diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2014-06-25 15:53:57 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2014-06-25 15:53:57 +0000 |
| commit | c8303cc4719f71987147a95973eb20df1825ba2c (patch) | |
| tree | 802427ba66600bdc39198c7e8b1829914c241a54 /lib/libcrypto/crypto | |
| parent | ccd7e2946a3363885fa3ce69ef741e7cf67cc77e (diff) | |
O_NOFOLLOW would be very nice to have here if the version of linux
we are running supports it.
from enh@google.com
Diffstat (limited to 'lib/libcrypto/crypto')
| -rw-r--r-- | lib/libcrypto/crypto/getentropy_linux.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/lib/libcrypto/crypto/getentropy_linux.c b/lib/libcrypto/crypto/getentropy_linux.c index d833d4c9e16..81661318995 100644 --- a/lib/libcrypto/crypto/getentropy_linux.c +++ b/lib/libcrypto/crypto/getentropy_linux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getentropy_linux.c,v 1.8 2014/06/23 03:47:46 beck Exp $ */ +/* $OpenBSD: getentropy_linux.c,v 1.9 2014/06/25 15:53:56 beck Exp $ */ /* * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org> @@ -169,24 +169,25 @@ getentropy_urandom(void *buf, size_t len) { struct stat st; size_t i; - int fd, cnt; + int fd, cnt, flags; int save_errno = errno; start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif #ifdef O_CLOEXEC - fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC, 0); - if (fd == -1) { - if (errno == EINTR) - goto start; - goto nodevrandom; - } -#else - fd = open("/dev/urandom", O_RDONLY, 0); + flags |= O_CLOEXEC; +#endif + fd = open("/dev/urandom", flags, 0); if (fd == -1) { if (errno == EINTR) goto start; goto nodevrandom; } +#ifndef O_CLOEXEC fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); #endif |