[openwrt/openwrt] px5g-mbedtls: Use getrandom()

LEDE Commits lede-commits at lists.infradead.org
Sat Jan 28 13:26:52 PST 2023 

hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/d1893f1c889b991746f6546b98f009b4125d5046

commit d1893f1c889b991746f6546b98f009b4125d5046
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Wed Dec 28 00:11:00 2022 +0100

    px5g-mbedtls: Use getrandom()
    
    Instead of accessing /dev/urandom use the getrandom syscall. This way we
    do not have to keep the file open all the time.
    This also fixes a compile error with glibc:
    
    --------
    px5g-mbedtls.c: In function '_urandom':
    px5g-mbedtls.c:48:9: error: ignoring return value of 'read' declared with attribute 'warn_unused_result' [-Werror=unused-result]
       48 |         read(urandom_fd, out, len);
          |         ^~~~~~~~~~~~~~~~~~~~~~~~~~
    cc1: all warnings being treated as errors
    --------
    
    Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 package/utils/px5g-mbedtls/px5g-mbedtls.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/package/utils/px5g-mbedtls/px5g-mbedtls.c b/package/utils/px5g-mbedtls/px5g-mbedtls.c
index 0b72154509..4e0a73ab0a 100644
--- a/package/utils/px5g-mbedtls/px5g-mbedtls.c
+++ b/package/utils/px5g-mbedtls/px5g-mbedtls.c
@@ -20,6 +20,7 @@
  */
 
 #include <sys/types.h>
+#include <sys/random.h>
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -31,6 +32,7 @@
 #include <stdbool.h>
 
 #include <mbedtls/bignum.h>
+#include <mbedtls/entropy.h>
 #include <mbedtls/x509_crt.h>
 #include <mbedtls/ecp.h>
 #include <mbedtls/rsa.h>
@@ -40,12 +42,16 @@
 #define PX5G_COPY "Copyright (c) 2009 Steven Barth <steven at midlink.org>"
 #define PX5G_LICENSE "Licensed under the GNU Lesser General Public License v2.1"
 
-static int urandom_fd;
 static char buf[16384];
 
 static int _urandom(void *ctx, unsigned char *out, size_t len)
 {
-	read(urandom_fd, out, len);
+	ssize_t ret;
+
+	ret = getrandom(out, len, 0);
+	if (ret < 0 || (size_t)ret != len)
+		return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+
 	return 0;
 }
 
@@ -306,8 +312,6 @@ int selfsigned(char **arg)
 
 int main(int argc, char *argv[])
 {
-	urandom_fd = open("/dev/urandom", O_RDONLY);
-
 	if (!argv[1]) {
 		//Usage
 	} else if (!strcmp(argv[1], "eckey")) {

More information about the lede-commits mailing list