posix: consume less entropy on tempname

The first getrandom is used only for __GT_NOCREATE, which is inherently
insecure and can use the entropy as a small improvement.  On the
second and later attempts it might help against DoS attacks.

It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.

Checked on x86_64-linux-gnu.
This commit is contained in:
Adhemerval Zanella 2021-01-12 09:17:09 -03:00
parent 0400f92833
commit f430293d84

View File

@ -22,6 +22,7 @@
#include <sys/types.h> #include <sys/types.h>
#include <assert.h> #include <assert.h>
#include <stdbool.h>
#include <errno.h> #include <errno.h>
@ -77,11 +78,11 @@ typedef uint_fast64_t random_value;
#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62) #define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
static random_value static random_value
random_bits (random_value var) random_bits (random_value var, bool use_getrandom)
{ {
random_value r; random_value r;
/* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */ /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
return r; return r;
#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME) #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
/* Add entropy if getrandom did not work. */ /* Add entropy if getrandom did not work. */
@ -269,6 +270,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
/* How many random base-62 digits can currently be extracted from V. */ /* How many random base-62 digits can currently be extracted from V. */
int vdigits = 0; int vdigits = 0;
/* Whether to consume entropy when acquiring random bits. On the
first try it's worth the entropy cost with __GT_NOCREATE, which
is inherently insecure and can use the entropy to make it a bit
less secure. On the (rare) second and later attempts it might
help against DoS attacks. */
bool use_getrandom = tryfunc == try_nocreate;
/* Least unfair value for V. If V is less than this, V can generate /* Least unfair value for V. If V is less than this, V can generate
BASE_62_DIGITS digits fairly. Otherwise it might be biased. */ BASE_62_DIGITS digits fairly. Otherwise it might be biased. */
random_value const unfair_min random_value const unfair_min
@ -292,7 +300,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
if (vdigits == 0) if (vdigits == 0)
{ {
do do
v = random_bits (v); {
v = random_bits (v, use_getrandom);
use_getrandom = true;
}
while (unfair_min <= v); while (unfair_min <= v);
vdigits = BASE_62_DIGITS; vdigits = BASE_62_DIGITS;