From: Yury Is <yury.coder@gmail.com>
Date: Mon, 12 Oct 2020 23:28:26 +0000 (+0300)
Subject: syscall_random(): don't fail if the getentropy() function is a dummy
X-Git-Tag: OpenSSL_1_1_1i~31
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b316d06dd99ec55f0a5275ca8ca4188848227b3b;p=thirdparty%2Fopenssl.git

syscall_random(): don't fail if the getentropy() function is a dummy

Several embedded toolchains may provide dummy implemented getentropy()
function which always returns -1 and sets errno to the ENOSYS.

As a result the function SSL_CTX_new() fails to create a new context.

Fixes #13002

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/13112)
---

diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index da66773e4ab..ec6be791b37 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -365,12 +365,19 @@ static ssize_t syscall_random(void *buf, size_t buflen)
      * - OpenBSD since 5.6
      * - Linux since 3.17 with glibc 2.25
      * - FreeBSD since 12.0 (1200061)
+     *
+     * Note: Sometimes getentropy() can be provided but not implemented
+     * internally. So we need to check errno for ENOSYS
      */
 #  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
     extern int getentropy(void *buffer, size_t length) __attribute__((weak));
 
-    if (getentropy != NULL)
-        return getentropy(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+    if (getentropy != NULL) {
+        if (getentropy(buf, buflen) == 0)
+            return (ssize_t)buflen;
+        if (errno != ENOSYS)
+            return -1;
+    }
 #  else
     union {
         void *p;