From: Dr. Matthias St. Pierre Date: Thu, 16 Aug 2018 19:05:47 +0000 (+0200) Subject: rand_unix.c: don't discard entropy bytes from syscall_random() X-Git-Tag: OpenSSL_1_1_1-pre9~9 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=630ce41e836a756423c7d834fa2b4a0f8efec871;p=oweals%2Fopenssl.git rand_unix.c: don't discard entropy bytes from syscall_random() Fixes #6978 Don't discard partial reads from syscall_random() and retry instead. Reviewed-by: Andy Polyakov Reviewed-by: Paul Dale Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6990) --- diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 74cc9e146f..e63d778900 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -458,17 +458,25 @@ size_t rand_pool_acquire_entropy(RAND_POOL *pool) unsigned char *buffer; # ifdef OPENSSL_RAND_SEED_GETRANDOM - bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); - buffer = rand_pool_add_begin(pool, bytes_needed); - if (buffer != NULL) { - size_t bytes = 0; - - if (syscall_random(buffer, bytes_needed) == (int)bytes_needed) - bytes = bytes_needed; + { + ssize_t bytes; + /* Maximum allowed number of consecutive unsuccessful attempts */ + int attempts = 3; - rand_pool_add_end(pool, bytes, 8 * bytes); - entropy_available = rand_pool_entropy_available(pool); + bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/); + while (bytes_needed != 0 && attempts-- > 0) { + buffer = rand_pool_add_begin(pool, bytes_needed); + bytes = syscall_random(buffer, bytes_needed); + if (bytes > 0) { + rand_pool_add_end(pool, bytes, 8 * bytes); + bytes_needed -= bytes; + attempts = 3; /* reset counter after successful attempt */ + } else if (bytes < 0 && errno != EINTR) { + break; + } + } } + entropy_available = rand_pool_entropy_available(pool); if (entropy_available > 0) return entropy_available; # endif