Bugzilla – Attachment 3607 Details for
Bug 3467
[upstream] arc4random: make rekey interval less predictable
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Factor out getrnd() into its own file and rename to getentropy()
openssh-getentropy-refactor.patch (text/plain), 5.48 KB, created by
Darren Tucker
on 2022-08-04 21:45:16 AEST
(
hide
)
Description:
Factor out getrnd() into its own file and rename to getentropy()
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2022-08-04 21:45:16 AEST
Size:
5.48 KB
patch
obsolete
>diff --git a/configure.ac b/configure.ac >index e49e163b..c36aee2c 100644 >--- a/configure.ac >+++ b/configure.ac >@@ -1879,6 +1879,7 @@ AC_CHECK_FUNCS([ \ > futimes \ > getaddrinfo \ > getcwd \ >+ getentropy \ > getgrouplist \ > getline \ > getnameinfo \ >@@ -2110,7 +2111,7 @@ AC_CHECK_DECLS([O_NONBLOCK], , , > #endif > ]) > >-AC_CHECK_DECLS([ftruncate], , , >+AC_CHECK_DECLS([ftruncate, getentropy], , , > [ > #include <sys/types.h> > #include <unistd.h> >diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in >index bca8c42a..cebe4fe4 100644 >--- a/openbsd-compat/Makefile.in >+++ b/openbsd-compat/Makefile.in >@@ -70,6 +70,7 @@ COMPAT= arc4random.o \ > bsd-cygwin_util.o \ > bsd-err.o \ > bsd-flock.o \ >+ bsd-getentropy.o \ > bsd-getline.o \ > bsd-getpagesize.o \ > bsd-getpeereid.o \ >diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c >index ce5f054f..f43b5c7c 100644 >--- a/openbsd-compat/arc4random.c >+++ b/openbsd-compat/arc4random.c >@@ -33,19 +33,10 @@ > #include <string.h> > #include <unistd.h> > >-#ifdef HAVE_SYS_RANDOM_H >-# include <sys/random.h> >-#endif >- > #ifndef HAVE_ARC4RANDOM > > #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) > >-#ifdef WITH_OPENSSL >-#include <openssl/rand.h> >-#include <openssl/err.h> >-#endif >- > #include "log.h" > > #define KEYSTREAM_ONLY >@@ -83,56 +74,13 @@ _rs_init(u_char *buf, size_t n) > chacha_ivsetup(&rs, buf + KEYSZ); > } > >-#ifndef WITH_OPENSSL >-# ifndef SSH_RANDOM_DEV >-# define SSH_RANDOM_DEV "/dev/urandom" >-# endif /* SSH_RANDOM_DEV */ >-static void >-getrnd(u_char *s, size_t len) >-{ >- int fd, save_errno; >- ssize_t r; >- size_t o = 0; >- >-#ifdef HAVE_GETRANDOM >- if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) >- return; >-#endif /* HAVE_GETRANDOM */ >- >- if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) { >- save_errno = errno; >- /* Try egd/prngd before giving up. */ >- if (seed_from_prngd(s, len) == 0) >- return; >- fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, >- strerror(save_errno)); >- } >- while (o < len) { >- r = read(fd, s + o, len - o); >- if (r < 0) { >- if (errno == EAGAIN || errno == EINTR || >- errno == EWOULDBLOCK) >- continue; >- fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); >- } >- o += r; >- } >- close(fd); >-} >-#endif /* WITH_OPENSSL */ >- > static void > _rs_stir(void) > { > u_char rnd[KEYSZ + IVSZ]; > >-#ifdef WITH_OPENSSL >- if (RAND_bytes(rnd, sizeof(rnd)) <= 0) >- fatal("Couldn't obtain random bytes (error 0x%lx)", >- (unsigned long)ERR_get_error()); >-#else >- getrnd(rnd, sizeof(rnd)); >-#endif >+ if (getentropy(rnd, sizeof rnd) == -1) >+ fatal("getentropy failed"); > > if (!rs_initialized) { > rs_initialized = 1; >diff --git a/openbsd-compat/bsd-getentropy.c b/openbsd-compat/bsd-getentropy.c >new file mode 100644 >index 00000000..1733e287 >--- /dev/null >+++ b/openbsd-compat/bsd-getentropy.c >@@ -0,0 +1,82 @@ >+/* >+ * Copyright (c) 1996, David Mazieres <dm@uun.org> >+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org> >+ * Copyright (c) 2013, Markus Friedl <markus@openbsd.org> >+ * >+ * Permission to use, copy, modify, and distribute this software for any >+ * purpose with or without fee is hereby granted, provided that the above >+ * copyright notice and this permission notice appear in all copies. >+ * >+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES >+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF >+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR >+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES >+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN >+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF >+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. >+ */ >+ >+#include "includes.h" >+ >+#ifndef HAVE_GETENTROPY >+ >+#ifndef SSH_RANDOM_DEV >+# define SSH_RANDOM_DEV "/dev/urandom" >+#endif /* SSH_RANDOM_DEV */ >+ >+#include <sys/types.h> >+#ifdef HAVE_SYS_RANDOM_H >+# include <sys/random.h> >+#endif >+ >+#include <fcntl.h> >+#include <stdlib.h> >+#include <string.h> >+#include <unistd.h> >+#ifdef WITH_OPENSSL >+#include <openssl/rand.h> >+#include <openssl/err.h> >+#endif >+ >+#include "log.h" >+ >+int >+getentropy(void *s, size_t len) >+{ >+#ifdef WITH_OPENSSL >+ if (RAND_bytes(s, len) <= 0) >+ fatal("Couldn't obtain random bytes (error 0x%lx)", >+ (unsigned long)ERR_get_error()); >+#else >+ int fd, save_errno; >+ ssize_t r; >+ size_t o = 0; >+ >+#ifdef HAVE_GETRANDOM >+ if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) >+ return 0; >+#endif /* HAVE_GETRANDOM */ >+ >+ if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) { >+ save_errno = errno; >+ /* Try egd/prngd before giving up. */ >+ if (seed_from_prngd(s, len) == 0) >+ return 0; >+ fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, >+ strerror(save_errno)); >+ } >+ while (o < len) { >+ r = read(fd, (u_char *)s + o, len - o); >+ if (r < 0) { >+ if (errno == EAGAIN || errno == EINTR || >+ errno == EWOULDBLOCK) >+ continue; >+ fatal("read %s: %s", SSH_RANDOM_DEV, strerror(errno)); >+ } >+ o += r; >+ } >+ close(fd); >+#endif /* WITH_OPENSSL */ >+ return 0; >+} >+#endif /* WITH_GETENTROPY */ >diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h >index 4316ab84..93efff2f 100644 >--- a/openbsd-compat/openbsd-compat.h >+++ b/openbsd-compat/openbsd-compat.h >@@ -69,6 +69,10 @@ void closefrom(int); > int ftruncate(int filedes, off_t length); > #endif > >+#if defined(HAVE_DECL_GETENTROPY) && HAVE_DECL_GETENTROPY == 0 >+int getentropy(void *, size_t); >+#endif >+ > #ifndef HAVE_GETLINE > #include <stdio.h> > ssize_t getline(char **, size_t *, FILE *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3607">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
djm
:
ok+
Actions:
View
|
Diff
Attachments on
bug 3467
:
3605
|
3606
|
3607
|
3608
|
3609