Remove RAND_set_urandom_fd.
Also update the documentation for RAND_enable_fork_unsafe_buffering. The
fd parameter is no longer used.
Update-Note: RAND_set_urandom_fd no longer exists. This was only called
by Chromium, which now uses CRYPTO_pre_sandbox_init.
Change-Id: I1659c1cc84a6f1edc01f6105fc07e80856e457fc
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41424
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/fipsmodule/rand/urandom.c b/crypto/fipsmodule/rand/urandom.c
index bf15eda..bae3fc3 100644
--- a/crypto/fipsmodule/rand/urandom.c
+++ b/crypto/fipsmodule/rand/urandom.c
@@ -95,17 +95,10 @@
#endif // USE_NR_getrandom
-// rand_lock is used to protect the |*_requested| variables.
-DEFINE_STATIC_MUTEX(rand_lock)
-
-// The following constants are magic values of |urandom_fd|.
-static const int kUnset = 0;
+// kHaveGetrandom in |urandom_fd| signals that |getrandom| or |getentropy| is
+// available and should be used instead.
static const int kHaveGetrandom = -3;
-// urandom_fd_requested is set by |RAND_set_urandom_fd|. It's protected by
-// |rand_lock|.
-DEFINE_BSS_GET(int, urandom_fd_requested)
-
// urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|.
DEFINE_BSS_GET(int, urandom_fd)
@@ -144,14 +137,9 @@
DEFINE_STATIC_ONCE(rand_once)
// init_once initializes the state of this module to values previously
-// requested. This is the only function that modifies |urandom_fd| and
-// |urandom_buffering|, whose values may be read safely after calling the
-// once.
+// requested. This is the only function that modifies |urandom_fd|, which may be
+// read safely after calling the once.
static void init_once(void) {
- CRYPTO_STATIC_MUTEX_lock_read(rand_lock_bss_get());
- int fd = *urandom_fd_requested_bss_get();
- CRYPTO_STATIC_MUTEX_unlock_read(rand_lock_bss_get());
-
#if defined(USE_NR_getrandom)
int have_getrandom;
uint8_t dummy;
@@ -194,31 +182,16 @@
abort();
#endif
- if (fd == kUnset) {
- do {
- fd = open("/dev/urandom", O_RDONLY);
- } while (fd == -1 && errno == EINTR);
- }
+ int fd;
+ do {
+ fd = open("/dev/urandom", O_RDONLY);
+ } while (fd == -1 && errno == EINTR);
if (fd < 0) {
perror("failed to open /dev/urandom");
abort();
}
- assert(kUnset == 0);
- if (fd == kUnset) {
- // Because we want to keep |urandom_fd| in the BSS, we have to initialise
- // it to zero. But zero is a valid file descriptor too. Thus if open
- // returns zero for /dev/urandom, we dup it to get a non-zero number.
- fd = dup(fd);
- close(kUnset);
-
- if (fd <= 0) {
- perror("failed to dup /dev/urandom fd");
- abort();
- }
- }
-
int flags = fcntl(fd, F_GETFD);
if (flags == -1) {
// Native Client doesn't implement |fcntl|.
@@ -307,40 +280,6 @@
#endif // BORINGSSL_FIPS
}
-void RAND_set_urandom_fd(int fd) {
- fd = dup(fd);
- if (fd < 0) {
- perror("failed to dup supplied urandom fd");
- abort();
- }
-
- assert(kUnset == 0);
- if (fd == kUnset) {
- // Because we want to keep |urandom_fd| in the BSS, we have to initialise
- // it to zero. But zero is a valid file descriptor too. Thus if dup
- // returned zero we dup it again to get a non-zero number.
- fd = dup(fd);
- close(kUnset);
-
- if (fd <= 0) {
- perror("failed to dup supplied urandom fd");
- abort();
- }
- }
-
- CRYPTO_STATIC_MUTEX_lock_write(rand_lock_bss_get());
- *urandom_fd_requested_bss_get() = fd;
- CRYPTO_STATIC_MUTEX_unlock_write(rand_lock_bss_get());
-
- CRYPTO_init_sysrand();
- if (*urandom_fd_bss_get() == kHaveGetrandom) {
- close(fd);
- } else if (*urandom_fd_bss_get() != fd) {
- fprintf(stderr, "RAND_set_urandom_fd called after initialisation.\n");
- abort();
- }
-}
-
// fill_with_entropy writes |len| bytes of entropy into |out|. It returns one
// on success and zero on error. If |block| is one, this function will block
// until the entropy pool is initialized. Otherwise, this function may fail,
diff --git a/include/openssl/rand.h b/include/openssl/rand.h
index 5d02e12..4847eb7 100644
--- a/include/openssl/rand.h
+++ b/include/openssl/rand.h
@@ -36,26 +36,12 @@
// Obscure functions.
#if !defined(OPENSSL_WINDOWS)
-// RAND_set_urandom_fd causes the module to use a copy of |fd| for system
-// randomness rather opening /dev/urandom internally. The caller retains
-// ownership of |fd| and is at liberty to close it at any time. This is useful
-// if, due to a sandbox, /dev/urandom isn't available. If used, it must be
-// called before the first call to |RAND_bytes|, and it is mutually exclusive
-// with |RAND_enable_fork_unsafe_buffering|.
-//
-// |RAND_set_urandom_fd| does not buffer any entropy, so it is safe to call
-// |fork| at any time after calling |RAND_set_urandom_fd|.
-OPENSSL_EXPORT void RAND_set_urandom_fd(int fd);
-
// RAND_enable_fork_unsafe_buffering enables efficient buffered reading of
// /dev/urandom. It adds an overhead of a few KB of memory per thread. It must
-// be called before the first call to |RAND_bytes| and it is mutually exclusive
-// with calls to |RAND_set_urandom_fd|.
+// be called before the first call to |RAND_bytes|.
//
-// If |fd| is non-negative then a copy of |fd| will be used rather than opening
-// /dev/urandom internally. Like |RAND_set_urandom_fd|, the caller retains
-// ownership of |fd|. If |fd| is negative then /dev/urandom will be opened and
-// any error from open(2) crashes the address space.
+// |fd| must be -1. We no longer support setting the file descriptor with this
+// function.
//
// It has an unusual name because the buffer is unsafe across calls to |fork|.
// Hence, this function should never be called by libraries.