You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by GitBox <gi...@apache.org> on 2022/03/24 15:30:53 UTC
[GitHub] [incubator-nuttx] pkarashchenko commented on a change in pull request #5837: libc: Implement getrandom on top of "/dev/[u]random"
pkarashchenko commented on a change in pull request #5837:
URL: https://github.com/apache/incubator-nuttx/pull/5837#discussion_r834434602
##########
File path: libs/libc/misc/lib_getrandom.c
##########
@@ -0,0 +1,91 @@
+/****************************************************************************
+ * libs/libc/misc/lib_getrandom.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/random.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: getrandom
+ *
+ * Description:
+ * Fill a buffer of arbitrary length with randomness. This is the
+ * preferred interface for getting random numbers. The traditional
+ * /dev/random approach is susceptible for things like the attacker
+ * exhausting file descriptors on purpose.
+ *
+ * Note that this function cannot fail, other than by asserting.
+ *
+ * Input Parameters:
+ * bytes - Buffer for returned random bytes
+ * nbytes - Number of bytes requested.
+ * flags - Bit mask that can contain zero or more of the ORed values
+ * together.
+ *
+ * Returned Value:
+ * On success, getrandom() returns the number of bytes that were copied
+ * to the buffer buf. This may be less than the number of bytes
+ * requested via buflen if either GRND_RANDOM was specified in flags and
+ * insufficient entropy was present in the random source or the system
+ * call was interrupted by a signal.
+ *
+ * On error, -1 is returned, and errno is set appropriately.
+ *
+ ****************************************************************************/
+
+ssize_t getrandom(FAR void *bytes, size_t nbytes, unsigned int flags)
+{
+ int oflags = O_RDONLY;
+ FAR const char *dev;
+ int fd;
+
+ if (flags & GRND_NONBLOCK)
Review comment:
```suggestion
if ((flags & GRND_NONBLOCK) != 0)
```
##########
File path: libs/libc/misc/lib_getrandom.c
##########
@@ -0,0 +1,91 @@
+/****************************************************************************
+ * libs/libc/misc/lib_getrandom.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/random.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: getrandom
+ *
+ * Description:
+ * Fill a buffer of arbitrary length with randomness. This is the
+ * preferred interface for getting random numbers. The traditional
+ * /dev/random approach is susceptible for things like the attacker
+ * exhausting file descriptors on purpose.
+ *
+ * Note that this function cannot fail, other than by asserting.
+ *
+ * Input Parameters:
+ * bytes - Buffer for returned random bytes
+ * nbytes - Number of bytes requested.
+ * flags - Bit mask that can contain zero or more of the ORed values
+ * together.
+ *
+ * Returned Value:
+ * On success, getrandom() returns the number of bytes that were copied
+ * to the buffer buf. This may be less than the number of bytes
+ * requested via buflen if either GRND_RANDOM was specified in flags and
+ * insufficient entropy was present in the random source or the system
+ * call was interrupted by a signal.
+ *
+ * On error, -1 is returned, and errno is set appropriately.
+ *
+ ****************************************************************************/
+
+ssize_t getrandom(FAR void *bytes, size_t nbytes, unsigned int flags)
+{
+ int oflags = O_RDONLY;
+ FAR const char *dev;
+ int fd;
+
+ if (flags & GRND_NONBLOCK)
+ {
+ oflags |= O_NONBLOCK;
+ }
+
+ if (flags & GRND_RANDOM)
Review comment:
```suggestion
if ((flags & GRND_RANDOM) != 0)
```
##########
File path: include/sys/random.h
##########
@@ -0,0 +1,79 @@
+/****************************************************************************
+ * include/sys/random.h
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+#ifndef __INCLUDE_SYS_RANDOM_H
+#define __INCLUDE_SYS_RANDOM_H
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <stddef.h>
+
+/****************************************************************************
+ * Pre-processor Definitions
+ ****************************************************************************/
