Keep RNG seed file descriptor open until the RNG is freed.

2026-01-27 07:42:19 +01:00 · 2024-05-24 12:22:32 -07:00
parent a103f5af8b
commit ea43bcba72
1 changed files with 21 additions and 14 deletions
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -1373,6 +1373,12 @@ int wc_FreeRng(WC_RNG* rng)
        ret = WC_HW_E;
 #endif

+#ifndef USE_WINDOWS_API
+    if(rng->seed.fd != 0 && rng->seed.fd != -1) {
+        close(rng->seed.fd);
+    }
+#endif
+
    return ret;
 }

@@ -3553,20 +3559,22 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)

 #ifndef NO_FILESYSTEM
    #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */
-        os->fd = open("/dev/urandom", O_RDONLY);
-        #if defined(DEBUG_WOLFSSL)
-            WOLFSSL_MSG("opened /dev/urandom.");
-        #endif
-        if (os->fd == -1)
-    #endif
-        {
-            /* may still have /dev/random */
-            os->fd = open("/dev/random", O_RDONLY);
-    #if defined(DEBUG_WOLFSSL)
-            WOLFSSL_MSG("opened /dev/random.");
-    #endif
+        if (os->fd == 0 || os->fd == -1) {
+            os->fd = open("/dev/urandom", O_RDONLY);
+            #if defined(DEBUG_WOLFSSL)
+                WOLFSSL_MSG("opened /dev/urandom.");
+            #endif
            if (os->fd == -1)
-                return OPEN_RAN_E;
+        #endif
+            {
+                /* may still have /dev/random */
+                os->fd = open("/dev/random", O_RDONLY);
+        #if defined(DEBUG_WOLFSSL)
+                WOLFSSL_MSG("opened /dev/random.");
+        #endif
+                if (os->fd == -1)
+                    return OPEN_RAN_E;
+            }
        }
    #if defined(DEBUG_WOLFSSL)
        WOLFSSL_MSG("rnd read...");
@@ -3590,7 +3598,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
    #endif
            }
        }
-        close(os->fd);
 #else
        (void)output;
        (void)sz;