aws · baldwinmatt · Jul 12, 2015 · Jul 6, 2015 · Jul 6, 2015 · Jul 6, 2015
diff --git a/api/s2n.h b/api/s2n.h
@@ -61,7 +61,7 @@ extern int s2n_connection_set_write_fd(struct s2n_connection *conn, int readfd);
 
 typedef enum { S2N_BUILT_IN_BLINDING, S2N_SELF_SERVICE_BLINDING } s2n_blinding;
 extern int s2n_connection_set_blinding(struct s2n_connection *conn, s2n_blinding blinding);
-extern int s2n_connection_get_delay(struct s2n_connection *conn);
+extern int64_t s2n_connection_get_delay(struct s2n_connection *conn);
 
 extern int s2n_set_server_name(struct s2n_connection *conn, const char *server_name);
 extern const char *s2n_get_server_name(struct s2n_connection *conn);

diff --git a/bin/echo.c b/bin/echo.c
@@ -88,7 +88,9 @@ int echo(struct s2n_connection *conn, int sockfd)
     printf("Cipher negotiated: %s\n", s2n_connection_get_cipher(conn));
 
     /* Act as a simple proxy between stdin and the SSL connection */
-    while (poll(readers, 2, -1) > 0) {
+    int p;
+    POLL:
+    while ((p = poll(readers, 2, -1)) > 0) {
         char buffer[10240];
         int bytes_read, bytes_written;
 
@@ -121,8 +123,12 @@ int echo(struct s2n_connection *conn, int sockfd)
             }
 
             /* Read as many bytes as we think we can */
+            READ:
             bytes_read = read(STDIN_FILENO, buffer, bytes_available);
             if (bytes_read < 0) {
+                if (errno == EINTR) {
+                    goto READ;
+                }
                 fprintf(stderr, "Error reading from stdin\n");
                 exit(1);
             }
@@ -144,6 +150,9 @@ int echo(struct s2n_connection *conn, int sockfd)
             } while (bytes_available || more);
         }
     }
+    if (p < 0 && errno == EINTR) {
+        goto POLL;
+    }
 
     return 0;
 }
diff --git a/docs/USAGE-GUIDE.md b/docs/USAGE-GUIDE.md
@@ -181,7 +181,7 @@ Setting the **S2N_SELF_SERVICE_BLINDING** option with **s2n_connection_set_blind
 turns off this behavior. This is useful for applications that are handling many connections
 in a single thread. In that case, if s2n_recv() or s2n_negotiate() return an error, 
 self-service applications should call **s2n_connection_get_delay** and pause 
-activity on the connection  for the specified number of microseconds before calling
+activity on the connection  for the specified number of nanoseconds before calling
 close() or shutdown().
 
 ```c
@@ -431,10 +431,10 @@ built-in blinding (set blinding to S2N_BUILT_IN_BLINDING) or self-service blindi
 ### s2n\_connection\_get\_delay
 
