1From 330e8c8352eb0ed3c178ac6e0102403c0a835492 Mon Sep 17 00:00:00 2001 2From: Jason Miller <jason@milr.com> 3Date: Thu, 5 Jul 2018 20:53:51 -0700 4Subject: [PATCH] Support urandom inside chroot 5 6This adds a new default entropy function that uses a /dev/urandom stream 7opened before the chroot. If initializing that fails, it fallsback on 8HAVEGE only if HAVEGE is supported by the mbedTLS. 9 10This should remove the hard requirement on HAVEGE 11 12resolves #326 13resolves #327 14 15[Upstream status: https://github.com/mongrel2/mongrel2/pull/328] 16Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 17--- 18 src/mongrel2.c | 7 ------- 19 src/server.c | 36 +++++++++++++++++++++++------------- 20 2 files changed, 23 insertions(+), 20 deletions(-) 21 22diff --git a/src/mongrel2.c b/src/mongrel2.c 23index da632d95..48ece8a5 100644 24--- a/src/mongrel2.c 25+++ b/src/mongrel2.c 26@@ -404,13 +404,6 @@ void taskmain(int argc, char **argv) 27 rc = attempt_chroot_drop(srv); 28 check(rc == 0, "Major failure in chroot/droppriv, aborting."); 29 30- // set up rng after chroot 31- // TODO: once mbedtls is updated, we can move this back into Server_create 32- if(srv->use_ssl) { 33- rc = Server_init_rng(srv); 34- check(rc == 0, "Failed to initialize rng for server %s", bdata(srv->uuid)); 35- } 36- 37 final_setup(); 38 39 taskcreate(tickertask, NULL, TICKER_TASK_STACK); 40diff --git a/src/server.c b/src/server.c 41index 45761db4..e44e199b 100644 42--- a/src/server.c 43+++ b/src/server.c 44@@ -149,35 +149,45 @@ static int Server_load_ciphers(Server *srv, bstring ssl_ciphers_val) 45 return -1; 46 } 47 48+static int urandom_entropy_func(void *data, unsigned char *output, size_t len) 49+{ 50+ FILE* urandom = (FILE *)data; 51+ size_t rc = fread(output, 1, len, urandom); 52+ 53+ if (rc != len) return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; 54+ 55+ return 0; 56+} 57+ 58 int Server_init_rng(Server *srv) 59 { 60 int rc; 61- unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; 62 void *ctx = NULL; 63 64- mbedtls_entropy_init( &srv->entropy ); 65+ FILE *urandom = fopen("/dev/urandom","r"); 66 67- // test the entropy source 68- rc = mbedtls_entropy_func(&srv->entropy, buf, MBEDTLS_ENTROPY_BLOCK_SIZE); 69- 70- if(rc == 0) { 71+ if(urandom != NULL) { 72 ctx = calloc(sizeof(mbedtls_ctr_drbg_context), 1); 73 74 mbedtls_ctr_drbg_init((mbedtls_ctr_drbg_context *)ctx); 75 rc = mbedtls_ctr_drbg_seed((mbedtls_ctr_drbg_context *)ctx, 76- mbedtls_entropy_func, &srv->entropy, NULL, 0); 77+ urandom_entropy_func, urandom, NULL, 0); 78 check(rc == 0, "Init rng failed: ctr_drbg_init returned %d\n", rc); 79 80 srv->rng_func = mbedtls_ctr_drbg_random; 81 srv->rng_ctx = ctx; 82 } else { 83- log_warn("entropy source unavailable. falling back to havege rng"); 84 85+#if defined(MBEDTLS_HAVEGE_C) 86+ log_warn("entropy source unavailable. falling back to havege rng"); 87 ctx = calloc(sizeof(mbedtls_havege_state), 1); 88 mbedtls_havege_init((mbedtls_havege_state *)ctx); 89- 90 srv->rng_func = mbedtls_havege_random; 91 srv->rng_ctx = ctx; 92+#else 93+ log_err("Unable to initialize urandom entropy source, and mbedTLS compiled without HAVEGE"); 94+ goto error; 95+#endif 96 } 97 98 return 0; 99@@ -278,10 +288,10 @@ Server *Server_create(bstring uuid, bstring default_host, 100 101 // TODO: once mbedtls supports opening urandom early and keeping it open, 102 // put the rng initialization back here (before chroot) 103- //if(use_ssl) { 104- // rc = Server_init_rng(srv); 105- // check(rc == 0, "Failed to initialize rng for server %s", bdata(uuid)); 106- //} 107+ if(use_ssl) { 108+ rc = Server_init_rng(srv); 109+ check(rc == 0, "Failed to initialize rng for server %s", bdata(uuid)); 110+ } 111 112 if(blength(chroot) > 0) { 113 srv->chroot = bstrcpy(chroot); check_mem(srv->chroot); 114