+
+/* Flags for getrandom(2)
+ *
+ * GRND_NONBLOCK Don't block and return EAGAIN instead
+ * GRND_RANDOM No effect
+ * GRND_INSECURE Return non-cryptographic random bytes
+ */
+
+#define GRND_NONBLOCK 0x0001
+#define GRND_RANDOM 0x0002
+#define GRND_INSECURE 0x0004
Review comment:
```suggestion
#define GRND_NONBLOCK (1 << 0)
#define GRND_RANDOM (1 << 1)
#define GRND_INSECURE (1 << 2)
```
##########
File path: libs/libc/uuid/lib_uuid_create.c
##########
@@ -42,25 +43,31 @@
void uuid_create(uuid_t *u, uint32_t *status)
{
-#ifdef CONFIG_CRYPTO_RANDOM_POOL
- arc4random_buf(u, sizeof(uuid_t));
-#else
unsigned long *beg = (unsigned long *)u;
unsigned long *end = (unsigned long *)(u + 1);
+ ssize_t ret;
- while (beg < end)
+ ret = getrandom(u, sizeof(uuid_t), 0);
+ if (ret < 0)
{
- *beg++ = rand();
+ ret = getrandom(u, sizeof(uuid_t), GRND_RANDOM);
}
-#endif
- u->clock_seq_hi_and_reserved &= ~(1 << 6);
- u->clock_seq_hi_and_reserved |= (1 << 7);
+ if (ret != sizeof(uuid_t))
+ {
+ while (beg < end)
+ {
+ *beg++ = rand();
+ }
+
+ u->clock_seq_hi_and_reserved &= ~(1 << 6);
+ u->clock_seq_hi_and_reserved |= (1 << 7);
- u->time_hi_and_version &= ~(1 << 12);
- u->time_hi_and_version &= ~(1 << 13);
- u->time_hi_and_version |= (1 << 14);
- u->time_hi_and_version &= ~(1 << 15);
+ u->time_hi_and_version &= ~(1 << 12);
+ u->time_hi_and_version &= ~(1 << 13);
+ u->time_hi_and_version |= (1 << 14);
+ u->time_hi_and_version &= ~(1 << 15);
Review comment:
I think this should be out of `if`.
##########
File path: libs/libc/misc/lib_getrandom.c
##########
@@ -0,0 +1,91 @@
+/****************************************************************************
+ * libs/libc/misc/lib_getrandom.c
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership. The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <sys/random.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * Name: getrandom
+ *
+ * Description:
+ * Fill a buffer of arbitrary length with randomness. This is the
+ * preferred interface for getting random numbers. The traditional
+ * /dev/random approach is susceptible for things like the attacker
+ * exhausting file descriptors on purpose.
+ *
+ * Note that this function cannot fail, other than by asserting.
+ *
+ * Input Parameters:
+ * bytes - Buffer for returned random bytes
+ * nbytes - Number of bytes requested.
+ * flags - Bit mask that can contain zero or more of the ORed values
+ * together.
+ *
+ * Returned Value:
+ * On success, getrandom() returns the number of bytes that were copied
+ * to the buffer buf. This may be less than the number of bytes
+ * requested via buflen if either GRND_RANDOM was specified in flags and
+ * insufficient entropy was present in the random source or the system
+ * call was interrupted by a signal.
+ *
+ * On error, -1 is returned, and errno is set appropriately.
+ *
+ ****************************************************************************/
+
+ssize_t getrandom(FAR void *bytes, size_t nbytes, unsigned int flags)
+{
+ int oflags = O_RDONLY;
+ FAR const char *dev;
+ int fd;
+
+ if (flags & GRND_NONBLOCK)
+ {
+ oflags |= O_NONBLOCK;
+ }
+
+ if (flags & GRND_RANDOM)
+ {
+ dev = "/dev/random";
+ }
+ else
+ {
+ dev = "dev/urandom";
Review comment:
```suggestion
dev = "/dev/urandom";
```
##########
File path: libs/libc/uuid/lib_uuid_create.c
##########
@@ -42,25 +43,31 @@
void uuid_create(uuid_t *u, uint32_t *status)
{
-#ifdef CONFIG_CRYPTO_RANDOM_POOL
- arc4random_buf(u, sizeof(uuid_t));
-#else
unsigned long *beg = (unsigned long *)u;
unsigned long *end = (unsigned long *)(u + 1);
+ ssize_t ret;
- while (beg < end)
+ ret = getrandom(u, sizeof(uuid_t), 0);
+ if (ret < 0)
{
- *beg++ = rand();
+ ret = getrandom(u, sizeof(uuid_t), GRND_RANDOM);
}
-#endif
- u->clock_seq_hi_and_reserved &= ~(1 << 6);
- u->clock_seq_hi_and_reserved |= (1 << 7);
+ if (ret != sizeof(uuid_t))
+ {
+ while (beg < end)
Review comment:
I think we can move
```
unsigned long *beg = (unsigned long *)u;
unsigned long *end = (unsigned long *)(u + 1);
```
inside the `if`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@nuttx.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org