1
0
mirror of https://passt.top/passt synced 2024-12-22 05:35:23 +00:00

util: Add general low-level random bytes helper

Currently secret_init() open codes getting good quality random bytes from
the OS, either via getrandom(2) or reading /dev/random.  We're going to
add at least one more place that needs random data in future, so make a
general helper for getting random bytes.  While we're there, fix a number
of minor bugs:
 - getrandom() can theoretically return a "short read", so handle that case
 - getrandom() as well as read can return a transient EINTR
 - We would attempt to read data from /dev/random if we failed to open it
   (open() returns -1), but not if we opened it as fd 0 (unlikely, but ok)
 - More specific error reporting

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson 2024-11-14 14:33:08 +11:00 committed by Stefano Brivio
parent a60703e899
commit 71d5deed5e
3 changed files with 57 additions and 29 deletions

30
passt.c
View File

@ -36,9 +36,6 @@
#include <sys/prctl.h> #include <sys/prctl.h>
#include <netinet/if_ether.h> #include <netinet/if_ether.h>
#include <libgen.h> #include <libgen.h>
#ifdef HAS_GETRANDOM
#include <sys/random.h>
#endif
#include "util.h" #include "util.h"
#include "passt.h" #include "passt.h"
@ -118,32 +115,7 @@ static void post_handler(struct ctx *c, const struct timespec *now)
*/ */
static void secret_init(struct ctx *c) static void secret_init(struct ctx *c)
{ {
#ifndef HAS_GETRANDOM raw_random(&c->hash_secret, sizeof(c->hash_secret));
int dev_random = open("/dev/random", O_RDONLY);
unsigned int random_read = 0;
while (dev_random && random_read < sizeof(c->hash_secret)) {
int ret = read(dev_random,
(uint8_t *)&c->hash_secret + random_read,
sizeof(c->hash_secret) - random_read);
if (ret == -1 && errno == EINTR)
continue;
if (ret <= 0)
break;
random_read += ret;
}
if (dev_random >= 0)
close(dev_random);
if (random_read < sizeof(c->hash_secret))
#else
if (getrandom(&c->hash_secret, sizeof(c->hash_secret),
GRND_RANDOM) < 0)
#endif /* !HAS_GETRANDOM */
die_perror("Failed to get random bytes for hash table and TCP");
} }
/** /**

54
util.c
View File

@ -34,6 +34,9 @@
#include "passt.h" #include "passt.h"
#include "packet.h" #include "packet.h"
#include "log.h" #include "log.h"
#ifdef HAS_GETRANDOM
#include <sys/random.h>
#endif
/** /**
* sock_l4_sa() - Create and bind socket to socket address, add to epoll list * sock_l4_sa() - Create and bind socket to socket address, add to epoll list
@ -783,3 +786,54 @@ bool snprintf_check(char *str, size_t size, const char *format, ...)
return false; return false;
} }
#define DEV_RANDOM "/dev/random"
/**
* raw_random() - Get high quality random bytes
* @buf: Buffer to fill with random bytes
* @buflen: Number of bytes of random data to put in @buf
*
* Assumes that the random data is essential, and will die() if unable to obtain
* it.
*/
void raw_random(void *buf, size_t buflen)
{
size_t random_read = 0;
#ifndef HAS_GETRANDOM
int fd = open(DEV_RANDOM, O_RDONLY);
if (fd < 0)
die_perror("Couldn't open %s", DEV_RANDOM);
#endif
while (random_read < buflen) {
ssize_t ret;
#ifdef HAS_GETRANDOM
ret = getrandom((char *)buf + random_read,
buflen - random_read, GRND_RANDOM);
#else
ret = read(dev_random, (char *)buf + random_read,
buflen - random_read);
#endif
if (ret == -1 && errno == EINTR)
continue;
if (ret < 0)
die_perror("Error on random data source");
if (ret == 0)
break;
random_read += ret;
}
#ifndef HAS_GETRANDOM
close(dev_random);
#endif
if (random_read < buflen)
die("Unexpected EOF on random data source");
}

2
util.h
View File

@ -263,6 +263,8 @@ static inline bool mod_between(unsigned x, unsigned i, unsigned j, unsigned m)
/* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */ /* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */
#define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__) #define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__)
void raw_random(void *buf, size_t buflen);
/* /*
* Workarounds for https://github.com/llvm/llvm-project/issues/58992 * Workarounds for https://github.com/llvm/llvm-project/issues/58992
* *