diff options
-rw-r--r-- | lib/lib.c | 4 | ||||
-rw-r--r-- | lib/password.c | 6 | ||||
-rw-r--r-- | lib/portability.c | 11 | ||||
-rw-r--r-- | lib/portability.h | 5 | ||||
-rwxr-xr-x | scripts/genconfig.sh | 5 | ||||
-rw-r--r-- | toys/other/shred.c | 5 |
6 files changed, 25 insertions, 11 deletions
@@ -1144,9 +1144,7 @@ int qstrcmp(const void *a, const void *b) void create_uuid(char *uuid) { // "Set all the ... bits to randomly (or pseudo-randomly) chosen values". - int fd = xopenro("/dev/urandom"); - xreadall(fd, uuid, 16); - close(fd); + xgetrandom(uuid, 16, 0); // "Set the four most significant bits ... of the time_hi_and_version // field to the 4-bit version number [4]". diff --git a/lib/password.c b/lib/password.c index eab2d669..20c2f481 100644 --- a/lib/password.c +++ b/lib/password.c @@ -8,7 +8,7 @@ #include "toys.h" #include <time.h> -// generate appropriate random salt string for given encryption algorithm. +// generate ID prefix and random salt for given encryption algorithm. int get_salt(char *salt, char *algo) { struct { @@ -24,9 +24,7 @@ int get_salt(char *salt, char *algo) if (al[i].id) s += sprintf(s, "$%c$", '0'+al[i].id); // Read appropriate number of random bytes for salt - i = xopenro("/dev/urandom"); - xreadall(i, libbuf, ((len*6)+7)/8); - close(i); + xgetrandom(libbuf, ((len*6)+7)/8, 0); // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z for (i=0; i<len; i++) { diff --git a/lib/portability.c b/lib/portability.c index 38cf5cb9..c42a052e 100644 --- a/lib/portability.c +++ b/lib/portability.c @@ -30,6 +30,17 @@ pid_t xfork(void) } #endif +void xgetrandom(void *buf, unsigned buflen, unsigned flags) +{ +#if CFG_TOYBOX_GETRANDOM + if (buflen != getrandom(buf, buflen, flags)) perror_exit("getrandom"); +#else + int fd = xopen(flags ? "/dev/random" : "/dev/urandom", O_RDONLY); + xreadall(fd, buf, buflen); + close(fd); +#endif +} + #if defined(__APPLE__) ssize_t getdelim(char **linep, size_t *np, int delim, FILE *stream) { diff --git a/lib/portability.h b/lib/portability.h index 50c935b5..39e61810 100644 --- a/lib/portability.h +++ b/lib/portability.h @@ -251,3 +251,8 @@ static inline char *get_sched_policy_name(int policy) {return "unknown";} typedef struct {char *c_name; int c_val;} CODE; extern CODE prioritynames[], facilitynames[]; #endif + +#if CFG_TOYBOX_GETRANDOM +#include <sys/random.h> +#endif +void xgetrandom(void *buf, unsigned len, unsigned flags); diff --git a/scripts/genconfig.sh b/scripts/genconfig.sh index e8df5965..533df600 100755 --- a/scripts/genconfig.sh +++ b/scripts/genconfig.sh @@ -105,6 +105,11 @@ EOF struct rlimit *old_limit); int main(int argc, char *argv[]) { prlimit(0, 0, 0, 0); } EOF + + probesymbol TOYBOX_GETRANDOM << EOF + #include <sys/random.h> + int main(void) { char buf[100]; getrandom(buf, 100, 0); } +EOF } genconfig() diff --git a/toys/other/shred.c b/toys/other/shred.c index 30b5e7d9..e10adc09 100644 --- a/toys/other/shred.c +++ b/toys/other/shred.c @@ -33,8 +33,6 @@ GLOBALS( long offset; long iterations; long size; - - int ufd; ) void shred_main(void) @@ -42,7 +40,6 @@ void shred_main(void) char **try; if (!(toys.optflags & FLAG_n)) TT.iterations++; - TT.ufd = xopenro("/dev/urandom"); // We don't use loopfiles() here because "-" isn't stdin, and want to // respond to files we can't open via chmod. @@ -96,7 +93,7 @@ void shred_main(void) if (toys.optflags & FLAG_x) if (len-pos < throw) throw = len-pos; - if (iter != TT.iterations) xread(TT.ufd, toybuf, throw); + if (iter != TT.iterations) xgetrandom(toybuf, throw, 0); if (throw != writeall(fd, toybuf, throw)) perror_msg_raw(*try); pos += throw; } |