* [PATCH 2/2] genkey: Be more aggressive in the search for entropy
2019-02-28 16:23 [PATCH 1/2] build/tools: Add support for Haiku Alexander von Gluck IV
@ 2019-02-28 16:23 ` Alexander von Gluck IV
0 siblings, 0 replies; 2+ messages in thread
From: Alexander von Gluck IV @ 2019-02-28 16:23 UTC (permalink / raw)
To: wireguard
* If we don't get the amount of entropy we were looking for,
go back to the pool several times. Haiku seems to only
provide up to 16 bytes per urandom access resulting in
weird behaviour in this code.
---
src/tools/genkey.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/tools/genkey.c b/src/tools/genkey.c
index 645f614..6a75415 100644
--- a/src/tools/genkey.c
+++ b/src/tools/genkey.c
@@ -27,9 +27,13 @@
#include "encoding.h"
#include "subcommands.h"
+
+#define URANDOM_ATTEMPTS 8
+
+
static inline ssize_t get_random_bytes(uint8_t *out, size_t len)
{
- ssize_t ret;
+ ssize_t ret = 0;
int fd;
#if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12) || (defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25)))
@@ -47,7 +51,17 @@ static inline ssize_t get_random_bytes(uint8_t *out, size_t len)
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0)
return fd;
- ret = read(fd, out, len);
+
+ int attempts = 0;
+ while (ret < len) {
+ ssize_t remaining = len - ret;
+ ret += read(fd, out + ret, remaining);
+ if (attempts > URANDOM_ATTEMPTS) {
+ fprintf(stderr, "Unable to get enough entropy from /dev/urandom!");
+ close(fd);
+ return -1;
+ }
+ }
close(fd);
return ret;
}
@@ -70,6 +84,7 @@ int genkey_main(int argc, char *argv[])
perror("getrandom");
return 1;
}
+
if (!strcmp(argv[0], "genkey"))
curve25519_clamp_secret(key);
--
2.20.1
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
^ permalink raw reply [flat|nested] 2+ messages in thread