63 lines
1.9 KiB
Diff
63 lines
1.9 KiB
Diff
From 3a8bf57bd3008b2f5338bbd8ba1db5e9e2622c92 Mon Sep 17 00:00:00 2001
|
|
From: Robbie Harwood <rharwood@redhat.com>
|
|
Date: Wed, 14 Sep 2016 16:10:34 -0400
|
|
Subject: [PATCH] Add getrandom to k5_get_os_entropy() using syscall
|
|
|
|
ticket: 8499
|
|
(cherry picked from commit a9a48392c088b53d8dd86b8008b4059ab78a3679)
|
|
---
|
|
src/lib/crypto/krb/prng.c | 30 ++++++++++++++++++++++++++++++
|
|
1 file changed, 30 insertions(+)
|
|
|
|
diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
|
|
index 9ad24c1..22948a4 100644
|
|
--- a/src/lib/crypto/krb/prng.c
|
|
+++ b/src/lib/crypto/krb/prng.c
|
|
@@ -58,6 +58,9 @@ k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
|
|
#ifdef HAVE_SYS_STAT_H
|
|
#include <sys/stat.h>
|
|
#endif
|
|
+#ifdef __linux__
|
|
+#include <sys/syscall.h>
|
|
+#endif /* __linux__ */
|
|
|
|
/* Open device, ensure that it is not a regular file, and read entropy. Return
|
|
* true on success, false on failure. */
|
|
@@ -96,6 +99,33 @@ krb5_boolean
|
|
k5_get_os_entropy(unsigned char *buf, size_t len, int strong)
|
|
{
|
|
const char *device;
|
|
+#if defined(__linux__) && defined(SYS_getrandom)
|
|
+ int r;
|
|
+
|
|
+ while (len > 0) {
|
|
+ /*
|
|
+ * Pull from the /dev/urandom pool, but it to have been seeded. This
|
|
+ * ensures strong randomness while only blocking during first system
|
|
+ * boot.
|
|
+ *
|
|
+ * glibc does not currently provide a binding for getrandom:
|
|
+ * https://sourceware.org/bugzilla/show_bug.cgi?id=17252
|
|
+ */
|
|
+ errno = 0;
|
|
+ r = syscall(SYS_getrandom, buf, len, 0);
|
|
+ if (r <= 0) {
|
|
+ if (errno == EINTR)
|
|
+ continue;
|
|
+
|
|
+ /* ENOSYS or other unrecoverable failure */
|
|
+ break;
|
|
+ }
|
|
+ len -= r;
|
|
+ buf += r;
|
|
+ }
|
|
+ if (len == 0)
|
|
+ return TRUE;
|
|
+#endif /* defined(__linux__) && defined(SYS_getrandom) */
|
|
|
|
device = strong ? "/dev/random" : "/dev/urandom";
|
|
return read_entropy_from_device(device, buf, len);
|
|
--
|
|
2.9.3
|
|
|