Add VRND_CryptoQuality() so we don't have /dev/random creeping in

all over the place. Drop fallbacks, if your OS do not have /dev/random in 2016, it should not have a network connection either.

Add VRND_CryptoQuality() so we don't have /dev/random creeping in
all over the place. Drop fallbacks, if your OS do not have /dev/random in 2016, it should not have a network connection either.
a8250f55 · Poul-Henning Kamp · 56fe060c · a8250f55 · a8250f55 · a8250f55
Commit a8250f55 authored Aug 29, 2016 by Poul-Henning Kamp
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 42 deletions

mgt_cli.c bin/varnishd/mgt/mgt_cli.c +3 -3

mgt_main.c bin/varnishd/mgt/mgt_main.c +2 -11

vrnd.h include/vrnd.h +1 -0

vrnd.c lib/libvarnish/vrnd.c +20 -28

No files found.
--- a/bin/varnishd/mgt/mgt_cli.c
+++ b/bin/varnishd/mgt/mgt_cli.c
@@ -242,9 +242,9 @@ mgt_cli_challenge(struct cli *cli)
 {
 	int i;

-	VRND_Seed();
-	for (i = 0; i + 2L < sizeof cli->challenge; i++)
-		cli->challenge[i] = (random() % 26) + 'a';
+	AZ(VRND_CryptoQuality(cli->challenge, sizeof cli->challenge - 2));
+	for (i = 0; i < sizeof cli->challenge - 2; i++)
+		cli->challenge[i] = (cli->challenge[i] % 26) + 'a';
 	cli->challenge[i++] = '\n';
 	cli->challenge[i] = '\0';
 	VCLI_Out(cli, "%s", cli->challenge);

--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -394,9 +394,8 @@ make_secret(const char *dirname)
 {
 	char *fn;
 	int fdo;
-	int i, j;
+	int i;
 	unsigned char b;
-	int fdi;

 	assert(asprintf(&fn, "%s/_.secret", dirname) > 0);

@@ -406,18 +405,10 @@ make_secret(const char *dirname)
 		ARGV_ERR("Cannot create secret-file in %s (%s)\n",
 		    dirname, strerror(errno));

-	fdi = open("/dev/urandom", O_RDONLY);
-	if (fdi < 0)
-		fdi = open("/dev/random", O_RDONLY);
-	if (fdi < 0)
-		ARGV_ERR("No /dev/[u]random, cannot autogenerate -S file\n");
-
 	for (i = 0; i < 256; i++) {
-		j = read(fdi, &b, 1);
-		assert(j == 1);
+		AZ(VRND_CryptoQuality(&b, 1));
 		assert(1 == write(fdo, &b, 1));
 	}
-	AZ(close(fdi));
 	AZ(close(fdo));
 	VJ_master(JAIL_MASTER_LOW);
 	AZ(atexit(mgt_secret_atexit));

--- a/include/vrnd.h
+++ b/include/vrnd.h
@@ -28,4 +28,5 @@
 * Random functions
 */

+int VRND_CryptoQuality(void *, size_t);
 void VRND_Seed(void);		/* Seed random(3) properly */
--- a/lib/libvarnish/vrnd.c
+++ b/lib/libvarnish/vrnd.c
@@ -40,39 +40,31 @@
 #include "vtim.h"
 #include "vsha256.h"

-void
-VRND_Seed(void)
+int
+VRND_CryptoQuality(void *ptr, size_t len)
 {
-	unsigned long seed;
-	struct SHA256Context ctx;
-	double d;
-	pid_t p;
-	unsigned char b[SHA256_LEN];
 	int fd;
-	ssize_t sz;
+	char *p;
+	ssize_t l;

-	fd = open("/dev/urandom", O_RDONLY);
+	AN(ptr);
+	fd = open("/dev/random", O_RDONLY);
 	if (fd < 0)
-		fd = open("/dev/random", O_RDONLY);
-	if (fd >= 0) {
-		sz = read(fd, &seed, sizeof seed);
-		AZ(close(fd));
-		if (sz == sizeof seed) {
-			srandom(seed);
-			return;
-		}
+		return (-1);
+	for (p = ptr; len > 0; len--, p++) {
+		l = read(fd, p, 1);
+		if (l != 1)
+			break;
 	}
+	AZ(close(fd));
+	return (len == 0 ? 0 : -1);
+}
+
+void
+VRND_Seed(void)
+{
+	unsigned long seed;

-	SHA256_Init(&ctx);
-	d = VTIM_mono();
-	SHA256_Update(&ctx, &d, sizeof d);
-	d = VTIM_real();
-	SHA256_Update(&ctx, &d, sizeof d);
-	p = getpid();
-	SHA256_Update(&ctx, &p, sizeof p);
-	p = getppid();
-	SHA256_Update(&ctx, &p, sizeof p);
-	SHA256_Final(b, &ctx);
-	memcpy(&seed, b, sizeof seed);
+	AZ(VRND_CryptoQuality(&seed, sizeof seed));
 	srandom(seed);
 }