picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #6194 from keszybz/urandom-magic 

Fall back to /dev/urandom less and other random number improvements.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2017-06-30 13:05:56 -04:00 committed by GitHub
parent 9432a05c54 2416f73be1
commit 74d8f1c55b
8 changed files with 158 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -267,6 +267,7 @@
/test-process-util
/test-pty
/test-qcow2
/test-random-util
/test-ratelimit
/test-replace-var
/test-resolve

7
Makefile.am
View File

@ -1624,6 +1624,7 @@ tests += \
test-conf-parser \
test-capability \
test-async \
test-random-util \
test-ratelimit \
test-condition \
test-uid-range \
@ -1945,6 +1946,12 @@ test_fstab_util_SOURCES = \
test_fstab_util_LDADD = \
libsystemd-shared.la
test_random_util_SOURCES = \
src/test/test-random-util.c
test_random_util_LDADD = \
libsystemd-shared.la
test_ratelimit_SOURCES = \
src/test/test-ratelimit.c

120
src/basic/random-util.c
View File

@ -42,53 +42,59 @@
#include "random-util.h"
#include "time-util.h"
int dev_urandom(void *p, size_t n) {
int acquire_random_bytes(void *p, size_t n, bool high_quality_required) {
static int have_syscall = -1;
_cleanup_close_ int fd = -1;
int r;
unsigned already_done = 0;
/* Gathers some randomness from the kernel. This call will
* never block, and will always return some data from the
* kernel, regardless if the random pool is fully initialized
* or not. It thus makes no guarantee for the quality of the
* returned entropy, but is good enough for our usual usecases
* of seeding the hash functions for hashtable */
/* Gathers some randomness from the kernel. This call will never block. If
* high_quality_required, it will always return some data from the kernel,
* regardless of whether the random pool is fully initialized or not.
* Otherwise, it will return success if at least some random bytes were
* successfully acquired, and an error if the kernel has no entropy whatsover
* for us. */
/* Use the getrandom() syscall unless we know we don't have
* it, or when the requested size is too large for it. */
if (have_syscall != 0 || (size_t) (int) n != n) {
/* Use the getrandom() syscall unless we know we don't have it. */
if (have_syscall != 0) {
r = getrandom(p, n, GRND_NONBLOCK);
if (r == (int) n) {
if (r > 0) {
have_syscall = true;
return 0;
}
if (r == n)
return 0;
if (!high_quality_required) {
/* Fill in the remaing bytes using pseudorandom values */
pseudorandom_bytes((uint8_t*) p + r, n - r);
return 0;
}
if (r < 0) {
if (errno == ENOSYS)
/* we lack the syscall, continue with
* reading from /dev/urandom */
have_syscall = false;
else if (errno == EAGAIN)
/* not enough entropy for now. Let's
* remember to use the syscall the
* next time, again, but also read
* from /dev/urandom for now, which
* doesn't care about the current
* amount of entropy. */
have_syscall = true;
else
return -errno;
already_done = r;
} else if (errno == ENOSYS)
/* We lack the syscall, continue with reading from /dev/urandom. */
have_syscall = false;
else if (errno == EAGAIN) {
/* The kernel has no entropy whatsoever. Let's remember to
* use the syscall the next time again though.
*
* If high_quality_required is false, return an error so that
* random_bytes() can produce some pseudorandom
* bytes. Otherwise, fall back to /dev/urandom, which we know
* is empty, but the kernel will produce some bytes for us on
* a best-effort basis. */
have_syscall = true;
if (!high_quality_required)
return -ENODATA;
} else
/* too short read? */
return -ENODATA;
return -errno;
}
fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (fd < 0)
return errno == ENOENT ? -ENOSYS : -errno;
return loop_read_exact(fd, p, n, true);
return loop_read_exact(fd, (uint8_t*) p + already_done, n - already_done, true);
}
void initialize_srand(void) {
@ -102,8 +108,9 @@ void initialize_srand(void) {
return;
#ifdef HAVE_SYS_AUXV_H
/* The kernel provides us with 16 bytes of entropy in auxv, so let's try to make use of that to seed the
* pseudo-random generator. It's better than nothing... */
/* The kernel provides us with 16 bytes of entropy in auxv, so let's
* try to make use of that to seed the pseudo-random generator. It's
* better than nothing... */
auxv = (void*) getauxval(AT_RANDOM);
if (auxv) {
@ -121,19 +128,44 @@ void initialize_srand(void) {
srand_called = true;
}
void random_bytes(void *p, size_t n) {
/* INT_MAX gives us only 31 bits, so use 24 out of that. */
#if RAND_MAX >= INT_MAX
# define RAND_STEP 3
#else
/* SHORT_INT_MAX or lower gives at most 15 bits, we just just 8 out of that. */
# define RAND_STEP 1
#endif
void pseudorandom_bytes(void *p, size_t n) {
uint8_t *q;
int r;
r = dev_urandom(p, n);
if (r >= 0)
return;
/* If some idiot made /dev/urandom unavailable to us, he'll
* get a PRNG instead. */
initialize_srand();
for (q = p; q < (uint8_t*) p + n; q ++)
*q = rand();
for (q = p; q < (uint8_t*) p + n; q += RAND_STEP) {
unsigned rr;
rr = (unsigned) rand();
#if RAND_STEP >= 3
if (q - (uint8_t*) p + 2 < n)
q[2] = rr >> 16;
#endif
#if RAND_STEP >= 2
if (q - (uint8_t*) p + 1 < n)
q[1] = rr >> 8;
#endif
q[0] = rr;
}
}
void random_bytes(void *p, size_t n) {
int r;
r = acquire_random_bytes(p, n, false);
if (r >= 0)
return;
/* If some idiot made /dev/urandom unavailable to us, or the
* kernel has no entropy, use a PRNG instead. */
return pseudorandom_bytes(p, n);
}

