From 62fd816d84c1907c72073e9f6a89b4bd3c3fb2d0 Mon Sep 17 00:00:00 2001 From: Pierre Gimalac <23154723+pgimalac@users.noreply.github.com> Date: Wed, 20 May 2026 10:35:47 +0000 Subject: [PATCH 1/2] fix: linux specific C include guards --- crypto/rand_extra/getrandom_fillin.h | 5 ++--- crypto/rand_extra/urandom.c | 4 ++++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/crypto/rand_extra/getrandom_fillin.h b/crypto/rand_extra/getrandom_fillin.h index 9b18b7e9fdd..7a03709d2f4 100644 --- a/crypto/rand_extra/getrandom_fillin.h +++ b/crypto/rand_extra/getrandom_fillin.h @@ -8,8 +8,7 @@ #include "internal.h" -#if defined(OPENSSL_RAND_URANDOM) - +#if defined(OPENSSL_RAND_URANDOM) && defined(OPENSSL_LINUX) #include #if defined(OPENSSL_X86_64) @@ -54,7 +53,7 @@ #define GRND_RANDOM 2 #endif -#endif // OPENSSL_LINUX +#endif // OPENSSL_RAND_URANDOM && OPENSSL_LINUX #endif // OPENSSL_HEADER_CRYPTO_RAND_GETRANDOM_FILLIN_H diff --git a/crypto/rand_extra/urandom.c b/crypto/rand_extra/urandom.c index c8b611abea8..a255f39f987 100644 --- a/crypto/rand_extra/urandom.c +++ b/crypto/rand_extra/urandom.c @@ -354,6 +354,9 @@ static void ensure_dev_urandom_is_initialized(void) { // On platforms where urandom doesn't block at startup, we ensure that the // kernel has sufficient entropy before continuing. + // + // RNDGETENTCNT is a Linux kernel ioctl (from ) +#if defined(HAVE_LINUX_RANDOM_H) for (;;) { int entropy_bits = 0; if (ioctl(urandom_fd, RNDGETENTCNT, &entropy_bits)) { @@ -376,6 +379,7 @@ static void ensure_dev_urandom_is_initialized(void) { struct timespec sleep_time = {.tv_sec = 0, .tv_nsec = MILLISECONDS_250 }; nanosleep(&sleep_time, &sleep_time); } +#endif // HAVE_LINUX_RANDOM_H random_flavor_state = STATE_READY; } From 8d8ecff103ee3fcfd4dcabe6b82702d708544383 Mon Sep 17 00:00:00 2001 From: Pierre Gimalac <23154723+pgimalac@users.noreply.github.com> Date: Fri, 22 May 2026 14:56:47 +0000 Subject: [PATCH 2/2] fix: use OPENSSL_LINUX guard, update comment --- crypto/rand_extra/urandom.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/crypto/rand_extra/urandom.c b/crypto/rand_extra/urandom.c index a255f39f987..1aa71038c5b 100644 --- a/crypto/rand_extra/urandom.c +++ b/crypto/rand_extra/urandom.c @@ -353,10 +353,12 @@ static void ensure_getrandom_is_initialized(void) { static void ensure_dev_urandom_is_initialized(void) { // On platforms where urandom doesn't block at startup, we ensure that the - // kernel has sufficient entropy before continuing. + // kernel has sufficient entropy before continuing. We do this via the + // RNDGETENTCNT ioctl from , which is Linux-specific. // - // RNDGETENTCNT is a Linux kernel ioctl (from ) -#if defined(HAVE_LINUX_RANDOM_H) + // On other URANDOM-path platforms (e.g. AIX) we have no portable way to + // query the kernel entropy pool, so we skip this pre-check and proceed. +#if defined(OPENSSL_LINUX) for (;;) { int entropy_bits = 0; if (ioctl(urandom_fd, RNDGETENTCNT, &entropy_bits)) { @@ -379,7 +381,7 @@ static void ensure_dev_urandom_is_initialized(void) { struct timespec sleep_time = {.tv_sec = 0, .tv_nsec = MILLISECONDS_250 }; nanosleep(&sleep_time, &sleep_time); } -#endif // HAVE_LINUX_RANDOM_H +#endif // OPENSSL_LINUX random_flavor_state = STATE_READY; }