mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-21 20:40:05 +00:00
posix: consume less entropy on tempname
The first getrandom is used only for __GT_NOCREATE, which is inherently insecure and can use the entropy as a small improvement. On the second and later attempts it might help against DoS attacks. It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2. Checked on x86_64-linux-gnu.
This commit is contained in:
parent
0400f92833
commit
f430293d84
@ -22,6 +22,7 @@
|
|||||||
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
|
#include <stdbool.h>
|
||||||
|
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
|
||||||
@ -77,11 +78,11 @@ typedef uint_fast64_t random_value;
|
|||||||
#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
|
#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
|
||||||
|
|
||||||
static random_value
|
static random_value
|
||||||
random_bits (random_value var)
|
random_bits (random_value var, bool use_getrandom)
|
||||||
{
|
{
|
||||||
random_value r;
|
random_value r;
|
||||||
/* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
|
/* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
|
||||||
if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
|
if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
|
||||||
return r;
|
return r;
|
||||||
#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
|
#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
|
||||||
/* Add entropy if getrandom did not work. */
|
/* Add entropy if getrandom did not work. */
|
||||||
@ -269,6 +270,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
|
|||||||
/* How many random base-62 digits can currently be extracted from V. */
|
/* How many random base-62 digits can currently be extracted from V. */
|
||||||
int vdigits = 0;
|
int vdigits = 0;
|
||||||
|
|
||||||
|
/* Whether to consume entropy when acquiring random bits. On the
|
||||||
|
first try it's worth the entropy cost with __GT_NOCREATE, which
|
||||||
|
is inherently insecure and can use the entropy to make it a bit
|
||||||
|
less secure. On the (rare) second and later attempts it might
|
||||||
|
help against DoS attacks. */
|
||||||
|
bool use_getrandom = tryfunc == try_nocreate;
|
||||||
|
|
||||||
/* Least unfair value for V. If V is less than this, V can generate
|
/* Least unfair value for V. If V is less than this, V can generate
|
||||||
BASE_62_DIGITS digits fairly. Otherwise it might be biased. */
|
BASE_62_DIGITS digits fairly. Otherwise it might be biased. */
|
||||||
random_value const unfair_min
|
random_value const unfair_min
|
||||||
@ -292,7 +300,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
|
|||||||
if (vdigits == 0)
|
if (vdigits == 0)
|
||||||
{
|
{
|
||||||
do
|
do
|
||||||
v = random_bits (v);
|
{
|
||||||
|
v = random_bits (v, use_getrandom);
|
||||||
|
use_getrandom = true;
|
||||||
|
}
|
||||||
while (unfair_min <= v);
|
while (unfair_min <= v);
|
||||||
|
|
||||||
vdigits = BASE_62_DIGITS;
|
vdigits = BASE_62_DIGITS;
|
||||||
|
Loading…
Reference in New Issue
Block a user