get() != fd) {
- abort(); // Already initialized.
+ message("RAND_set_urandom_fd called after initialisation.\n");
+ abort();
}
}
@@ -261,6 +278,7 @@
#endif // OPENSSL_MSAN
#else // USE_NR_getrandom
+ message("urandom fd corrupt.\n");
abort();
#endif
} else {
@@ -288,6 +306,9 @@
CRYPTO_once(rand_once_bss_get(), init_once);
if (!fill_with_entropy(out, requested)) {
+ message("entropy fill failed: ");
+ message(strerror(errno));
+ message("\n");
abort();
}