[git commit] seedrng: hoist bb_strtoul out of min/max
Bernhard Reutner-Fischer
rep.dot.nop at gmail.com
Wed Apr 20 13:42:53 UTC 2022
commit: https://git.busybox.net/busybox/commit/?id=31ec481baf106cf9c6d8f34ae6a55ab1738dea6f
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master
- Hoist bb_strtoul out of min/max to prevent quadruple evaluation.
- Don't use separate variables for boottime/realtime.
- Make use of ENABLE_FEATURE_CLEAN_UP where appropriate.
- Order hash initialization after lock taking per Bernhard's taste.
- Add comment description of theory of operation.
function old new delta
seed_from_file_if_exists 533 456 -77
seedrng_main 1218 1086 -132
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-209) Total: -209 bytes
text data bss dec hex filename
976445 4227 1848 982520 efdf8 busybox_old
976236 4227 1848 982311 efd27 busybox_unstripped
Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop at gmail.com>
---
util-linux/seedrng.c | 46 ++++++++++++++++++++++++++++++++--------------
1 file changed, 32 insertions(+), 14 deletions(-)
diff --git a/util-linux/seedrng.c b/util-linux/seedrng.c
index d82a942aa..1bceae405 100644
--- a/util-linux/seedrng.c
+++ b/util-linux/seedrng.c
@@ -2,11 +2,26 @@
/*
* Copyright (C) 2022 Jason A. Donenfeld <Jason at zx2c4.com>. All Rights Reserved.
*
+ * SeedRNG is a simple program made for seeding the Linux kernel random number
+ * generator from seed files. It is is useful in light of the fact that the
+ * Linux kernel RNG cannot be initialized from shell scripts, and new seeds
+ * cannot be safely generated from boot time shell scripts either. It should
+ * be run once at init time and once at shutdown time. It can be run at other
+ * times on a timer as well. Whenever it is run, it writes existing seed files
+ * into the RNG pool, and then creates a new seed file. If the RNG is
+ * initialized at the time of creating a new seed file, then that new seed file
+ * is marked as "creditable", which means it can be used to initialize the RNG.
+ * Otherwise, it is marked as "non-creditable", in which case it is still used
+ * to seed the RNG's pool, but will not initialize the RNG. In order to ensure
+ * that entropy only ever stays the same or increases from one seed file to the
+ * next, old seed values are hashed together with new seed values when writing
+ * new seed files.
+ *
* This is based on code from <https://git.zx2c4.com/seedrng/about/>.
*/
//config:config SEEDRNG
-//config: bool "seedrng (2.6 kb)"
+//config: bool "seedrng (2.5 kb)"
//config: default y
//config: help
//config: Seed the kernel RNG from seed files, meant to be called
@@ -71,12 +86,14 @@ enum seedrng_lengths {
static size_t determine_optimal_seed_len(void)
{
char poolsize_str[11] = { 0 };
+ unsigned long poolsize;
if (open_read_close("/proc/sys/kernel/random/poolsize", poolsize_str, sizeof(poolsize_str) - 1) < 0) {
bb_perror_msg("unable to determine pool size, falling back to %u bits", MIN_SEED_LEN * 8);
return MIN_SEED_LEN;
}
- return MAX(MIN((bb_strtoul(poolsize_str, NULL, 10) + 7) / 8, MAX_SEED_LEN), MIN_SEED_LEN);
+ poolsize = (bb_strtoul(poolsize_str, NULL, 10) + 7) / 8;
+ return MAX(MIN(poolsize, MAX_SEED_LEN), MIN_SEED_LEN);
}
static int read_new_seed(uint8_t *seed, size_t len, bool *is_creditable)
@@ -130,7 +147,8 @@ static int seed_rng(uint8_t *seed, size_t len, bool credit)
ret = ioctl(random_fd, RNDADDENTROPY, &req);
if (ret)
ret = -errno ? -errno : -EIO;
- close(random_fd);
+ if (ENABLE_FEATURE_CLEAN_UP)
+ close(random_fd);
errno = -ret;
return ret ? -1 : 0;
}
@@ -171,7 +189,7 @@ static int seed_from_file_if_exists(const char *filename, bool credit, sha256_ct
if (ret < 0)
bb_simple_perror_msg("unable to seed");
out:
- if (dfd >= 0)
+ if (ENABLE_FEATURE_CLEAN_UP && dfd >= 0)
close(dfd);
errno = -ret;
return ret ? -1 : 0;
@@ -187,7 +205,7 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
size_t new_seed_len;
bool new_seed_creditable;
bool skip_credit = false;
- struct timespec realtime = { 0 }, boottime = { 0 };
+ struct timespec timestamp = { 0 };
sha256_ctx_t hash;
int opt;
@@ -217,13 +235,6 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
if (getuid())
bb_simple_error_msg_and_die("this program requires root");
- sha256_begin(&hash);
- sha256_hash(&hash, seedrng_prefix, strlen(seedrng_prefix));
- clock_gettime(CLOCK_REALTIME, &realtime);
- clock_gettime(CLOCK_BOOTTIME, &boottime);
- sha256_hash(&hash, &realtime, sizeof(realtime));
- sha256_hash(&hash, &boottime, sizeof(boottime));
-
if (mkdir(seed_dir, 0700) < 0 && errno != EEXIST)
bb_simple_perror_msg_and_die("unable to create seed directory");
@@ -234,6 +245,13 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
goto out;
}
+ sha256_begin(&hash);
+ sha256_hash(&hash, seedrng_prefix, strlen(seedrng_prefix));
+ clock_gettime(CLOCK_REALTIME, ×tamp);
+ sha256_hash(&hash, ×tamp, sizeof(timestamp));
+ clock_gettime(CLOCK_BOOTTIME, ×tamp);
+ sha256_hash(&hash, ×tamp, sizeof(timestamp));
+
ret = seed_from_file_if_exists(non_creditable_seed, false, &hash);
if (ret < 0)
program_ret |= 1 << 1;
@@ -270,9 +288,9 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
program_ret |= 1 << 6;
}
out:
- if (fd >= 0)
+ if (ENABLE_FEATURE_CLEAN_UP && fd >= 0)
close(fd);
- if (lock >= 0)
+ if (ENABLE_FEATURE_CLEAN_UP && lock >= 0)
close(lock);
return program_ret;
}
More information about the busybox-cvs
mailing list