emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

seedrng: compress format strings with %s arguments

Browse Source 
- Avoid an xstrdup call with seed_dir.
- Compress format strings with %s arguments.
- Open /dev/urandom for add entropy ioctl rather than /dev/random, so that
  /dev/random is only used for the already-sightly-flawed poll() check for
  creditability.

function                                             old     new   delta
seedrng_main                                         948     958     +10
seed_from_file_if_exists                             410     417      +7
.rodata                                           108338  108206    -132
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 17/-132)          Total: -115 bytes
   text	   data	    bss	    dec	    hex	filename
 975829	   4227	   1816	 981872	  efb70	busybox_old
 975714	   4227	   1816	 981757	  efafd	busybox_unstripped

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
This commit is contained in:
Jason A. Donenfeld 2022-04-20 15:40:40 +02:00 committed by Bernhard Reutner-Fischer
parent 3cb40f89de
commit 57fea029cc
1 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
util-linux/seedrng.c
View File

@ -129,7 +129,7 @@ static int seed_rng(uint8_t *seed, size_t len, bool credit)
}
memcpy(req.buffer, seed, len);
random_fd = open("/dev/random", O_RDONLY);
random_fd = open("/dev/urandom", O_RDONLY);
if (random_fd < 0)
return -1;
ret = ioctl(random_fd, RNDADDENTROPY, &req);
@ -150,11 +150,11 @@ static int seed_from_file_if_exists(const char *filename, int dfd, bool credit,
if (seed_len < 0) {
if (errno == ENOENT)
return 0;
bb_simple_perror_msg("unable to read seed file");
bb_perror_msg("unable to%s seed", " read");
return -1;
}
if ((unlink(filename) < 0 || fsync(dfd) < 0) && seed_len) {
bb_simple_perror_msg("unable to remove seed, so not seeding");
bb_perror_msg("unable to%s seed", " remove");
return -1;
} else if (!seed_len)
return 0;
@ -164,7 +164,7 @@ static int seed_from_file_if_exists(const char *filename, int dfd, bool credit,
printf("Seeding %zd bits %s crediting\n", seed_len * 8, credit ? "and" : "without");
if (seed_rng(seed, seed_len, credit) < 0) {
bb_simple_perror_msg("unable to seed");
bb_perror_msg("unable to%s seed", "");
return -1;
}
return 0;
@ -173,7 +173,7 @@ static int seed_from_file_if_exists(const char *filename, int dfd, bool credit,
int seedrng_main(int argc, char *argv[]) MAIN_EXTERNALLY_VISIBLE;
int seedrng_main(int argc UNUSED_PARAM, char *argv[])
{
char *seed_dir, *creditable_seed, *non_creditable_seed;
const char *seed_dir = DEFAULT_SEED_DIR, *creditable_seed, *non_creditable_seed;
int ret, fd = -1, dfd = -1, program_ret = 0;
uint8_t new_seed[MAX_SEED_LEN];
size_t new_seed_len;
@ -195,8 +195,6 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
#endif
opt = getopt32long(argv, "d:n", longopts, &seed_dir);
if (!(opt & OPT_d) || !seed_dir)
seed_dir = xstrdup(DEFAULT_SEED_DIR);
skip_credit = opt & OPT_n;
creditable_seed = concat_path_file(seed_dir, CREDITABLE_SEED_NAME);
non_creditable_seed = concat_path_file(seed_dir, NON_CREDITABLE_SEED_NAME);
@ -206,11 +204,11 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
bb_simple_error_msg_and_die(bb_msg_you_must_be_root);
if (mkdir(seed_dir, 0700) < 0 && errno != EEXIST)
bb_simple_perror_msg_and_die("unable to create seed directory");
bb_perror_msg_and_die("unable to %s seed directory", "create");
dfd = open(seed_dir, O_DIRECTORY | O_RDONLY);
if (dfd < 0 || flock(dfd, LOCK_EX) < 0) {
bb_simple_perror_msg("unable to lock seed directory");
bb_perror_msg("unable to %s seed directory", "lock");
program_ret = 1;
goto out;
}
@ -232,7 +230,7 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
new_seed_len = determine_optimal_seed_len();
ret = read_new_seed(new_seed, new_seed_len, &new_seed_creditable);
if (ret < 0) {
bb_simple_perror_msg("unable to read new seed");
bb_perror_msg("unable to%s seed", " read new");
new_seed_len = SHA256_OUTSIZE;
memset(new_seed, 0, SHA256_OUTSIZE);
program_ret |= 1 << 3;
@ -241,10 +239,10 @@ int seedrng_main(int argc UNUSED_PARAM, char *argv[])
sha256_hash(&hash, new_seed, new_seed_len);
sha256_end(&hash, new_seed + new_seed_len - SHA256_OUTSIZE);
printf("Saving %zu bits of %s seed for next boot\n", new_seed_len * 8, new_seed_creditable ? "creditable" : "non-creditable");
printf("Saving %zu bits of %screditable seed for next boot\n", new_seed_len * 8, new_seed_creditable ? "" : "non-");
fd = open(non_creditable_seed, O_WRONLY | O_CREAT | O_TRUNC, 0400);
if (fd < 0 || full_write(fd, new_seed, new_seed_len) != (ssize_t)new_seed_len || fsync(fd) < 0) {
bb_simple_perror_msg("unable to write seed file");
bb_perror_msg("unable to%s seed", " write");
program_ret |= 1 << 4;
goto out;
}