isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use our own getentropy() by default on Linux.

Browse Source 
The glibc getentropy() emulation will fail on older kernels that
don't support getrandom().
Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure.
GitHub issue #117.
This commit is contained in:
Todd C. Miller
2021-10-20 09:53:01 -06:00
parent de4fd4a31d
commit 00e53b32e5
4 changed files with 10 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config.h.in
View File

@@ -928,9 +928,6 @@
/* Define to 1 if you have the <sys/procfs.h> header file. */ /* Define to 1 if you have the <sys/procfs.h> header file. */
#undef HAVE_SYS_PROCFS_H #undef HAVE_SYS_PROCFS_H
/* Define to 1 if you have the <sys/random.h> header file. */
#undef HAVE_SYS_RANDOM_H
/* Define to 1 if you have the <sys/select.h> header file. */ /* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H #undef HAVE_SYS_SELECT_H

11
configure vendored
View File

@@ -17618,6 +17618,10 @@ then :
fi fi
# The glibc getentropy() emulation may fail on older kernels.
# We use our own getentropy() by default on Linux.
: ${ac_cv_func_getentropy='no'}
;; ;;
*-*-gnu*) *-*-gnu*)
# lockf() is broken on the Hurd # lockf() is broken on the Hurd
@@ -21473,13 +21477,6 @@ if test "x$ac_cv_func_getentropy" = xyes
then : then :
printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h
ac_fn_c_check_header_compile "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default"
if test "x$ac_cv_header_sys_random_h" = xyes
then :
printf "%s\n" "#define HAVE_SYS_RANDOM_H 1" >>confdefs.h
fi
else $as_nop else $as_nop

5
configure.ac
View File

@@ -2047,6 +2047,10 @@ case "$host" in
]) ])
# We call getrandom via syscall(3) in case it is not in libc # We call getrandom via syscall(3) in case it is not in libc
AC_CHECK_HEADERS([linux/random.h]) AC_CHECK_HEADERS([linux/random.h])
# The glibc getentropy() emulation may fail on older kernels.
# We use our own getentropy() by default on Linux.
: ${ac_cv_func_getentropy='no'}
;; ;;
*-*-gnu*) *-*-gnu*)
# lockf() is broken on the Hurd # lockf() is broken on the Hurd
@@ -2655,7 +2659,6 @@ AC_CHECK_FUNCS([arc4random], [
SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform) SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform)
# arc4random.c needs getentropy() # arc4random.c needs getentropy()
AC_CHECK_FUNCS([getentropy], [ AC_CHECK_FUNCS([getentropy], [
AC_CHECK_HEADERS([sys/random.h])
], [ ], [
AC_LIBOBJ(getentropy) AC_LIBOBJ(getentropy)
SUDO_APPEND_COMPAT_EXP(sudo_getentropy) SUDO_APPEND_COMPAT_EXP(sudo_getentropy)

7
lib/util/arc4random.c
View File

@@ -34,10 +34,6 @@
#ifndef HAVE_ARC4RANDOM #ifndef HAVE_ARC4RANDOM
#ifdef HAVE_SYS_RANDOM_H
# include <sys/random.h>
#endif
#include <fcntl.h> #include <fcntl.h>
#include <limits.h> #include <limits.h>
#include <signal.h> #include <signal.h>
@@ -51,6 +47,7 @@
#endif #endif
#include "sudo_compat.h" #include "sudo_compat.h"
#include "sudo_fatal.h"
#include "sudo_rand.h" #include "sudo_rand.h"
#define KEYSTREAM_ONLY #define KEYSTREAM_ONLY
@@ -96,7 +93,7 @@ _rs_stir(void)
unsigned char rnd[KEYSZ + IVSZ]; unsigned char rnd[KEYSZ + IVSZ];
if (getentropy(rnd, sizeof rnd) == -1) if (getentropy(rnd, sizeof rnd) == -1)
raise(SIGKILL); sudo_fatal_nodebug("getentropy");
if (!rs_initialized) { if (!rs_initialized) {
rs_initialized = 1; rs_initialized = 1;