|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Minios-devel] [UNIKRAFT/LIB-OPENSSL 2/2] libssl: Disable /dev/random wait() path.
Hi Alex,
Thanks for the patch, looks good. I'll clean up the commit message a bit on
upstreaming if that's ok, to more clearly state that the issue is that this
macro causes nginx ssl initialization to fail.
-- Felipe
Reviewed-by: Felipe Huici <felipe.huici@xxxxxxxxx>
On 28.02.20, 18:58, "Alexander Jung" <a.jung@xxxxxxxxxxx> wrote:
This patch prevents DEVRANDOM_WAIT from being defined which is
checked and then used during libcrypto's acquisition for entropy in
rand_pool_acquire_entropy. For now, Unikraft does not support
the registration of specific file descriptors of open input/output
channels (e.g. select, poll, socket). As a result, a call to
select() will default to LwIP's implementations which are provided
globally.
This was discovered whilst enabling SSL for NGINX which relies on
libopenssl/libssl/libcrypt. Left un-patched, the result led to
undefined system behaviour during the parsing of configuration
files.
This patch can be removed once Unikraft supports the registration
on prototype operations for <sys/select.h>, <poll.h> and
<sys/socket.h>.
Signed-off-by: Alexander Jung <a.jung@xxxxxxxxxxx>
---
.../0001-libssl-Disable-dev-random-wait-path.patch | 42
++++++++++++++++++++++
1 file changed, 42 insertions(+)
create mode 100644 patches/0001-libssl-Disable-dev-random-wait-path.patch
diff --git a/patches/0001-libssl-Disable-dev-random-wait-path.patch
b/patches/0001-libssl-Disable-dev-random-wait-path.patch
new file mode 100644
index 0000000..184fff1
--- /dev/null
+++ b/patches/0001-libssl-Disable-dev-random-wait-path.patch
@@ -0,0 +1,42 @@
+From b2000232517a1a817aab69b9dd15b788e6653803 Mon Sep 17 00:00:00 2001
+From: Alexander Jung <a.jung@xxxxxxxxxxx>
+Date: Fri, 28 Feb 2020 17:55:48 +0100
+Subject: [PATCH] libssl: Disable /dev/random wait() path.
+
+This patch prevents DEVRANDOM_WAIT from being defined which is
+checked and then used during libcrypto's acquisition for entropy in
+rand_pool_acquire_entropy. For now, Unikraft does not support
+the registration of specific file descriptors of open input/output
+channels (e.g. select, poll, socket). As a result, a call to
+select() will default to LwIP's implementations which are provided
+globally.
+
+This was discovered whilst enabling SSL for NGINX which relies on
+libopenssl/libssl/libcrypt. Left un-patched, the result led to
+undefined system behaviour during the parsing of configuration
+files.
+
+This patch can be removed once Unikraft supports the registration
+on prototype operations for <sys/select.h>, <poll.h> and
+<sys/socket.h>.
+
+Signed-off-by: Alexander Jung <a.jung@xxxxxxxxxxx>
+---
+ e_os.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/e_os.h b/e_os.h
+index e9ce6c9..f1e93d4 100644
+--- a/e_os.h
++++ b/e_os.h
+@@ -28,7 +28,7 @@
+ * default, we will try to read at least one of these files
+ */
+ # define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng",
"/dev/srandom"
+-# ifdef __linux
++# if 0
+ # define DEVRANDOM_WAIT "/dev/random"
+ # endif
+ # endif
+--
+2.11.0
--
2.11.0
_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |