From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 4D3C21F4B4 for ; Wed, 20 Jan 2021 11:13:20 +0000 (UTC) Received: from localhost ([::1]:50214 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l2BQM-0008Hw-VH for normalperson@yhbt.net; Wed, 20 Jan 2021 06:13:18 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:45390) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l2BQI-0008Ha-TB for bug-gnulib@gnu.org; Wed, 20 Jan 2021 06:13:15 -0500 Received: from uggla.sjd.se ([2001:9b1:8633::107]:55914) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l2BQF-00082s-Oe for bug-gnulib@gnu.org; Wed, 20 Jan 2021 06:13:14 -0500 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed20b09; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=y+iAxOpwbKCwmgY6T3+3Y4LAWmh6YUNcL3yqh7lQhgE=; b=CODU8MCBNe0JMSI4DHMVcgQoec 9cOWAdk0qSc776NbuMo5FpNrXBROkkhp38R14IPNHoniQzVeIpOgfr3uWYCw==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa20b09; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=y+iAxOpwbKCwmgY6T3+3Y4LAWmh6YUNcL3yqh7lQhgE=; b=oX86JqMqhtcsQhh3SlsreDSM8j BNW0UpqJfNt5SRnNJXQBgETaDrcCExMVg9thAglM0nbs1t6WPz86CI7QbT5GaNvSfVyZD1qy2i6Wv Ma2lB8ApBiXFEuHZ1IQERQibl8HRoiFPSAMEy1XAoIDNnb+SpFdZm06ekhCrMrmjZFnHVOSYqEI6y NFRJ2NRMZmGPvMWDOBIEVJS9petkjnh0CxOyeLKvX/28ueFQtx8djFhDsnPrT1sHfDiEc1C4YyTO3 pVKlCmUIXq+L8sbsD2hE7foUTOavL89XK5RwfAeI7JCGQNoTWpKZRa+qSMlXatqhF1RpWm2jivPwQ Qgm8cN4lTubu5908GV8XxydE03NMqTxm0Wg981uX+CYhWoMUh0WEeFt7sD+kCbIFdWSIwl4kpj9AT MLEt+CBLjIBjar5BMtUF+nnWDveCWp3qsBFqaIoIOM6yr; Received: from 31-208-42-58.cust.bredband2.com ([31.208.42.58]:40402 helo=latte) by uggla.sjd.se with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1l2BQA-0005Q8-Ly for bug-gnulib@gnu.org; Wed, 20 Jan 2021 11:13:07 +0000 X-Hashcash: 1:22:210120:bug-gnulib@gnu.org::x8xhr5/i9Hs/w4PD:GCu2 To: bug-gnulib@gnu.org Subject: [PATCH] gc-random: Replace implementation with call to getrandom. OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt Date: Wed, 20 Jan 2021 12:13:06 +0100 Message-ID: <8735yvvp31.fsf@latte.josefsson.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-uggla-rspamd: ----- Score: -5.2 Action: no action Symbol: ARC_NA(0.00) Symbol: RCVD_VIA_SMTP_AUTH(0.00) Symbol: FROM_HAS_DN(0.00) Symbol: TO_MATCH_ENVRCPT_ALL(0.00) Symbol: MIME_GOOD(-0.20) Symbol: TO_DN_NONE(0.00) Symbol: RCPT_COUNT_ONE(0.00) Symbol: MID_RHS_MATCH_FROMTLD(0.00) Symbol: RCVD_COUNT_ONE(0.00) Symbol: SIGNED_PGP(-2.00) Symbol: FROM_EQ_ENVFROM(0.00) Symbol: MIME_TRACE(0.00) Symbol: ASN(0.00) Symbol: RCVD_TLS_ALL(0.00) Symbol: BAYES_HAM(-3.00) Message-ID: 8735yvvp31.fsf@latte.josefsson.org Received-SPF: pass client-ip=2001:9b1:8633::107; envelope-from=simon@josefsson.org; helo=uggla.sjd.se X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: "bug-gnulib" Reply-to: Simon Josefsson From: simon--- via Gnulib discussion list --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hi. I re-read the discussion around getrandom vs gc-random and didn't see any point in keeping the duplicated code. I believe the getrandom-approach is better than what was in gc-gnulib.c today, so this patch make it use that function. I have pushed the patch below. /Simon --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-gc-random-Replace-implementation-with-call-to-getran.patch Content-Transfer-Encoding: quoted-printable From=2044ed0db8c93f6a81fd996f1f10e93051291fbf1d Mon Sep 17 00:00:00 2001 From: Simon Josefsson Date: Wed, 20 Jan 2021 11:50:21 +0100 Subject: [PATCH] gc-random: Replace implementation with call to getrandom. * lib/gc-gnulib.c [GNULIB_GC_RANDOM]: Replace #include's with those needed for getrandom. (gc_init): Remove old randomness code. (gc_done): Likewise. (randomize): Rewrite using getrandom, inspired by getentropy. * m4/gc-random.m4: Remove file. * modules/crypto/gc-random: Drop gc-random.m4, gl_GC_RANDOM, and LIB_GC_RANDOM. Add conditional dependency on getrandom. * modules/crypto/gc-tests (test_gc_LDADD): Drop LIB_GC_RANDOM. =2D-- ChangeLog | 13 ++++ lib/gc-gnulib.c | 138 +++++++-------------------------------- m4/gc-random.m4 | 89 ------------------------- modules/crypto/gc-random | 6 +- modules/crypto/gc-tests | 2 +- 5 files changed, 39 insertions(+), 209 deletions(-) delete mode 100644 m4/gc-random.m4 diff --git a/ChangeLog b/ChangeLog index 92db4972c..0cedb2dc8 100644 =2D-- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2021-01-20 Simon Josefsson + + gc-random: Replace implementation with call to getrandom. + * lib/gc-gnulib.c [GNULIB_GC_RANDOM]: Replace #include's with + those needed for getrandom. + (gc_init): Remove old randomness code. + (gc_done): Likewise. + (randomize): Rewrite using getrandom, inspired by getentropy. + * m4/gc-random.m4: Remove file. + * modules/crypto/gc-random: Drop gc-random.m4, gl_GC_RANDOM, and + LIB_GC_RANDOM. Add conditional dependency on getrandom. + * modules/crypto/gc-tests (test_gc_LDADD): Drop LIB_GC_RANDOM. + 2021-01-20 Bruno Haible =20 exec*e tests: Avoid test failures on Cygwin. diff --git a/lib/gc-gnulib.c b/lib/gc-gnulib.c index 9f361be0e..c6f201bd2 100644 =2D-- a/lib/gc-gnulib.c +++ b/lib/gc-gnulib.c @@ -28,11 +28,9 @@ =20 /* For randomize. */ #if GNULIB_GC_RANDOM =2D# include =2D# include =2D# include =2D# include =2D# include +#include +#include +#include #endif =20 /* Hashes. */ @@ -75,150 +73,62 @@ # include "rijndael-api-fst.h" #endif =20 =2D#if GNULIB_GC_RANDOM =2D# if defined _WIN32 && ! defined __CYGWIN__ =2D# include =2D# include =2DHCRYPTPROV g_hProv =3D 0; =2D# ifndef PROV_INTEL_SEC =2D# define PROV_INTEL_SEC 22 =2D# endif =2D# ifndef CRYPT_VERIFY_CONTEXT =2D# define CRYPT_VERIFY_CONTEXT 0xF0000000 =2D# endif =2D# endif =2D#endif =2D =2D#if defined _WIN32 && ! defined __CYGWIN__ =2D/* Don't assume that UNICODE is not defined. */ =2D# undef CryptAcquireContext =2D# define CryptAcquireContext CryptAcquireContextA =2D#endif =2D Gc_rc gc_init (void) { =2D#if GNULIB_GC_RANDOM =2D# if defined _WIN32 && ! defined __CYGWIN__ =2D if (g_hProv) =2D CryptReleaseContext (g_hProv, 0); =2D =2D /* There is no need to create a container for just random data, so =2D we can use CRYPT_VERIFY_CONTEXT (one call) see: =2D https://web.archive.org/web/20070314163712/http://blogs.msdn.com/da= ngriff/archive/2003/11/19/51709.aspx */ =2D =2D /* We first try to use the Intel PIII RNG if drivers are present */ =2D if (!CryptAcquireContext (&g_hProv, NULL, NULL, =2D PROV_INTEL_SEC, CRYPT_VERIFY_CONTEXT)) =2D { =2D /* not a PIII or no drivers available, use default RSA CSP */ =2D if (!CryptAcquireContext (&g_hProv, NULL, NULL, =2D PROV_RSA_FULL, CRYPT_VERIFY_CONTEXT)) =2D return GC_RANDOM_ERROR; =2D } =2D# endif =2D#endif =2D return GC_OK; } =20 void gc_done (void) { =2D#if GNULIB_GC_RANDOM =2D# if defined _WIN32 && ! defined __CYGWIN__ =2D if (g_hProv) =2D { =2D CryptReleaseContext (g_hProv, 0); =2D g_hProv =3D 0; =2D } =2D# endif =2D#endif =2D return; } =20 #if GNULIB_GC_RANDOM =20 =2D/* Randomness. */ =2D =2Dstatic Gc_rc =2Drandomize (int level, char *data, size_t datalen) +/* Overwrite BUFFER with random data, under the control of getrandom + FLAGS. BUFFER contains LENGTH bytes. Inspired by getentropy, + however LENGTH is not restricted to 256. Return 0 on success, -1 + (setting errno) on failure. */ +static int +randomize (void *buffer, size_t length, unsigned int flags) { =2D#if defined _WIN32 && ! defined __CYGWIN__ =2D if (!g_hProv) =2D return GC_RANDOM_ERROR; =2D CryptGenRandom (g_hProv, (DWORD) datalen, data); =2D#else =2D int fd; =2D const char *device; =2D size_t len =3D 0; =2D int rc; =2D =2D switch (level) =2D { =2D case 0: =2D device =3D NAME_OF_NONCE_DEVICE; =2D break; =2D =2D case 1: =2D device =3D NAME_OF_PSEUDO_RANDOM_DEVICE; =2D break; =2D =2D default: =2D device =3D NAME_OF_RANDOM_DEVICE; =2D break; =2D } =2D =2D if (strcmp (device, "no") =3D=3D 0) =2D return GC_RANDOM_ERROR; + char *buf =3D buffer; =20 =2D fd =3D open (device, O_RDONLY | O_CLOEXEC); =2D if (fd < 0) =2D return GC_RANDOM_ERROR; =2D =2D do + for (;;) { =2D ssize_t tmp; =2D =2D tmp =3D read (fd, data, datalen); =2D =2D if (tmp < 0) =2D { =2D int save_errno =3D errno; =2D close (fd); =2D errno =3D save_errno; + ssize_t bytes; + if (length =3D=3D 0) + return GC_OK; + while ((bytes =3D getrandom (buf, length, flags)) < 0) + if (errno !=3D EINTR) return GC_RANDOM_ERROR; =2D } =2D =2D len +=3D tmp; + if (bytes =3D=3D 0) + break; + buf +=3D bytes; + length -=3D bytes; } =2D while (len < datalen); =2D =2D rc =3D close (fd); =2D if (rc < 0) =2D return GC_RANDOM_ERROR; =2D#endif =20 =2D return GC_OK; + return GC_RANDOM_ERROR; } =20 Gc_rc gc_nonce (char *data, size_t datalen) { =2D return randomize (0, data, datalen); + return randomize (data, datalen, 0); } =20 Gc_rc gc_pseudo_random (char *data, size_t datalen) { =2D return randomize (1, data, datalen); + return randomize (data, datalen, 0); } =20 Gc_rc gc_random (char *data, size_t datalen) { =2D return randomize (2, data, datalen); + return randomize (data, datalen, GRND_RANDOM); } =20 #endif diff --git a/m4/gc-random.m4 b/m4/gc-random.m4 deleted file mode 100644 index d27031b27..000000000 =2D-- a/m4/gc-random.m4 +++ /dev/null @@ -1,89 +0,0 @@ =2D# gc-random.m4 serial 9 =2Ddnl Copyright (C) 2005-2021 Free Software Foundation, Inc. =2Ddnl This file is free software; the Free Software Foundation =2Ddnl gives unlimited permission to copy and/or distribute it, =2Ddnl with or without modifications, as long as this notice is preserved. =2D =2DAC_DEFUN([gl_GC_RANDOM], =2D[ =2D # Devices with randomness. =2D # FIXME: Are these the best defaults? =2D =2D AC_REQUIRE([AC_CANONICAL_HOST]) =2D =2D case "$host_os" in =2D *mirbsd*) =2D NAME_OF_RANDOM_DEVICE=3D"/dev/srandom" =2D NAME_OF_PSEUDO_RANDOM_DEVICE=3D"/dev/prandom" =2D NAME_OF_NONCE_DEVICE=3D"/dev/urandom" =2D ;; =2D =2D *irix* | *dec-osf* ) =2D NAME_OF_RANDOM_DEVICE=3D"/dev/random" =2D NAME_OF_PSEUDO_RANDOM_DEVICE=3D"/dev/random" =2D NAME_OF_NONCE_DEVICE=3D"/dev/random" =2D ;; =2D =2D *) =2D NAME_OF_RANDOM_DEVICE=3D"/dev/random" =2D NAME_OF_PSEUDO_RANDOM_DEVICE=3D"/dev/urandom" =2D NAME_OF_NONCE_DEVICE=3D"/dev/urandom" =2D ;; =2D esac =2D =2D AC_MSG_CHECKING([device with (strong) random data...]) =2D AC_ARG_ENABLE([random-device], =2D