[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Minios-devel] [UNIKRAFT/LIB-OPENSSL 2/2] libssl: Disable /dev/random wait() path.
Hi Alex, Thanks for the patch, looks good. I'll clean up the commit message a bit on upstreaming if that's ok, to more clearly state that the issue is that this macro causes nginx ssl initialization to fail. -- Felipe Reviewed-by: Felipe Huici <felipe.huici@xxxxxxxxx> On 28.02.20, 18:58, "Alexander Jung" <a.jung@xxxxxxxxxxx> wrote: This patch prevents DEVRANDOM_WAIT from being defined which is checked and then used during libcrypto's acquisition for entropy in rand_pool_acquire_entropy. For now, Unikraft does not support the registration of specific file descriptors of open input/output channels (e.g. select, poll, socket). As a result, a call to select() will default to LwIP's implementations which are provided globally. This was discovered whilst enabling SSL for NGINX which relies on libopenssl/libssl/libcrypt. Left un-patched, the result led to undefined system behaviour during the parsing of configuration files. This patch can be removed once Unikraft supports the registration on prototype operations for <sys/select.h>, <poll.h> and <sys/socket.h>. Signed-off-by: Alexander Jung <a.jung@xxxxxxxxxxx> --- .../0001-libssl-Disable-dev-random-wait-path.patch | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 patches/0001-libssl-Disable-dev-random-wait-path.patch diff --git a/patches/0001-libssl-Disable-dev-random-wait-path.patch b/patches/0001-libssl-Disable-dev-random-wait-path.patch new file mode 100644 index 0000000..184fff1 --- /dev/null +++ b/patches/0001-libssl-Disable-dev-random-wait-path.patch @@ -0,0 +1,42 @@ +From b2000232517a1a817aab69b9dd15b788e6653803 Mon Sep 17 00:00:00 2001 +From: Alexander Jung <a.jung@xxxxxxxxxxx> +Date: Fri, 28 Feb 2020 17:55:48 +0100 +Subject: [PATCH] libssl: Disable /dev/random wait() path. + +This patch prevents DEVRANDOM_WAIT from being defined which is +checked and then used during libcrypto's acquisition for entropy in +rand_pool_acquire_entropy. For now, Unikraft does not support +the registration of specific file descriptors of open input/output +channels (e.g. select, poll, socket). As a result, a call to +select() will default to LwIP's implementations which are provided +globally. + +This was discovered whilst enabling SSL for NGINX which relies on +libopenssl/libssl/libcrypt. Left un-patched, the result led to +undefined system behaviour during the parsing of configuration +files. + +This patch can be removed once Unikraft supports the registration +on prototype operations for <sys/select.h>, <poll.h> and +<sys/socket.h>. + +Signed-off-by: Alexander Jung <a.jung@xxxxxxxxxxx> +--- + e_os.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/e_os.h b/e_os.h +index e9ce6c9..f1e93d4 100644 +--- a/e_os.h ++++ b/e_os.h +@@ -28,7 +28,7 @@ + * default, we will try to read at least one of these files + */ + # define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom" +-# ifdef __linux ++# if 0 + # define DEVRANDOM_WAIT "/dev/random" + # endif + # endif +-- +2.11.0 -- 2.11.0 _______________________________________________ Minios-devel mailing list Minios-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/minios-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |