Currently secret_init() open codes getting good quality random bytes from
the OS, either via getrandom(2) or reading /dev/random. We're going to
add at least one more place that needs random data in future, so make a
general helper for getting random bytes. While we're there, fix a number
of minor bugs:
- getrandom() can theoretically return a "short read", so handle that case
- getrandom() as well as read can return a transient EINTR
- We would attempt to read data from /dev/random if we failed to open it
(open() returns -1), but not if we opened it as fd 0 (unlikely, but ok)
- More specific error reporting
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
passt.c | 30 +-----------------------------
util.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
util.h | 2 ++
3 files changed, 57 insertions(+), 29 deletions(-)
diff --git a/passt.c b/passt.c
index fac6101..73649de 100644
--- a/passt.c
+++ b/passt.c
@@ -36,9 +36,6 @@
#include <sys/prctl.h>
#include <netinet/if_ether.h>
#include <libgen.h>
-#ifdef HAS_GETRANDOM
-#include <sys/random.h>
-#endif
#include "util.h"
#include "passt.h"
@@ -118,32 +115,7 @@ static void post_handler(struct ctx *c, const struct timespec *now)
*/
static void secret_init(struct ctx *c)
{
-#ifndef HAS_GETRANDOM
- int dev_random = open("/dev/random", O_RDONLY);
- unsigned int random_read = 0;
-
- while (dev_random && random_read < sizeof(c->hash_secret)) {
- int ret = read(dev_random,
- (uint8_t *)&c->hash_secret + random_read,
- sizeof(c->hash_secret) - random_read);
-
- if (ret == -1 && errno == EINTR)
- continue;
-
- if (ret <= 0)
- break;
-
- random_read += ret;
- }
- if (dev_random >= 0)
- close(dev_random);
-
- if (random_read < sizeof(c->hash_secret))
-#else
- if (getrandom(&c->hash_secret, sizeof(c->hash_secret),
- GRND_RANDOM) < 0)
-#endif /* !HAS_GETRANDOM */
- die_perror("Failed to get random bytes for hash table and TCP");
+ raw_random(&c->hash_secret, sizeof(c->hash_secret));
}
/**
diff --git a/util.c b/util.c
index 126dedb..55cae3f 100644
--- a/util.c
+++ b/util.c
@@ -34,6 +34,9 @@
#include "passt.h"
#include "packet.h"
#include "log.h"
+#ifdef HAS_GETRANDOM
+#include <sys/random.h>
+#endif
/**
* sock_l4_sa() - Create and bind socket to socket address, add to epoll list
@@ -783,3 +786,54 @@ bool snprintf_check(char *str, size_t size, const char *format, ...)
return false;
}
+
+#define DEV_RANDOM "/dev/random"
+
+/**
+ * raw_random() - Get high quality random bytes
+ * @buf: Buffer to fill with random bytes
+ * @buflen: Number of bytes of random data to put in @buf
+ *
+ * Assumes that the random data is essential, and will die() if unable to obtain
+ * it.
+ */
+void raw_random(void *buf, size_t buflen)
+{
+ size_t random_read = 0;
+#ifndef HAS_GETRANDOM
+ int fd = open(DEV_RANDOM, O_RDONLY);
+
+ if (fd < 0)
+ die_perror("Couldn't open %s", DEV_RANDOM);
+#endif
+
+ while (random_read < buflen) {
+ ssize_t ret;
+
+#ifdef HAS_GETRANDOM
+ ret = getrandom((char *)buf + random_read,
+ buflen - random_read, GRND_RANDOM);
+#else
+ ret = read(dev_random, (char *)buf + random_read,
+ buflen - random_read);
+#endif
+
+ if (ret == -1 && errno == EINTR)
+ continue;
+
+ if (ret < 0)
+ die_perror("Error on random data source");
+
+ if (ret == 0)
+ break;
+
+ random_read += ret;
+ }
+
+#ifndef HAS_GETRANDOM
+ close(dev_random);
+#endif
+
+ if (random_read < buflen)
+ die("Unexpected EOF on random data source");
+}
diff --git a/util.h b/util.h
index 3616515..90428c4 100644
--- a/util.h
+++ b/util.h
@@ -263,6 +263,8 @@ static inline bool mod_between(unsigned x, unsigned i, unsigned j,
unsigned m)
/* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */
#define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__)
+void raw_random(void *buf, size_t buflen);
+
/*
* Workarounds for https://github.com/llvm/llvm-project/issues/58992
*
--
2.47.0