Use our own getentropy() by default on Linux.
The glibc getentropy() emulation will fail on older kernels that don't support getrandom(). Also use sudo_fatal() instead of sending SIGKILL on getentropy() failure. GitHub issue #117.
This commit is contained in:
Todd C. Miller
@@ -928,9 +928,6 @@
|
||||
/* Define to 1 if you have the <sys/procfs.h> header file. */
|
||||
#undef HAVE_SYS_PROCFS_H
|
||||
|
||||
/* Define to 1 if you have the <sys/random.h> header file. */
|
||||
#undef HAVE_SYS_RANDOM_H
|
||||
|
||||
/* Define to 1 if you have the <sys/select.h> header file. */
|
||||
#undef HAVE_SYS_SELECT_H
|
||||
|
||||
|
||||
11
configure
vendored
11
configure
vendored
@@ -17618,6 +17618,10 @@ then :
|
||||
|
||||
fi
|
||||
|
||||
|
||||
# The glibc getentropy() emulation may fail on older kernels.
|
||||
# We use our own getentropy() by default on Linux.
|
||||
: ${ac_cv_func_getentropy='no'}
|
||||
;;
|
||||
*-*-gnu*)
|
||||
# lockf() is broken on the Hurd
|
||||
@@ -21473,13 +21477,6 @@ if test "x$ac_cv_func_getentropy" = xyes
|
||||
then :
|
||||
printf "%s\n" "#define HAVE_GETENTROPY 1" >>confdefs.h
|
||||
|
||||
ac_fn_c_check_header_compile "$LINENO" "sys/random.h" "ac_cv_header_sys_random_h" "$ac_includes_default"
|
||||
if test "x$ac_cv_header_sys_random_h" = xyes
|
||||
then :
|
||||
printf "%s\n" "#define HAVE_SYS_RANDOM_H 1" >>confdefs.h
|
||||
|
||||
fi
|
||||
|
||||
|
||||
else $as_nop
|
||||
|
||||
|
||||
@@ -2047,6 +2047,10 @@ case "$host" in
|
||||
])
|
||||
# We call getrandom via syscall(3) in case it is not in libc
|
||||
AC_CHECK_HEADERS([linux/random.h])
|
||||
|
||||
# The glibc getentropy() emulation may fail on older kernels.
|
||||
# We use our own getentropy() by default on Linux.
|
||||
: ${ac_cv_func_getentropy='no'}
|
||||
;;
|
||||
*-*-gnu*)
|
||||
# lockf() is broken on the Hurd
|
||||
@@ -2655,7 +2659,6 @@ AC_CHECK_FUNCS([arc4random], [
|
||||
SUDO_APPEND_COMPAT_EXP(sudo_arc4random_uniform)
|
||||
# arc4random.c needs getentropy()
|
||||
AC_CHECK_FUNCS([getentropy], [
|
||||
AC_CHECK_HEADERS([sys/random.h])
|
||||
], [
|
||||
AC_LIBOBJ(getentropy)
|
||||
SUDO_APPEND_COMPAT_EXP(sudo_getentropy)
|
||||
|
||||
@@ -34,10 +34,6 @@
|
||||
|
||||
#ifndef HAVE_ARC4RANDOM
|
||||
|
||||
#ifdef HAVE_SYS_RANDOM_H
|
||||
# include <sys/random.h>
|
||||
#endif
|
||||
|
||||
#include <fcntl.h>
|
||||
#include <limits.h>
|
||||
#include <signal.h>
|
||||
@@ -51,6 +47,7 @@
|
||||
#endif
|
||||
|
||||
#include "sudo_compat.h"
|
||||
#include "sudo_fatal.h"
|
||||
#include "sudo_rand.h"
|
||||
|
||||
#define KEYSTREAM_ONLY
|
||||
@@ -96,7 +93,7 @@ _rs_stir(void)
|
||||
unsigned char rnd[KEYSZ + IVSZ];
|
||||
|
||||
if (getentropy(rnd, sizeof rnd) == -1)
|
||||
raise(SIGKILL);
|
||||
sudo_fatal_nodebug("getentropy");
|
||||
|
||||
if (!rs_initialized) {
|
||||
rs_initialized = 1;
|
||||
|
||||
Reference in New Issue
Block a user