 ```c
-int s2n_connection_get_delay(struct s2n_connection *conn);
+int64_t s2n_connection_get_delay(struct s2n_connection *conn);
 ```
 
-**s2n_connection_get_delay** returns the number of microseconds an application
+**s2n_connection_get_delay** returns the number of nanoseconds an application
 using self-service blinding should pause before calling close() or shutdown().
 
 ### s2n\_connection\_get\_wire\_bytes

diff --git a/stuffer/s2n_stuffer_file.c b/stuffer/s2n_stuffer_file.c
@@ -97,8 +97,12 @@ int s2n_stuffer_alloc_ro_from_file(struct s2n_stuffer *stuffer, const char *file
 {
     int fd;
 
+    OPEN:
     fd = open(file, O_RDONLY);
     if (fd < 0) {
+        if (errno == EINTR) {
+            goto OPEN;
+        }
         S2N_ERROR(S2N_ERR_OPEN);
     }
 

diff --git a/tests/unit/Makefile b/tests/unit/Makefile
@@ -26,7 +26,7 @@ include ../../s2n.mk
 CRUFT += $(wildcard *_test)
 
 ifeq ($(shell uname),Darwin)
-    LIBS = -lpthread -lm
+    LIBS = -lpthread -lm -lcrypto
 else ifeq ($(shell uname),FreeBSD)
     LIBS = -lthr -lcrypto
 else
@@ -36,7 +36,8 @@ endif
 # Suppress the unreachable code warning, because tests involve what should be
 # unreachable code
 CFLAGS += -Wno-unreachable-code -I../../libcrypto-root/include/ -I../../ -I../../api/
-LDFLAGS += -L../../lib/ -L../../libcrypto-root/lib -L../testlib/ -ltests2n -ls2n ${LIBS}
+#LDFLAGS += -L../../lib/ -L../../libcrypto-root/lib -L../testlib/ -ltests2n -ls2n ${LIBS}
+LDFLAGS += -L../../lib/ -L../testlib/ -ltests2n -ls2n ${LIBS}
 
 $(TESTS)::
 	@${CC} ${CFLAGS} -o $@ [email protected] ${LDFLAGS} 2>&1

diff --git a/tls/s2n_connection.c b/tls/s2n_connection.c
@@ -13,8 +13,6 @@
  * permissions and limitations under the License.
  */
 
-#define _XOPEN_SOURCE 500       /* For usleep() */
-
 #include <unistd.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -347,20 +345,28 @@ int s2n_connection_set_blinding(struct s2n_connection *conn, s2n_blinding blindi
     return 0;
 }
 
-int s2n_connection_get_delay(struct s2n_connection *conn)
+#define ONE_MS INT64_C(1000000)
+#define ONE_S  INT64_C(1000000000)
+#define TEN_S  INT64_C(10000000000)
+
+int64_t s2n_connection_get_delay(struct s2n_connection *conn)
 {
-    /* Delay between 1ms and 10 seconds in microseconds */
-    int min = 1000, max = 10 * 1000 * 1000;
+    /* Delay between 1ms and 10 seconds in nanoseconds */
+    int64_t min = ONE_MS, max = TEN_S;
     return min + s2n_public_random(max - min);
 }
 
 int s2n_sleep_delay(struct s2n_connection *conn)
 {
     if (conn->blinding == S2N_BUILT_IN_BLINDING) {
-        int delay;
+        int delay, r;
         GUARD(delay = s2n_connection_get_delay(conn));
-        GUARD(sleep(delay / 1000000));
-        GUARD(usleep(delay % 1000000));
+        struct timespec sleep_time = { .tv_sec = delay / ONE_S, .tv_nsec = delay % ONE_S };
+
+        do {
+            r = nanosleep(&sleep_time, &sleep_time);
+        }
+        while (r != 0);
     }
 
     return 0;

diff --git a/tls/s2n_connection.h b/tls/s2n_connection.h
@@ -17,6 +17,7 @@
 
 #include <stdint.h>
 #include <signal.h>
+#include <errno.h>
 #include <s2n.h>
 
 #include "tls/s2n_tls_parameters.h"

diff --git a/utils/s2n_random.c b/utils/s2n_random.c
@@ -113,9 +113,9 @@ int s2n_get_urandom_data(struct s2n_blob *blob)
     return 0;
 }
 
-int s2n_public_random(int max)
+int64_t s2n_public_random(int64_t max)
 {
-    unsigned int r;
+    uint64_t r;
 
     gt_check(max, 0);
 
@@ -136,7 +136,7 @@ int s2n_public_random(int max)
          * But since 'max' is an int and INT_MAX is <= UINT_MAX / 2,
          * in the worst case we discard 25% - 1 r's.
          */
-        if (r < (UINT_MAX - (UINT_MAX % max))) {
+        if (r < (UINT64_MAX - (UINT64_MAX % max))) {
             return r % max;
         }
     }
@@ -178,8 +178,12 @@ RAND_METHOD s2n_openssl_rand_method = {
 
 int s2n_init(void)
 {
+    OPEN:
     entropy_fd = open(ENTROPY_SOURCE, O_RDONLY);
     if (entropy_fd == -1) {
+        if (errno == EINTR) {
+            goto OPEN;
+        }
         S2N_ERROR(S2N_ERR_OPEN_RANDOM);
     }
 

diff --git a/utils/s2n_random.h b/utils/s2n_random.h
@@ -23,4 +23,4 @@
 extern int s2n_get_public_random_data(struct s2n_blob *blob);
 extern int s2n_get_private_random_data(struct s2n_blob *blob);
 extern int s2n_get_urandom_data(struct s2n_blob *blob);
-extern int s2n_public_random(int max);
+extern int64_t s2n_public_random(int64_t max);