From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org, Paul Eggert <eggert@cs.ucla.edu>
Cc: bug-gnulib@gnu.org
Subject: [PATCH 2/2] posix: Improve randomness on try_tempname_len
Date: Mon, 4 Jan 2021 14:03:49 -0300 [thread overview]
Message-ID: <20210104170349.3681241-2-adhemerval.zanella@linaro.org> (raw)
In-Reply-To: <20210104170349.3681241-1-adhemerval.zanella@linaro.org>
For __GT_NOCREATE (mktemp, tempnam, tmpnam) getrandom is also used
on first try, otherwise randomness is obtained using the clock plus
a linear congruential generator.
Also for getrandom GRND_NONBLOCK is used to avoid blocking indefinitely
on some older kernels.
Checked on x86_64-linux-gnu.
---
sysdeps/posix/tempname.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
index 193d791103..06db694181 100644
--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
@@ -76,10 +76,11 @@ typedef uint_fast64_t random_value;
#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
static random_value
-random_bits (random_value var)
+random_bits (random_value var, bool use_getrandom)
{
random_value r;
- if (__getrandom (&r, sizeof r, 0) == sizeof r)
+ /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
+ if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
return r;
#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
/* Add entropy if getrandom is not supported. */
@@ -263,9 +264,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
some entropy from the ASLR and ignore possible bits from the stack
alignment. */
random_value v = ((uintptr_t) &v) / alignof (max_align_t);
+ v = random_bits (v, tryfunc == try_nocreate);
/* How many random base-62 digits can currently be extracted from V. */
- int vdigits = 0;
+ int vdigits = BASE_62_DIGITS;
/* Least unfair value for V. If V is less than this, V can generate
BASE_62_DIGITS digits fairly. Otherwise it might be biased. */
@@ -290,7 +292,7 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
if (vdigits == 0)
{
do
- v = random_bits (v);
+ v = random_bits (v, true);
while (unfair_min <= v);
vdigits = BASE_62_DIGITS;
--
2.25.1
next prev parent reply other threads:[~2021-01-04 17:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-04 17:03 [PATCH 1/2] posix: Sync tempname with gnulib [BZ #26648] Adhemerval Zanella
2021-01-04 17:03 ` Adhemerval Zanella [this message]
2021-01-09 2:20 ` [PATCH 2/2] posix: Improve randomness on try_tempname_len Paul Eggert
2021-01-11 12:29 ` Adhemerval Zanella
2021-01-12 1:06 ` Paul Eggert
2021-01-09 1:58 ` [PATCH 1/2] posix: Sync tempname with gnulib [BZ #26648] Paul Eggert
2021-01-11 12:30 ` Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210104170349.3681241-2-adhemerval.zanella@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=bug-gnulib@gnu.org \
--cc=eggert@cs.ucla.edu \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).