[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Minios-devel] [UNIKRAFT/LIB-OPENSSL 2/2] libssl: Disable /dev/random wait() path.



Hi Alex,

Thanks for the patch, looks good. I'll clean up the commit message a bit on 
upstreaming if that's ok, to more clearly state that the issue is that this 
macro causes nginx ssl initialization to fail.

-- Felipe

Reviewed-by: Felipe Huici <felipe.huici@xxxxxxxxx>

On 28.02.20, 18:58, "Alexander Jung" <a.jung@xxxxxxxxxxx> wrote:

    This patch prevents DEVRANDOM_WAIT from being defined which is
    checked and then used during libcrypto's acquisition for entropy in
    rand_pool_acquire_entropy.  For now, Unikraft does not support
    the registration of specific file descriptors of open input/output
    channels (e.g. select, poll, socket).  As a result, a call to
    select() will default to LwIP's implementations which are provided
    globally.
    
    This was discovered whilst enabling SSL for NGINX which relies on
    libopenssl/libssl/libcrypt.  Left un-patched, the result led to
    undefined system behaviour during the parsing of configuration
    files.
    
    This patch can be removed once Unikraft supports the registration
    on prototype operations for <sys/select.h>, <poll.h> and
    <sys/socket.h>.
    
    Signed-off-by: Alexander Jung <a.jung@xxxxxxxxxxx>
    ---
     .../0001-libssl-Disable-dev-random-wait-path.patch | 42 
++++++++++++++++++++++
     1 file changed, 42 insertions(+)
     create mode 100644 patches/0001-libssl-Disable-dev-random-wait-path.patch
    
    diff --git a/patches/0001-libssl-Disable-dev-random-wait-path.patch 
b/patches/0001-libssl-Disable-dev-random-wait-path.patch
    new file mode 100644
    index 0000000..184fff1
    --- /dev/null
    +++ b/patches/0001-libssl-Disable-dev-random-wait-path.patch
    @@ -0,0 +1,42 @@
    +From b2000232517a1a817aab69b9dd15b788e6653803 Mon Sep 17 00:00:00 2001
    +From: Alexander Jung <a.jung@xxxxxxxxxxx>
    +Date: Fri, 28 Feb 2020 17:55:48 +0100
    +Subject: [PATCH] libssl: Disable /dev/random wait() path.
    +
    +This patch prevents DEVRANDOM_WAIT from being defined which is
    +checked and then used during libcrypto's acquisition for entropy in
    +rand_pool_acquire_entropy.  For now, Unikraft does not support
    +the registration of specific file descriptors of open input/output
    +channels (e.g. select, poll, socket).  As a result, a call to
    +select() will default to LwIP's implementations which are provided
    +globally.
    +
    +This was discovered whilst enabling SSL for NGINX which relies on
    +libopenssl/libssl/libcrypt.  Left un-patched, the result led to
    +undefined system behaviour during the parsing of configuration
    +files.
    +
    +This patch can be removed once Unikraft supports the registration
    +on prototype operations for <sys/select.h>, <poll.h> and 
    +<sys/socket.h>.
    +
    +Signed-off-by: Alexander Jung <a.jung@xxxxxxxxxxx>
    +---
    + e_os.h | 2 +-
    + 1 file changed, 1 insertion(+), 1 deletion(-)
    +
    +diff --git a/e_os.h b/e_os.h
    +index e9ce6c9..f1e93d4 100644
    +--- a/e_os.h
    ++++ b/e_os.h
    +@@ -28,7 +28,7 @@
    +  * default, we will try to read at least one of these files
    +  */
    + #  define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", 
"/dev/srandom"
    +-#  ifdef __linux
    ++#  if 0
    + #   define DEVRANDOM_WAIT "/dev/random"
    + #  endif
    + # endif
    +--
    +2.11.0
    -- 
    2.11.0
    
    

_______________________________________________
Minios-devel mailing list
Minios-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/minios-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.