AS_HELP_STRING([--enable-random-device], =2D [device with (strong) randomness (for Nettle)]), =2D NAME_OF_RANDOM_DEVICE=3D$enableval) =2D AC_MSG_RESULT([$NAME_OF_RANDOM_DEVICE]) =2D =2D AC_MSG_CHECKING([device with pseudo random data...]) =2D AC_ARG_ENABLE([pseudo-random-device], =2D AS_HELP_STRING([--enable-pseudo-random-device], =2D [device with pseudo randomness (for Nettle)]), =2D NAME_OF_PSEUDO_RANDOM_DEVICE=3D$enableval) =2D AC_MSG_RESULT([$NAME_OF_PSEUDO_RANDOM_DEVICE]) =2D =2D AC_MSG_CHECKING([device with unpredictable data for nonces...]) =2D AC_ARG_ENABLE([nonce-device], =2D AS_HELP_STRING([--enable-nonce-device], =2D [device with unpredictable nonces (for Nettle)]), =2D NAME_OF_NONCE_DEVICE=3D$enableval) =2D AC_MSG_RESULT([$NAME_OF_NONCE_DEVICE]) =2D =2D if test "$cross_compiling" !=3D yes; then =2D if test "$NAME_OF_RANDOM_DEVICE" !=3D "no"; then =2D AC_CHECK_FILE([$NAME_OF_RANDOM_DEVICE],, =2D AC_MSG_WARN([[Device '$NAME_OF_RANDOM_DEVICE' does not exist, co= nsider to use --enable-random-device]])) =2D fi =2D if test "$NAME_OF_PSEUDO_RANDOM_DEVICE" !=3D "no"; then =2D AC_CHECK_FILE([$NAME_OF_PSEUDO_RANDOM_DEVICE],, =2D AC_MSG_WARN([[Device '$NAME_OF_PSEUDO_RANDOM_DEVICE' does not ex= ist, consider to use --enable-pseudo-random-device]])) =2D fi =2D if test "$NAME_OF_NONCE_DEVICE" !=3D "no"; then =2D AC_CHECK_FILE([$NAME_OF_NONCE_DEVICE],, =2D AC_MSG_WARN([[Device '$NAME_OF_NONCE_DEVICE' does not exist, con= sider to use --enable-nonce-device]])) =2D fi =2D else =2D AC_MSG_NOTICE([[Cross compiling, assuming random devices exists on t= he target host...]]) =2D fi =2D =2D # FIXME?: Open+read 42 bytes+close twice and compare data. Should dif= fer. =2D =2D AC_DEFINE_UNQUOTED([NAME_OF_RANDOM_DEVICE], ["$NAME_OF_RANDOM_DEVICE"], =2D [defined to the name of the (strong) random device]) =2D AC_DEFINE_UNQUOTED([NAME_OF_PSEUDO_RANDOM_DEVICE], =2D "$NAME_OF_PSEUDO_RANDOM_DEVICE", =2D [defined to the name of the pseudo random device]) =2D AC_DEFINE_UNQUOTED([NAME_OF_NONCE_DEVICE], ["$NAME_OF_NONCE_DEVICE"], =2D [defined to the name of the unpredictable nonce devic= e]) =2D =2D case $host_os in =2D mingw*) =2D LIB_GC_RANDOM=3D'-ladvapi32' ;; =2D *) =2D LIB_GC_RANDOM=3D ;; =2D esac =2D AC_SUBST([LIB_GC_RANDOM]) =2D]) diff --git a/modules/crypto/gc-random b/modules/crypto/gc-random index 5158f8576..8a5ae462e 100644 =2D-- a/modules/crypto/gc-random +++ b/modules/crypto/gc-random @@ -2,13 +2,12 @@ Description: Generic crypto random number functions. =20 Files: =2Dm4/gc-random.m4 =20 Depends-on: crypto/gc +getrandom [test "$ac_cv_libgcrypt" !=3D yes] =20 configure.ac: =2Dgl_GC_RANDOM gl_MODULE_INDICATOR([gc-random]) =20 Makefile.am: @@ -16,9 +15,6 @@ Makefile.am: Include: "gc.h" =20 =2DLink: =2D$(LIB_GC_RANDOM) =2D License: LGPLv2+ =20 diff --git a/modules/crypto/gc-tests b/modules/crypto/gc-tests index 214db7a4e..7b153d18d 100644 =2D-- a/modules/crypto/gc-tests +++ b/modules/crypto/gc-tests @@ -8,4 +8,4 @@ configure.ac: Makefile.am: TESTS +=3D test-gc check_PROGRAMS +=3D test-gc =2Dtest_gc_LDADD =3D $(LDADD) @LIB_CRYPTO@ $(LIB_GC_RANDOM) +test_gc_LDADD =3D $(LDADD) @LIB_CRYPTO@ =2D-=20 2.20.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSjzJyHC50xCrrUzy9RcisI/kdFogUCYAgQQgAKCRBRcisI/kdF oluiAP9qTcDrkHiXTNCAzISQ/Y9JqekCxu6ScOd1gg+N9Rci2wD/WRMJcE7ed2d7 JtcPprjM84tdyg4hqxIMEWFMVXFc8Ao= =+CAx -----END PGP SIGNATURE----- --==-=-=--