sysdep: Add wrapper to get random bytes

Add a wrapper function in sysdep to get random bytes, and required checks
in configure.ac to select how to do it. The configure script tries, in
order, getrandom(), getentropy() and reading from /dev/urandom.
This commit is contained in:
Toke Høiland-Jørgensen 2021-04-01 19:20:13 +02:00 committed by Ondrej Zajicek (work)
parent 91d0458389
commit c48ebde5ce
5 changed files with 97 additions and 0 deletions

View file

@ -524,6 +524,7 @@ order_shutdown(int gr)
c->gr_down = gr;
config_commit(c, RECONFIG_HARD, 0);
random_close();
shutting_down = 1;
}

View file

@ -374,6 +374,10 @@ elif test "$bird_cv_lib_log" != yes ; then
LIBS="$LIBS $bird_cv_lib_log"
fi
AC_CHECK_FUNCS(getrandom)
AC_CHECK_FUNCS(getentropy)
AC_CHECK_HEADERS(sys/random.h)
if test "$enable_debug" = yes ; then
AC_DEFINE([DEBUGGING], [1], [Define to 1 if debugging is enabled])
LDFLAGS="$LDFLAGS -rdynamic"

View file

@ -192,5 +192,8 @@ asm(
/* Pseudorandom numbers */
u32 random_u32(void);
int random_bytes(char *buf, size_t size);
void random_close(void);
void random_init(void);
#endif

View file

@ -867,6 +867,7 @@ main(int argc, char **argv)
parse_args(argc, argv);
log_switch(1, NULL, NULL);
random_init();
net_init();
resource_init();
timer_init();

View file

@ -7,6 +7,21 @@
*/
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include "sysdep/config.h"
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
#endif
#ifdef HAVE_LINUX_RANDOM_H
# include <linux/random.h>
#endif
#if defined(HAVE_SYS_RANDOM_H) && (defined(HAVE_GETRANDOM) || defined(HAVE_GETENTROPY))
# include <sys/random.h>
#endif
#include "nest/bird.h"
@ -19,3 +34,76 @@ random_u32(void)
rand_high = random();
return (rand_low & 0xffff) | ((rand_high & 0xffff) << 16);
}
void
random_init()
{
char buf;
/* get a single random byte to trip any errors early */
random_bytes(&buf, sizeof(buf));
}
#if defined(HAVE_GETRANDOM) || defined(HAVE_GENTROPY)
int
random_bytes(char *buf, size_t size)
{
int n;
int flags = 0;
while (0 < size) {
#if defined(HAVE_GETRANDOM)
n = getrandom(buf, size, flags);
#else
n = getentropy(buf, size);
#endif
if (n < 0) {
if (errno == EINTR)
continue;
die("Couldn't get random bytes: %m");
}
buf += n;
size -= n;
}
return 0;
}
void random_close(void) {}
#else
static int urandom_fd = -1;
int random_bytes(char *buf, size_t size)
{
int n;
if (urandom_fd < 0)
{
urandom_fd = open("/dev/urandom", O_RDONLY);
if (urandom_fd < 0)
die("Couldn't open /dev/urandom: %m");
}
do
{
n = read(urandom_fd, buf, size);
if (n <= 0) {
if (errno == EINTR)
continue;
die("Couldn't read from /dev/urandom: %m");
}
buf += n;
size -= n;
} while (size > 0);
return 0;
}
void
random_close(void)
{
if (urandom_fd >= 0) {
close(urandom_fd);
urandom_fd = -1;
}
}
#endif