[PATCH ustream-ssl] ustream-mbedtls: Use getrandom() instead of /dev/urandom
Hauke Mehrtens
hauke at hauke-m.de
Sat Jan 28 10:41:13 PST 2023
Instead of keeping a file descriptor open just use the getrandom syscall
to get random data. This is supported by the musl, glibc and Linux for
some time now.
This also improves the error handling in case this function returns not
as many bytes as expected.
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
ustream-mbedtls.c | 23 +++++------------------
1 file changed, 5 insertions(+), 18 deletions(-)
diff --git a/ustream-mbedtls.c b/ustream-mbedtls.c
index e79e37b..51ba2fa 100644
--- a/ustream-mbedtls.c
+++ b/ustream-mbedtls.c
@@ -17,6 +17,7 @@
*/
#include <sys/types.h>
+#include <sys/random.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdlib.h>
@@ -25,8 +26,6 @@
#include "ustream-ssl.h"
#include "ustream-internal.h"
-static int urandom_fd = -1;
-
static int s_ustream_read(void *ctx, unsigned char *buf, size_t len)
{
struct ustream *s = ctx;
@@ -66,21 +65,12 @@ __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustr
mbedtls_ssl_set_bio(ssl, conn, s_ustream_write, s_ustream_read, NULL);
}
-static bool urandom_init(void)
-{
- if (urandom_fd > -1)
- return true;
-
- urandom_fd = open("/dev/urandom", O_RDONLY);
- if (urandom_fd < 0)
- return false;
-
- return true;
-}
-
static int _urandom(void *ctx, unsigned char *out, size_t len)
{
- if (read(urandom_fd, out, len) < 0)
+ ssize_t ret;
+
+ ret = getrandom(out, len, 0);
+ if (ret < 0 || (size_t)ret != len)
return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
return 0;
@@ -134,9 +124,6 @@ __ustream_ssl_context_new(bool server)
mbedtls_ssl_config *conf;
int ep;
- if (!urandom_init())
- return NULL;
-
ctx = calloc(1, sizeof(*ctx));
if (!ctx)
return NULL;
--
2.39.0
More information about the openwrt-devel
mailing list