[PATCH 2/2] genkey: Be more aggressive in the search for entropy

Alexander von Gluck IV kallisti5 at unixzen.com
Thu Feb 28 17:23:46 CET 2019


* If we don't get the amount of entropy we were looking for,
  go back to the pool several times. Haiku seems to only
  provide up to 16 bytes per urandom access resulting in
  weird behaviour in this code.
---
 src/tools/genkey.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/tools/genkey.c b/src/tools/genkey.c
index 645f614..6a75415 100644
--- a/src/tools/genkey.c
+++ b/src/tools/genkey.c
@@ -27,9 +27,13 @@
 #include "encoding.h"
 #include "subcommands.h"
 
+
+#define URANDOM_ATTEMPTS 8
+
+
 static inline ssize_t get_random_bytes(uint8_t *out, size_t len)
 {
-	ssize_t ret;
+	ssize_t ret = 0;
 	int fd;
 
 #if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12) || (defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25)))
@@ -47,7 +51,17 @@ static inline ssize_t get_random_bytes(uint8_t *out, size_t len)
 	fd = open("/dev/urandom", O_RDONLY);
 	if (fd < 0)
 		return fd;
-	ret = read(fd, out, len);
+
+	int attempts = 0;
+	while (ret < len) {
+		ssize_t remaining = len - ret;
+		ret += read(fd, out + ret, remaining);
+		if (attempts > URANDOM_ATTEMPTS) {
+			fprintf(stderr, "Unable to get enough entropy from /dev/urandom!");
+			close(fd);
+			return -1;
+		}
+	}
 	close(fd);
 	return ret;
 }
@@ -70,6 +84,7 @@ int genkey_main(int argc, char *argv[])
 		perror("getrandom");
 		return 1;
 	}
+
 	if (!strcmp(argv[0], "genkey"))
 		curve25519_clamp_secret(key);
 
-- 
2.20.1



More information about the WireGuard mailing list