diff options
author | Rob Landley <rob@landley.net> | 2022-09-27 23:37:05 -0500 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2022-09-27 23:37:05 -0500 |
commit | 331ecc9ae78726433afe941ee24fc1befb15b6ae (patch) | |
tree | 2a0ce50d426b91e9967b55a24e136b86a961cfd6 /lib | |
parent | 8ed0bfe6e3b998a7bc74bdb131da194b65223509 (diff) | |
download | toybox-331ecc9ae78726433afe941ee24fc1befb15b6ae.tar.gz |
Loop in xgetrandom() when asked to fetch more than 256 bytes at a time.
While we're there, eliminate the third argument so the xfunc() always
exits when it can't get random data. (Should never happen with syscall,
fallback read of /dev node can go away in a couple more years.)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/lib.c | 2 | ||||
-rw-r--r-- | lib/password.c | 2 | ||||
-rw-r--r-- | lib/portability.c | 17 | ||||
-rw-r--r-- | lib/portability.h | 2 |
4 files changed, 12 insertions, 11 deletions
@@ -1228,7 +1228,7 @@ int qstrcmp(const void *a, const void *b) void create_uuid(char *uuid) { // "Set all the ... bits to randomly (or pseudo-randomly) chosen values". - xgetrandom(uuid, 16, 0); + xgetrandom(uuid, 16); // "Set the four most significant bits ... of the time_hi_and_version // field to the 4-bit version number [4]". diff --git a/lib/password.c b/lib/password.c index 3497176a..6bea3d70 100644 --- a/lib/password.c +++ b/lib/password.c @@ -23,7 +23,7 @@ int get_salt(char *salt, char *algo) if (al[i].id) s += sprintf(s, "$%c$", '0'+al[i].id); // Read appropriate number of random bytes for salt - xgetrandom(libbuf, ((len*6)+7)/8, 0); + xgetrandom(libbuf, ((len*6)+7)/8); // Grab 6 bit chunks and convert to characters in ./0-9a-zA-Z for (i = 0; i<len; i++) { diff --git a/lib/portability.c b/lib/portability.c index 4baa9367..7be909ea 100644 --- a/lib/portability.c +++ b/lib/portability.c @@ -30,7 +30,7 @@ pid_t xfork(void) } #endif -int xgetrandom(void *buf, unsigned buflen, unsigned flags) +void xgetrandom(void *buf, unsigned buflen) { int fd; @@ -39,15 +39,16 @@ int xgetrandom(void *buf, unsigned buflen, unsigned flags) // they were there first). getrandom() and getentropy() both went into glibc // in the same release (2.25 in 2017), so this test still works. #if __has_include(<sys/random.h>) - if (!getentropy(buf, buflen)) return 1; - if (errno!=ENOSYS && !(flags&WARN_ONLY)) perror_exit("getrandom"); + while (buflen) { + if (getentropy(buf, fd = buflen>256 ? 256 : buflen)) break; + buflen -= fd; + buf += fd; + } + if (!buflen) return; + if (errno!=ENOSYS) perror_exit("getrandom"); #endif - fd = xopen(flags ? "/dev/random" : "/dev/urandom",O_RDONLY|(flags&WARN_ONLY)); - if (fd == -1) return 0; - xreadall(fd, buf, buflen); + xreadall(fd = xopen("/dev/urandom", O_RDONLY), buf, buflen); close(fd); - - return 1; } // Get list of mounted filesystems, including stat and statvfs info. diff --git a/lib/portability.h b/lib/portability.h index 4de547a3..9dd14c0c 100644 --- a/lib/portability.h +++ b/lib/portability.h @@ -350,7 +350,7 @@ extern CODE prioritynames[], facilitynames[]; #if __has_include (<sys/random.h>) #include <sys/random.h> #endif -int xgetrandom(void *buf, unsigned len, unsigned flags); +void xgetrandom(void *buf, unsigned len); // Android's bionic libc doesn't have confstr. #ifdef __BIONIC__ |