Keep RNG seed file descriptor open until the RNG is freed. #7586
Conversation
|
Retest this please |
kareem-wolfssl
force-pushed
the
gh7197
branch
from
54b3613 to
1328b26
Compare
kareem-wolfssl
force-pushed
the
gh7197
branch
from
87e70a7 to
0420c94
Compare
…pen. This fixes the case where wc_FreeRng is called when _InitRng was not called on the RNG. Since the FD value defaults to 0 before _InitRng was called, and 0 is potentially a valid FD, it was being closed.
Gate keeping the seed FD open behind WOLFSSL_KEEP_RNG_SEED_FD_OPEN and only enable by default for HAProxy. It is causing issues on OS X and may cause issues on other OSes, and is generally a major behavior change.
Improve logic for opening RNG seed FD.
wolfcrypt/src/random.c
Outdated
| os->fd = open("/dev/urandom", O_RDONLY); | ||
| #if defined(DEBUG_WOLFSSL) | ||
| WOLFSSL_MSG("opened /dev/urandom."); | ||
| #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN |
There was a problem hiding this comment.
This section might be easier to read with two separate versions of the code... one for existing and another for keeping seed file descriptor open.
|
retest this please |
douzzer
left a comment
douzzer
left a comment
There was a problem hiding this comment.
Looks mostly ready. I left one substantive change req, some optional nits, and some suggestions.
wolfssl/wolfcrypt/random.h
Outdated
| byte seedFdOpen:1; | ||
| byte keepSeedFdOpen:1; |
There was a problem hiding this comment.
these need to be parent type WC_BITFIELD, not byte.
wolfcrypt/src/random.c
Outdated
| WOLFSSL_MSG("opened /dev/urandom."); | ||
| #endif | ||
| if (os->fd == -1) | ||
| #endif |
There was a problem hiding this comment.
the #else and #endif associations are getting pretty gnarly here -- I suggest adding /* !NO_DEV_URANDOM */ after this one, and similarly annotating the others with comments.
wolfcrypt/src/random.c
Outdated
| os->seedFdOpen = 1; | ||
| } | ||
| } | ||
| #else |
There was a problem hiding this comment.
this is the sort of #else that's begging for annotation with a comment.
wolfcrypt/src/random.c
Outdated
|
|
||
| #if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) && !defined(USE_WINDOWS_API) | ||
| if (!rng->seed.seedFdOpen) | ||
| rng->seed.fd = -1; |
There was a problem hiding this comment.
It would be nice if we had an XBADFD macro to go with our XBADFILE macro, but alas we do not. If you're feeling inspired, add XBADFD in wc_port.h and use it here, bearing in mind that it will need to be defined for every target that needs to support WOLFSSL_KEEP_RNG_SEED_FD_OPEN.
There was a problem hiding this comment.
I've only added it for the default target and Zephyr for now, I'm not expecting this macro to be used on embedded systems but XBADFD can easily be expanded if needed.
wolfcrypt/src/random.c
Outdated
| rng->seed.fd = -1; | ||
| rng->seed.seedFdOpen = 0; |
There was a problem hiding this comment.
Why do you need to separately track .seedFdOpen? Can't you just use .fd != -1 as a decisive proxy for the fd being open?
There was a problem hiding this comment.
Unfortunately I can't. fd is initialized to 0 before InitRng is called, so I can't assume that it will be set to -1 as there are some cases where InitRng is not being called before the RNG is used or closed (which is not supposed to happen but it should still be handled gracefully). And 0 is a valid fd which could be returned by open, so I can't use that as a condition either.
5 participants
Description
Keep RNG seed file descriptor open until the RNG is freed.
Fixes #7197
Testing
Built in tests
Checklist