|
 |
b2a9b0 |
commit f430293d842031f2afc3013f156e1018065e480e
|
|
|
b2a9b0 |
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
|
|
b2a9b0 |
Date: Tue Jan 12 09:17:09 2021 -0300
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
posix: consume less entropy on tempname
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
The first getrandom is used only for __GT_NOCREATE, which is inherently
|
|
|
b2a9b0 |
insecure and can use the entropy as a small improvement. On the
|
|
|
b2a9b0 |
second and later attempts it might help against DoS attacks.
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
Checked on x86_64-linux-gnu.
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
|
|
|
b2a9b0 |
index fcab9b26364021e4..3435c4bf75a01f42 100644
|
|
|
b2a9b0 |
--- a/sysdeps/posix/tempname.c
|
|
|
b2a9b0 |
+++ b/sysdeps/posix/tempname.c
|
|
|
b2a9b0 |
@@ -22,6 +22,7 @@
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
#include <sys/types.h>
|
|
|
b2a9b0 |
#include <assert.h>
|
|
|
b2a9b0 |
+#include <stdbool.h>
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
#include <errno.h>
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
@@ -79,11 +80,11 @@ typedef uint_fast64_t random_value;
|
|
|
b2a9b0 |
#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
static random_value
|
|
|
b2a9b0 |
-random_bits (random_value var)
|
|
|
b2a9b0 |
+random_bits (random_value var, bool use_getrandom)
|
|
|
b2a9b0 |
{
|
|
|
b2a9b0 |
random_value r;
|
|
|
b2a9b0 |
/* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
|
|
|
b2a9b0 |
- if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
|
|
|
b2a9b0 |
+ if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
|
|
|
b2a9b0 |
return r;
|
|
|
b2a9b0 |
#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
|
|
|
b2a9b0 |
/* Add entropy if getrandom did not work. */
|
|
|
b2a9b0 |
@@ -271,6 +272,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
|
|
|
b2a9b0 |
/* How many random base-62 digits can currently be extracted from V. */
|
|
|
b2a9b0 |
int vdigits = 0;
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
+ /* Whether to consume entropy when acquiring random bits. On the
|
|
|
b2a9b0 |
+ first try it's worth the entropy cost with __GT_NOCREATE, which
|
|
|
b2a9b0 |
+ is inherently insecure and can use the entropy to make it a bit
|
|
|
b2a9b0 |
+ less secure. On the (rare) second and later attempts it might
|
|
|
b2a9b0 |
+ help against DoS attacks. */
|
|
|
b2a9b0 |
+ bool use_getrandom = tryfunc == try_nocreate;
|
|
|
b2a9b0 |
+
|
|
|
b2a9b0 |
/* Least unfair value for V. If V is less than this, V can generate
|
|
|
b2a9b0 |
BASE_62_DIGITS digits fairly. Otherwise it might be biased. */
|
|
|
b2a9b0 |
random_value const unfair_min
|
|
|
b2a9b0 |
@@ -294,7 +302,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
|
|
|
b2a9b0 |
if (vdigits == 0)
|
|
|
b2a9b0 |
{
|
|
|
b2a9b0 |
do
|
|
|
b2a9b0 |
- v = random_bits (v);
|
|
|
b2a9b0 |
+ {
|
|
|
b2a9b0 |
+ v = random_bits (v, use_getrandom);
|
|
|
b2a9b0 |
+ use_getrandom = true;
|
|
|
b2a9b0 |
+ }
|
|
|
b2a9b0 |
while (unfair_min <= v);
|
|
|
b2a9b0 |
|
|
|
b2a9b0 |
vdigits = BASE_62_DIGITS;
|