[PATCH 2/2] genkey: v2. Be more aggressive in the search for entropy
Alexander von Gluck IV
kallisti5 at unixzen.com
Thu Feb 28 20:05:12 CET 2019
* If we don't get the amount of entropy we were looking for,
go back to the pool several times. Haiku seems to only
provide up to 16 bytes per urandom access resulting in
weird behaviour in this code.
* Prevents one of those lovely "error: success" errors when
no entropy can be had from /dev/urandom
---
src/tools/genkey.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/tools/genkey.c b/src/tools/genkey.c
index 645f614..67c4752 100644
--- a/src/tools/genkey.c
+++ b/src/tools/genkey.c
@@ -29,7 +29,7 @@
static inline ssize_t get_random_bytes(uint8_t *out, size_t len)
{
- ssize_t ret;
+ ssize_t ret = 0;
int fd;
#if defined(__OpenBSD__) || (defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= MAC_OS_X_VERSION_10_12) || (defined(__GLIBC__) && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 25)))
@@ -47,7 +47,18 @@ static inline ssize_t get_random_bytes(uint8_t *out, size_t len)
fd = open("/dev/urandom", O_RDONLY);
if (fd < 0)
return fd;
- ret = read(fd, out, len);
+
+ int attempts = 0;
+ while (ret < len) {
+ ssize_t remaining = len - ret;
+ ret += read(fd, out + ret, remaining);
+ if (attempts > 64) {
+ fprintf(stderr, "Unable to get enough entropy from /dev/urandom!");
+ close(fd);
+ return -1;
+ }
+ attempts++;
+ }
close(fd);
return ret;
}
@@ -70,6 +81,7 @@ int genkey_main(int argc, char *argv[])
perror("getrandom");
return 1;
}
+
if (!strcmp(argv[0], "genkey"))
curve25519_clamp_secret(key);
--
2.20.1
More information about the WireGuard
mailing list