diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2024-11-14 14:33:08 +1100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2024-11-14 19:00:36 +0100 |
| commit | 71d5deed5eed3949ee09c5f0a53b4de0b09b4afc (patch) | |
| tree | e478a847033cabee0c8b378a42bc051d30bedbb3 /passt.c | |
| parent | a60703e89991d23345ed929328001e19f5bc47e0 (diff) | |
| download | passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.gz passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.bz2 passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.lz passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.xz passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.zst passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.zip | |
util: Add general low-level random bytes helper
Currently secret_init() open codes getting good quality random bytes from
the OS, either via getrandom(2) or reading /dev/random. We're going to
add at least one more place that needs random data in future, so make a
general helper for getting random bytes. While we're there, fix a number
of minor bugs:
- getrandom() can theoretically return a "short read", so handle that case
- getrandom() as well as read can return a transient EINTR
- We would attempt to read data from /dev/random if we failed to open it
(open() returns -1), but not if we opened it as fd 0 (unlikely, but ok)
- More specific error reporting
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'passt.c')
| -rw-r--r-- | passt.c | 30 |
1 files changed, 1 insertions, 29 deletions
@@ -36,9 +36,6 @@ #include <sys/prctl.h> #include <netinet/if_ether.h> #include <libgen.h> -#ifdef HAS_GETRANDOM -#include <sys/random.h> -#endif #include "util.h" #include "passt.h" @@ -118,32 +115,7 @@ static void post_handler(struct ctx *c, const struct timespec *now) */ static void secret_init(struct ctx *c) { -#ifndef HAS_GETRANDOM - int dev_random = open("/dev/random", O_RDONLY); - unsigned int random_read = 0; - - while (dev_random && random_read < sizeof(c->hash_secret)) { - int ret = read(dev_random, - (uint8_t *)&c->hash_secret + random_read, - sizeof(c->hash_secret) - random_read); - - if (ret == -1 && errno == EINTR) - continue; - - if (ret <= 0) - break; - - random_read += ret; - } - if (dev_random >= 0) - close(dev_random); - - if (random_read < sizeof(c->hash_secret)) -#else - if (getrandom(&c->hash_secret, sizeof(c->hash_secret), - GRND_RANDOM) < 0) -#endif /* !HAS_GETRANDOM */ - die_perror("Failed to get random bytes for hash table and TCP"); + raw_random(&c->hash_secret, sizeof(c->hash_secret)); } /** |