Use arc4random()/getrandom() to get random bytes instead of sysctl() interface

author: Ondřej Surý <ondrej@sury.org> 2016-08-30 10:08:07 +0200
committer: Ondřej Surý <ondrej@sury.org> 2016-08-30 10:08:07 +0200
commit: 6de837ba4e208260ac6043d521b0a1d79ffd58a7 (patch)
tree: 6370c790fadc971c6fc3ef7d16eff1d5ece5e747
parent: 40951862e12fe8d9c2fd0ffd4f16e9fe4d951f33 (diff)
download: luaossl-6de837ba4e208260ac6043d521b0a1d79ffd58a7.tar.gz
luaossl-6de837ba4e208260ac6043d521b0a1d79ffd58a7.tar.bz2
luaossl-6de837ba4e208260ac6043d521b0a1d79ffd58a7.zip
1 files changed, 32 insertions, 31 deletions
diff --git a/src/openssl.c b/src/openssl.c
index d8eebb5..6addcaa 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -48,6 +48,19 @@
 #if __APPLE__
 #include <mach/mach_time.h> /* mach_absolute_time() */
+#define HAVE_ARC4RANDOM
+#endif
+#if defined(__FreeBSD_kernel__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+#define HAVE_ARC4RANDOM
+#endif
+#if defined(__linux__)
+#include <linux/version.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,17,0)
+#define HAVE_GETRANDOM
+#include <linux/random.h>
+#endif
 #endif
 #include <openssl/opensslconf.h>
@@ -7811,44 +7824,16 @@ static struct randL_state *randL_getstate(lua_State *L) {
        return lua_touserdata(L, lua_upvalueindex(1));
 } /* randL_getstate() */
-#ifndef HAVE_SYS_SYSCTL_H
-#define HAVE_SYS_SYSCTL_H (BSD || __GLIBC__)
-#endif
-#if HAVE_SYS_SYSCTL_H
-#include <sys/sysctl.h> /* CTL_KERN KERN_RANDOM RANDOM_UUID KERN_URND KERN_ARND sysctl(2) */
-#endif
-#ifndef HAVE_RANDOM_UUID
-#define HAVE_RANDOM_UUID (HAVE_SYS_SYSCTL_H && defined __linux) /* RANDOM_UUID is an enum, not macro */
-#endif
-#ifndef HAVE_KERN_URND
-#define HAVE_KERN_URND (defined KERN_URND)
-#endif
-#ifndef HAVE_KERN_ARND
-#define HAVE_KERN_ARND (defined KERN_ARND)
-#endif
 static int randL_stir(struct randL_state *st, unsigned rqstd) {
        unsigned count = 0;
        int error;
        unsigned char data[256];
-#if HAVE_RANDOM_UUID || HAVE_KERN_URND || HAVE_KERN_ARND
+#if HAVE_ARC4RANDOM
-#if HAVE_RANDOM_UUID
+        while (count < rqst) {
-        int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
-#elif HAVE_KERN_URND
-        int mib[] = { CTL_KERN, KERN_URND };
-#else
-        int mib[] = { CTL_KERN, KERN_ARND };
-#endif
-        while (count < rqstd) {
                size_t n = MIN(rqstd - count, sizeof data);
-                if (0 != sysctl(mib, countof(mib), data, &n, (void *)0, 0))
+                arc4random(data, n);
-                        break;
                RAND_add(data, n, n);
@@ -7856,6 +7841,22 @@ static int randL_stir(struct randL_state *st, unsigned rqstd) {
        }
 #endif
+#if HAVE_GETRANDOM
+        while (count < rqst) {
+                size_t n = MIN(rqstd - count, sizeof data);
+                n = getrandom(data, n, 0);
+                if (n == -1) {
+                        break;
+                }
+                RAND_add(data, n, n);
+                count += n;
+        }
+#endif
        if (count < rqstd) {
 #if defined O_CLOEXEC && (!defined _AIX /* O_CLOEXEC overflows int */)
                int fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
author	Ondřej Surý <ondrej@sury.org>	2016-08-30 10:08:07 +0200
committer	Ondřej Surý <ondrej@sury.org>	2016-08-30 10:08:07 +0200
commit	6de837ba4e208260ac6043d521b0a1d79ffd58a7 (patch)
tree	6370c790fadc971c6fc3ef7d16eff1d5ece5e747
parent	40951862e12fe8d9c2fd0ffd4f16e9fe4d951f33 (diff)
download	luaossl-6de837ba4e208260ac6043d521b0a1d79ffd58a7.tar.gz luaossl-6de837ba4e208260ac6043d521b0a1d79ffd58a7.tar.bz2 luaossl-6de837ba4e208260ac6043d521b0a1d79ffd58a7.zip