commit 3531439f8a09dd40102ac0e336cb962e86d8bf57
author Paul Kehrer <paul.l.kehrer@gmail.com> Sun Dec 02 13:13:02 2018 +0800
committer Alex Gaynor <alex.gaynor@gmail.com> Sun Dec 02 00:13:02 2018 -0500
tree 55b40e69d54d31943965d2f0b4ac00a755483763
parent eb4e7b103530907311af4027280a48231a2f17be

switch osrandom engine to blocking mode when getting entropy (#4620)

* switch osrandom engine to blocking mode when getting entropy

* review feedback

* we can remove this too

src/_cffi_src/openssl/src/osrandom_engine.c

diff --git a/src/_cffi_src/openssl/src/osrandom_engine.c b/src/_cffi_src/openssl/src/osrandom_engine.c
index 947c79a..e6a76a3 100644
--- a/src/_cffi_src/openssl/src/osrandom_engine.c
+++ b/src/_cffi_src/openssl/src/osrandom_engine.c
@@ -281,7 +281,8 @@
     if (getrandom_works != CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS) {
         long n;
         char dest[1];
-        n = syscall(SYS_getrandom, dest, sizeof(dest), GRND_NONBLOCK);
+        /* if the kernel CSPRNG is not initialized this will block */
+        n = syscall(SYS_getrandom, dest, sizeof(dest), 0);
         if (n == sizeof(dest)) {
             getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS;
         } else {
@@ -295,15 +296,6 @@
                 /* Fallback: seccomp prevents syscall */
                 getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_FALLBACK;
                 break;
-            case EAGAIN:
-               /* Failure: Kernel CRPNG has not been seeded yet */
-                ERR_Cryptography_OSRandom_error(
-                    CRYPTOGRAPHY_OSRANDOM_F_INIT,
-                    CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_EAGAIN,
-                    __FILE__, __LINE__
-                );
-                getrandom_works = CRYPTOGRAPHY_OSRANDOM_GETRANDOM_INIT_FAILED;
-                break;
             default:
                 /* EINTR cannot occur for buflen < 256. */
                 ERR_Cryptography_OSRandom_error(
@@ -350,7 +342,7 @@
     case CRYPTOGRAPHY_OSRANDOM_GETRANDOM_WORKS:
         while (size > 0) {
             do {
-                n = syscall(SYS_getrandom, buffer, size, GRND_NONBLOCK);
+                n = syscall(SYS_getrandom, buffer, size, 0);
             } while (n < 0 && errno == EINTR);
 
             if (n <= 0) {
@@ -532,9 +524,6 @@
      "Reading from /dev/urandom fd failed."},
     {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED),
      "getrandom() initialization failed."},
-    {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_EAGAIN),
-     "getrandom() initialization failed with EAGAIN. Most likely Kernel "
-     "CPRNG is not seeded yet."},
     {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED),
      "getrandom() initialization failed with unexpected errno."},
     {ERR_REASON(CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED),

src/_cffi_src/openssl/src/osrandom_engine.h

diff --git a/src/_cffi_src/openssl/src/osrandom_engine.h b/src/_cffi_src/openssl/src/osrandom_engine.h
index 077046d..e7a55c5 100644
--- a/src/_cffi_src/openssl/src/osrandom_engine.h
+++ b/src/_cffi_src/openssl/src/osrandom_engine.h
@@ -94,7 +94,6 @@
 #define CRYPTOGRAPHY_OSRANDOM_R_DEV_URANDOM_READ_FAILED 301
 
 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED 400
-#define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_EAGAIN 401
 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_INIT_FAILED_UNEXPECTED 402
 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_FAILED 403
 #define CRYPTOGRAPHY_OSRANDOM_R_GETRANDOM_NOT_INIT 404