From ff2d528a0a6943bd4247f3c122c145a5b19f0387 Mon Sep 17 00:00:00 2001
From: Rob Landley <rob@landley.net>
Date: Wed, 4 Jul 2018 18:49:03 -0500
Subject: Add xgetrandom() with probe for new system call (else open/read
 /dev/{,u}random)

---
 lib/lib.c            |  4 +---
 lib/password.c       |  6 ++----
 lib/portability.c    | 11 +++++++++++
 lib/portability.h    |  5 +++++
 scripts/genconfig.sh |  5 +++++
 toys/other/shred.c   |  5 +----
 6 files changed, 25 insertions(+), 11 deletions(-)

diff --git a/lib/lib.c b/lib/lib.c
index 88dd13a0..6d75e0f3 100644
--- a/lib/lib.c
+++ b/lib/lib.c
@@ -1144,9 +1144,7 @@ int qstrcmp(const void *a, const void *b)
 void create_uuid(char *uuid)
 {
   // "Set all the ... bits to randomly (or pseudo-randomly) chosen values".
-  int fd = xopenro("/dev/urandom");
-  xreadall(fd, uuid, 16);
-  close(fd);
+  xgetrandom(uuid, 16, 0);
 
   // "Set the four most significant bits ... of the time_hi_and_version
   // field to the 4-bit version number [4]".
diff --git a/lib/password.c b/lib/password.c
index eab2d669..20c2f481 100644
--- a/lib/password.c
+++ b/lib/password.c
@@ -8,7 +8,7 @@
 #include "toys.h"
 #include <time.h>
 
-// generate appropriate random salt string for given encryption algorithm.
+// generate ID prefix and random salt for given encryption algorithm.
 int get_salt(char *salt, char *algo)
 {
   struct {
@@ -24,9 +24,7 @@ int get_salt(char *salt, char *algo)
       if (al[i].id) s += sprintf(s, "$%c$", '0'+al[i].id);
 
       // Read appropriate number of random bytes for salt
-      i = xopenro("/dev/urandom");
-      xreadall(i, libbuf, ((len*6)+7)/8);
-      close(i);
+      xgetrandom(libbuf, ((len*6)+7)/8, 0);
 
       // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z
       for (i=0; i<len; i++) {
diff --git a/lib/portability.c b/lib/portability.c
index 38cf5cb9..c42a052e 100644
--- a/lib/portability.c
+++ b/lib/portability.c
@@ -30,6 +30,17 @@ pid_t xfork(void)
 }
 #endif
 
+void xgetrandom(void *buf, unsigned buflen, unsigned flags)
+{
+#if CFG_TOYBOX_GETRANDOM
+  if (buflen != getrandom(buf, buflen, flags)) perror_exit("getrandom");
+#else
+  int fd = xopen(flags ? "/dev/random" : "/dev/urandom", O_RDONLY);
+  xreadall(fd, buf, buflen);
+  close(fd);
+#endif
+}
+
 #if defined(__APPLE__)
 ssize_t getdelim(char **linep, size_t *np, int delim, FILE *stream)
 {
diff --git a/lib/portability.h b/lib/portability.h
index 50c935b5..39e61810 100644
--- a/lib/portability.h
+++ b/lib/portability.h
@@ -251,3 +251,8 @@ static inline char *get_sched_policy_name(int policy) {return "unknown";}
 typedef struct {char *c_name; int c_val;} CODE;
 extern CODE prioritynames[], facilitynames[];
 #endif
+
+#if CFG_TOYBOX_GETRANDOM
+#include <sys/random.h>
+#endif
+void xgetrandom(void *buf, unsigned len, unsigned flags);
diff --git a/scripts/genconfig.sh b/scripts/genconfig.sh
index e8df5965..533df600 100755
--- a/scripts/genconfig.sh
+++ b/scripts/genconfig.sh
@@ -105,6 +105,11 @@ EOF
       struct rlimit *old_limit);
     int main(int argc, char *argv[]) { prlimit(0, 0, 0, 0); }
 EOF
+
+  probesymbol TOYBOX_GETRANDOM << EOF
+    #include <sys/random.h>
+    int main(void) { char buf[100]; getrandom(buf, 100, 0); }
+EOF
 }
 
 genconfig()
diff --git a/toys/other/shred.c b/toys/other/shred.c
index 30b5e7d9..e10adc09 100644
--- a/toys/other/shred.c
+++ b/toys/other/shred.c
@@ -33,8 +33,6 @@ GLOBALS(
   long offset;
   long iterations;
   long size;
-
-  int ufd;
 )
 
 void shred_main(void)
@@ -42,7 +40,6 @@ void shred_main(void)
   char **try;
 
   if (!(toys.optflags & FLAG_n)) TT.iterations++;
-  TT.ufd = xopenro("/dev/urandom");
 
   // We don't use loopfiles() here because "-" isn't stdin, and want to
   // respond to files we can't open via chmod.
@@ -96,7 +93,7 @@ void shred_main(void)
       if (toys.optflags & FLAG_x)
         if (len-pos < throw) throw = len-pos;
 
-      if (iter != TT.iterations) xread(TT.ufd, toybuf, throw);
+      if (iter != TT.iterations) xgetrandom(toybuf, throw, 0);
       if (throw != writeall(fd, toybuf, throw)) perror_msg_raw(*try);
       pos += throw;
     }
-- 
cgit v1.2.3