From: Miroslav Lichvar Date: Wed, 13 Jan 2016 10:57:36 +0000 (+0100) Subject: util: add UTI_GetRandomBytesUrandom() X-Git-Tag: 2.3-pre1~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32ac6ffa2662bb08fcaf2288176d6cafc9c62e4f;p=thirdparty%2Fchrony.git util: add UTI_GetRandomBytesUrandom() This function always uses /dev/urandom, even if arc4random() is available, and is intended for generating long-term keys. --- diff --git a/util.c b/util.c index 313bb29f..4287b98d 100644 --- a/util.c +++ b/util.c @@ -1141,17 +1141,26 @@ UTI_DropRoot(uid_t uid, gid_t gid) #define DEV_URANDOM "/dev/urandom" void -UTI_GetRandomBytes(void *buf, unsigned int len) +UTI_GetRandomBytesUrandom(void *buf, unsigned int len) { -#ifdef HAVE_ARC4RANDOM - arc4random_buf(buf, len); -#else static FILE *f = NULL; + if (!f) f = fopen(DEV_URANDOM, "r"); if (!f) LOG_FATAL(LOGF_Util, "Can't open %s : %s", DEV_URANDOM, strerror(errno)); if (fread(buf, 1, len, f) != len) LOG_FATAL(LOGF_Util, "Can't read from %s", DEV_URANDOM); +} + +/* ================================================== */ + +void +UTI_GetRandomBytes(void *buf, unsigned int len) +{ +#ifdef HAVE_ARC4RANDOM + arc4random_buf(buf, len); +#else + UTI_GetRandomBytesUrandom(buf, len); #endif } diff --git a/util.h b/util.h index 69caae10..a019fe53 100644 --- a/util.h +++ b/util.h @@ -148,7 +148,12 @@ extern int UTI_CheckDirPermissions(const char *path, mode_t perm, uid_t uid, gid /* Set process user/group IDs and drop supplementary groups */ extern void UTI_DropRoot(uid_t uid, gid_t gid); -/* Fill buffer with random bytes */ +/* Fill buffer with random bytes from /dev/urandom */ +extern void UTI_GetRandomBytesUrandom(void *buf, unsigned int len); + +/* Fill buffer with random bytes from /dev/urandom or a faster source if it's + available (e.g. arc4random()), which may not necessarily be suitable for + generating long-term keys */ extern void UTI_GetRandomBytes(void *buf, unsigned int len); /* Macros to get maximum and minimum of two values */