PUBLIC_REPOS
/
buildroot
spogulis no git://git.buildroot.net/buildroot


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
							From 498f6e268d4d2b0ad33b430f4ba1abe397d31496 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 19 Feb 2023 21:11:12 +0100
Subject: [PATCH] ustream-mbedtls: Use getrandom() instead of /dev/urandom

Instead of keeping a file descriptor open just use the getrandom syscall
to get random data. This is supported by musl libc, glibc and Linux for
some time now.

This also improves the error handling in case this function returns not
as many bytes as expected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Torsten Duwe <duwe@lst.de>
Upstream: https://git.openwrt.org/?p=project/ustream-ssl.git;a=commit;h=498f6e268d4d2b0ad33b430f4ba1abe397d31496
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
---
 ustream-mbedtls.c | 25 ++++++-------------------
 1 file changed, 6 insertions(+), 19 deletions(-)

diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index e79e37b..7fc7874 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -17,6 +17,7 @@
  */
 
 #include <sys/types.h>
+#include <sys/random.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdlib.h>
@@ -25,8 +26,6 @@
 #include "ustream-ssl.h"
 #include "ustream-internal.h"
 
-static int urandom_fd = -1;
-
 static int s_ustream_read(void *ctx, unsigned char *buf, size_t len)
 {
 	struct ustream *s = ctx;
@@ -66,21 +65,12 @@ __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustr
 	mbedtls_ssl_set_bio(ssl, conn, s_ustream_write, s_ustream_read, NULL);
 }
 
-static bool urandom_init(void)
+static int _random(void *ctx, unsigned char *out, size_t len)
 {
-	if (urandom_fd > -1)
-		return true;
+	ssize_t ret;
 
-	urandom_fd = open("/dev/urandom", O_RDONLY);
-	if (urandom_fd < 0)
-		return false;
-
-	return true;
-}
-
-static int _urandom(void *ctx, unsigned char *out, size_t len)
-{
-	if (read(urandom_fd, out, len) < 0)
+	ret = getrandom(out, len, 0);
+	if (ret < 0 || (size_t)ret != len)
 		return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
 
 	return 0;
@@ -134,9 +124,6 @@ __ustream_ssl_context_new(bool server)
 	mbedtls_ssl_config *conf;
 	int ep;
 
-	if (!urandom_init())
-		return NULL;
-
 	ctx = calloc(1, sizeof(*ctx));
 	if (!ctx)
 		return NULL;
@@ -159,7 +146,7 @@ __ustream_ssl_context_new(bool server)
 
 	mbedtls_ssl_config_defaults(conf, ep, MBEDTLS_SSL_TRANSPORT_STREAM,
 				    MBEDTLS_SSL_PRESET_DEFAULT);
-	mbedtls_ssl_conf_rng(conf, _urandom, NULL);
+	mbedtls_ssl_conf_rng(conf, _random, NULL);
 
 	if (server) {
 		mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
-- 
2.30.2