diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2024-11-14 14:33:08 +1100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2024-11-14 19:00:36 +0100 |
| commit | 71d5deed5eed3949ee09c5f0a53b4de0b09b4afc (patch) | |
| tree | e478a847033cabee0c8b378a42bc051d30bedbb3 /util.c | |
| parent | a60703e89991d23345ed929328001e19f5bc47e0 (diff) | |
| download | passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.gz passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.bz2 passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.lz passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.xz passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.tar.zst passt-71d5deed5eed3949ee09c5f0a53b4de0b09b4afc.zip | |
util: Add general low-level random bytes helper
Currently secret_init() open codes getting good quality random bytes from
the OS, either via getrandom(2) or reading /dev/random. We're going to
add at least one more place that needs random data in future, so make a
general helper for getting random bytes. While we're there, fix a number
of minor bugs:
- getrandom() can theoretically return a "short read", so handle that case
- getrandom() as well as read can return a transient EINTR
- We would attempt to read data from /dev/random if we failed to open it
(open() returns -1), but not if we opened it as fd 0 (unlikely, but ok)
- More specific error reporting
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'util.c')
| -rw-r--r-- | util.c | 54 |
1 files changed, 54 insertions, 0 deletions
@@ -34,6 +34,9 @@ #include "passt.h" #include "packet.h" #include "log.h" +#ifdef HAS_GETRANDOM +#include <sys/random.h> +#endif /** * sock_l4_sa() - Create and bind socket to socket address, add to epoll list @@ -783,3 +786,54 @@ bool snprintf_check(char *str, size_t size, const char *format, ...) return false; } + +#define DEV_RANDOM "/dev/random" + +/** + * raw_random() - Get high quality random bytes + * @buf: Buffer to fill with random bytes + * @buflen: Number of bytes of random data to put in @buf + * + * Assumes that the random data is essential, and will die() if unable to obtain + * it. + */ +void raw_random(void *buf, size_t buflen) +{ + size_t random_read = 0; +#ifndef HAS_GETRANDOM + int fd = open(DEV_RANDOM, O_RDONLY); + + if (fd < 0) + die_perror("Couldn't open %s", DEV_RANDOM); +#endif + + while (random_read < buflen) { + ssize_t ret; + +#ifdef HAS_GETRANDOM + ret = getrandom((char *)buf + random_read, + buflen - random_read, GRND_RANDOM); +#else + ret = read(dev_random, (char *)buf + random_read, + buflen - random_read); +#endif + + if (ret == -1 && errno == EINTR) + continue; + + if (ret < 0) + die_perror("Error on random data source"); + + if (ret == 0) + break; + + random_read += ret; + } + +#ifndef HAS_GETRANDOM + close(dev_random); +#endif + + if (random_read < buflen) + die("Unexpected EOF on random data source"); +} |