[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Minios-devel] [UNIKRAFT/LIB-OPENSSL 2/2] libssl: Disable /dev/random wait() path.

This patch prevents DEVRANDOM_WAIT from being defined which is
checked and then used during libcrypto's acquisition for entropy in
rand_pool_acquire_entropy.  For now, Unikraft does not support
the registration of specific file descriptors of open input/output
channels (e.g. select, poll, socket).  As a result, a call to
select() will default to LwIP's implementations which are provided
globally.

This was discovered whilst enabling SSL for NGINX which relies on
libopenssl/libssl/libcrypt.  Left un-patched, the result led to
undefined system behaviour during the parsing of configuration
files.

This patch can be removed once Unikraft supports the registration
on prototype operations for <sys/select.h>, <poll.h> and
<sys/socket.h>.

Signed-off-by: Alexander Jung <a.jung@xxxxxxxxxxx>
---
 .../0001-libssl-Disable-dev-random-wait-path.patch | 42 ++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 patches/0001-libssl-Disable-dev-random-wait-path.patch

diff --git a/patches/0001-libssl-Disable-dev-random-wait-path.patch 
b/patches/0001-libssl-Disable-dev-random-wait-path.patch
new file mode 100644
index 0000000..184fff1
--- /dev/null
+++ b/patches/0001-libssl-Disable-dev-random-wait-path.patch
@@ -0,0 +1,42 @@
+From b2000232517a1a817aab69b9dd15b788e6653803 Mon Sep 17 00:00:00 2001
+From: Alexander Jung <a.jung@xxxxxxxxxxx>
+Date: Fri, 28 Feb 2020 17:55:48 +0100
+Subject: [PATCH] libssl: Disable /dev/random wait() path.
+
+This patch prevents DEVRANDOM_WAIT from being defined which is
+checked and then used during libcrypto's acquisition for entropy in
+rand_pool_acquire_entropy.  For now, Unikraft does not support
+the registration of specific file descriptors of open input/output
+channels (e.g. select, poll, socket).  As a result, a call to
+select() will default to LwIP's implementations which are provided
+globally.
+
+This was discovered whilst enabling SSL for NGINX which relies on
+libopenssl/libssl/libcrypt.  Left un-patched, the result led to
+undefined system behaviour during the parsing of configuration
+files.
+
+This patch can be removed once Unikraft supports the registration
+on prototype operations for <sys/select.h>, <poll.h> and 
+<sys/socket.h>.
+
+Signed-off-by: Alexander Jung <a.jung@xxxxxxxxxxx>
+---
+ e_os.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/e_os.h b/e_os.h
+index e9ce6c9..f1e93d4 100644
+--- a/e_os.h
++++ b/e_os.h
+@@ -28,7 +28,7 @@
+  * default, we will try to read at least one of these files
+  */
+ #  define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", 
"/dev/srandom"
+-#  ifdef __linux
++#  if 0
+ #   define DEVRANDOM_WAIT "/dev/random"
+ #  endif
+ # endif
+--
+2.11.0
-- 
2.11.0


_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.