4
src/basic/random-util.h
View File

@ -19,10 +19,12 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>
int dev_urandom(void *p, size_t n);
int acquire_random_bytes(void *p, size_t n, bool high_quality_required);
void pseudorandom_bytes(void *p, size_t n);
void random_bytes(void *p, size_t n);
void initialize_srand(void);

2
src/firstboot/firstboot.c
View File

@ -572,7 +572,7 @@ static int process_root_password(void) {
if (!arg_root_password)
return 0;
r = dev_urandom(raw, 16);
r = acquire_random_bytes(raw, 16, true);
if (r < 0)
return log_error_errno(r, "Failed to get salt: %m");

2
src/libsystemd/sd-id128/sd-id128.c
View File

@ -289,7 +289,7 @@ _public_ int sd_id128_randomize(sd_id128_t *ret) {
assert_return(ret, -EINVAL);
r = dev_urandom(&t, sizeof(t));
r = acquire_random_bytes(&t, sizeof t, true);
if (r < 0)
return r;

4
src/test/meson.build
View File

@ -161,6 +161,10 @@ tests += [
[],
[]],
[['src/test/test-random-util.c'],
[],
[]],
[['src/test/test-ratelimit.c'],
[],
[]],

65
src/test/test-random-util.c Normal file
View File

@ -0,0 +1,65 @@
/***
This file is part of systemd.
Copyright 2017 Zbigniew Jędrzejewski-Szmek
systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include "hexdecoct.h"
#include "random-util.h"
#include "log.h"
static void test_acquire_random_bytes(bool high_quality_required) {
uint8_t buf[16] = {};
unsigned i;
log_info("/* %s */", __func__);
for (i = 1; i < sizeof buf; i++) {
assert_se(acquire_random_bytes(buf, i, high_quality_required) == 0);
if (i + 1 < sizeof buf)
assert_se(buf[i] == 0);
hexdump(stdout, buf, i);
}
}
static void test_pseudorandom_bytes(void) {
uint8_t buf[16] = {};
unsigned i;
log_info("/* %s */", __func__);
for (i = 1; i < sizeof buf; i++) {
pseudorandom_bytes(buf, i);
if (i + 1 < sizeof buf)
assert_se(buf[i] == 0);
hexdump(stdout, buf, i);
}
}
int main(int argc, char **argv) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
log_open();
test_acquire_random_bytes(false);
test_acquire_random_bytes(true);
test_pseudorandom_bytes();
return 0;
}