Mb randloop (#897)

* fixes #895 * upgrade ubuntu 20 CI * using status/poll pattern to retry
2025-10-06 00:03:35 -04:00 · 2021-02-08 16:11:58 +01:00 · 2021-02-08 16:11:58 +01:00 · 1256e3ba99
commit 1256e3ba99
parent bd4d09da75
2 changed files with 22 additions and 12 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -18,7 +18,7 @@ jobs:
  stylecheck:
    description: Validate formatting of code and documentation
    docker:
-      - image: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
+      - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest
 # Re-enable iff docker enforces rate limitations without auth:
 #        auth:
 #          username: $DOCKER_LOGIN
@ -229,35 +229,35 @@ workflows:
          CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest
      - linux_x64:
          <<: *require_stylecheck
-          name: ubuntu-bionic-noopenssl
+          name: ubuntu-focal-noopenssl
          context: openquantumsafe
-          CONTAINER: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
+          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
          CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DCMAKE_BUILD_TYPE=Release -DOQS_USE_OPENSSL=OFF
      - linux_x64:
          <<: *require_stylecheck
-          name: ubuntu-bionic-shared-noopenssl
+          name: ubuntu-focal-shared-noopenssl
          context: openquantumsafe
-          CONTAINER: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
+          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
          CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_BUILD_TYPE=Release -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
          PYTEST_ARGS: --ignore=tests/test_namespace.py --numprocesses=auto
      - linux_x64:
          <<: *require_stylecheck
-          name: ubuntu-bionic-clang9
+          name: ubuntu-focal-clang9
          context: openquantumsafe
-          CONTAINER: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
+          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
          CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9
      - linux_x64:
          <<: *require_stylecheck
          name: address-sanitizer
          context: openquantumsafe
-          CONTAINER: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
+          CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
          CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address
          PYTEST_ARGS: --ignore=tests/test_portability.py --numprocesses=auto
      # Disabling for now due to https://github.com/open-quantum-safe/liboqs/issues/791
      #- linux_x64:
      #    name: undefined-sanitizer
      #    context: openquantumsafe
-      #    CONTAINER: openquantumsafe/ci-ubuntu-bionic-x86_64:latest
+      #    CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
      #    CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Undefined
           # Normally the linux tests are run with 35 processes, but that
           # exhausts memory for this test
--- a/src/common/rand/rand.c
+++ b/src/common/rand/rand.c
@ -112,11 +112,21 @@ void OQS_randombytes_system(uint8_t *random_array, size_t bytes_to_read) {
 #endif

 #ifdef OQS_USE_OPENSSL
+#define OQS_RAND_POLL_RETRY 3 // in case failure to get randomness is a temporary problem, allow some repeats
 void OQS_randombytes_openssl(uint8_t *random_array, size_t bytes_to_read) {
-	int rc;
+	int rep = OQS_RAND_POLL_RETRY;
 	SIZE_T_TO_INT_OR_EXIT(bytes_to_read, bytes_to_read_int)
 	do {
-		rc = RAND_bytes(random_array, bytes_to_read_int);
-	} while (rc != 1);
+		if (RAND_status() == 1) {
+			break;
+		}
+		RAND_poll();
+	} while (rep-- >= 0);
+	if (RAND_bytes(random_array, bytes_to_read_int) != 1) {
+		fprintf(stderr, "No OpenSSL randomness retrieved. DRBG available?\n");
+		// because of void signature we have no other way to signal the problem
+		// we cannot possibly return without randomness
+		exit(EXIT_FAILURE);
+	}
 }
 #endif