diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2022-04-30 15:33:28 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2022-04-30 15:33:28 +0200 |
| commit | 52f3cf7e5f8c2635ffd456602b74118cf86ec099 (patch) | |
| tree | da656406faf55eef445a7b2b36e9ff298d98b11b | |
| parent | 282b61a64921775e5d167df942347a8a3cf984e7 (diff) | |
| download | busybox-w32-52f3cf7e5f8c2635ffd456602b74118cf86ec099.tar.gz busybox-w32-52f3cf7e5f8c2635ffd456602b74118cf86ec099.tar.bz2 busybox-w32-52f3cf7e5f8c2635ffd456602b74118cf86ec099.zip | |
seedrng: simplify read_new_seed() to not have error return
gcc in fact detects this and does this transformation
when generating code - no object code changes.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | util-linux/seedrng.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/util-linux/seedrng.c b/util-linux/seedrng.c index 3f4c5c0c8..5559ba77c 100644 --- a/util-linux/seedrng.c +++ b/util-linux/seedrng.c | |||
| @@ -75,31 +75,38 @@ static size_t determine_optimal_seed_len(void) | |||
| 75 | return MAX(MIN(poolsize, MAX_SEED_LEN), MIN_SEED_LEN); | 75 | return MAX(MIN(poolsize, MAX_SEED_LEN), MIN_SEED_LEN); |
| 76 | } | 76 | } |
| 77 | 77 | ||
| 78 | static int read_new_seed(uint8_t *seed, size_t len, bool *is_creditable) | 78 | static bool read_new_seed(uint8_t *seed, size_t len) |
| 79 | { | 79 | { |
| 80 | bool is_creditable; | ||
| 80 | ssize_t ret; | 81 | ssize_t ret; |
| 81 | 82 | ||
| 82 | ret = getrandom(seed, len, GRND_NONBLOCK); | 83 | ret = getrandom(seed, len, GRND_NONBLOCK); |
| 83 | if (ret == (ssize_t)len) { | 84 | if (ret == (ssize_t)len) { |
| 84 | *is_creditable = true; | 85 | return true; |
| 85 | return 0; | ||
| 86 | } | 86 | } |
| 87 | if (ret < 0 && errno == ENOSYS) { | 87 | if (ret < 0 && errno == ENOSYS) { |
| 88 | struct pollfd random_fd = { | 88 | struct pollfd random_fd = { |
| 89 | .fd = xopen("/dev/random", O_RDONLY), | 89 | .fd = xopen("/dev/random", O_RDONLY), |
| 90 | .events = POLLIN | 90 | .events = POLLIN |
| 91 | }; | 91 | }; |
| 92 | *is_creditable = poll(&random_fd, 1, 0) == 1; | 92 | is_creditable = poll(&random_fd, 1, 0) == 1; |
| 93 | //This is racy. is_creditable can be set to true here, but other process | ||
| 94 | //can consume "good" random data from /dev/urandom before we do it below. | ||
| 93 | close(random_fd.fd); | 95 | close(random_fd.fd); |
| 94 | } else { | 96 | } else { |
| 95 | *is_creditable = false; | ||
| 96 | if (getrandom(seed, len, GRND_INSECURE) == (ssize_t)len) | 97 | if (getrandom(seed, len, GRND_INSECURE) == (ssize_t)len) |
| 97 | return 0; | 98 | return false; |
| 99 | is_creditable = false; | ||
| 98 | } | 100 | } |
| 101 | |||
| 102 | /* Either getrandom() is not implemented, or | ||
| 103 | * getrandom(GRND_INSECURE) did not give us LEN bytes. | ||
| 104 | * Fallback to reading /dev/urandom. | ||
| 105 | */ | ||
| 99 | errno = 0; | 106 | errno = 0; |
| 100 | if (open_read_close("/dev/urandom", seed, len) != (ssize_t)len) | 107 | if (open_read_close("/dev/urandom", seed, len) != (ssize_t)len) |
| 101 | bb_perror_msg_and_die("can't read '%s'", "/dev/urandom"); | 108 | bb_perror_msg_and_die("can't read '%s'", "/dev/urandom"); |
| 102 | return 0; | 109 | return is_creditable; |
| 103 | } | 110 | } |
| 104 | 111 | ||
| 105 | static void seed_rng(uint8_t *seed, size_t len, bool credit) | 112 | static void seed_rng(uint8_t *seed, size_t len, bool credit) |
| @@ -190,17 +197,13 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[]) | |||
| 190 | } | 197 | } |
| 191 | 198 | ||
| 192 | new_seed_len = determine_optimal_seed_len(); | 199 | new_seed_len = determine_optimal_seed_len(); |
| 193 | if (read_new_seed(new_seed, new_seed_len, &new_seed_creditable) < 0) { | 200 | new_seed_creditable = read_new_seed(new_seed, new_seed_len); |
| 194 | bb_perror_msg("can't%s seed", " read new"); | ||
| 195 | new_seed_len = SHA256_OUTSIZE; | ||
| 196 | memset(new_seed, 0, SHA256_OUTSIZE); | ||
| 197 | program_ret |= 1 << 3; | ||
| 198 | } | ||
| 199 | sha256_hash(&hash, &new_seed_len, sizeof(new_seed_len)); | 201 | sha256_hash(&hash, &new_seed_len, sizeof(new_seed_len)); |
| 200 | sha256_hash(&hash, new_seed, new_seed_len); | 202 | sha256_hash(&hash, new_seed, new_seed_len); |
| 201 | sha256_end(&hash, new_seed + new_seed_len - SHA256_OUTSIZE); | 203 | sha256_end(&hash, new_seed + new_seed_len - SHA256_OUTSIZE); |
| 202 | 204 | ||
| 203 | printf("Saving %u bits of %screditable seed for next boot\n", (unsigned)new_seed_len * 8, new_seed_creditable ? "" : "non-"); | 205 | printf("Saving %u bits of %screditable seed for next boot\n", |
| 206 | (unsigned)new_seed_len * 8, new_seed_creditable ? "" : "non-"); | ||
| 204 | fd = open(NON_CREDITABLE_SEED_NAME, O_WRONLY | O_CREAT | O_TRUNC, 0400); | 207 | fd = open(NON_CREDITABLE_SEED_NAME, O_WRONLY | O_CREAT | O_TRUNC, 0400); |
| 205 | if (fd < 0 || full_write(fd, new_seed, new_seed_len) != (ssize_t)new_seed_len || fsync(fd) < 0) { | 208 | if (fd < 0 || full_write(fd, new_seed, new_seed_len) != (ssize_t)new_seed_len || fsync(fd) < 0) { |
| 206 | bb_perror_msg("can't%s seed", " write"); | 209 | bb_perror_msg("can't%s seed", " write"); |