From 2e912f63a41852012e30aab3553ebcf9cd992d99 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Mon, 6 Jan 2020 01:50:43 +0100 Subject: Move random-related defines to "crypto/rand.h" This fixes commit 01036e2afbe116d608be048ed15930fc885ab2a8, which moved the DEVRANDOM and DEVRANDOM_EGD defines into rand_unix.c. That change introduced the regression that the compiler complains about missing declarations in crypto/info.c when OpenSSL is configured using `--with-rand-seed=devrandom` (resp. `--with-rand-seed=egd`) Fixes #10759 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/10762) --- include/crypto/rand.h | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) (limited to 'include') diff --git a/include/crypto/rand.h b/include/crypto/rand.h index e808c30820..81bcb60508 100644 --- a/include/crypto/rand.h +++ b/include/crypto/rand.h @@ -23,6 +23,55 @@ /* forward declaration */ typedef struct rand_pool_st RAND_POOL; +/* + * Defines related to seed sources + */ +#ifndef DEVRANDOM +/* + * set this to a comma-separated list of 'random' device files to try out. By + * default, we will try to read at least one of these files + */ +# define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" +# if defined(__linux) && !defined(__ANDROID__) +# ifndef DEVRANDOM_WAIT +# define DEVRANDOM_WAIT "/dev/random" +# endif +/* + * Linux kernels 4.8 and later changes how their random device works and there + * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2) + * should be used instead. + */ +# ifndef DEVRANDOM_SAFE_KERNEL +# define DEVRANDOM_SAFE_KERNEL 4, 8 +# endif +/* + * Some operating systems do not permit select(2) on their random devices, + * defining this to zero will force the use of read(2) to extract one byte + * from /dev/random. + */ +# ifndef DEVRANDM_WAIT_USE_SELECT +# define DEVRANDM_WAIT_USE_SELECT 1 +# endif +/* + * Define the shared memory identifier used to indicate if the operating + * system has properly seeded the DEVRANDOM source. + */ +# ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID +# define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114 +# endif + +# endif +#endif + +#if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) +/* + * set this to a comma-separated list of 'egd' sockets to try out. These + * sockets will be tried in the order listed in case accessing the device + * files listed in DEVRANDOM did not return enough randomness. + */ +# define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy" +#endif + void rand_cleanup_int(void); /* Hardware-based seeding functions. */ -- cgit v1.2.3