Feature: Read entropy from /dev/urandom if we have it

4edda3b6 · Philipp Schafft · Philipp Schafft · b5abbe48 · 4edda3b6 · 4edda3b6
Commit 4edda3b6 authored Apr 02, 2021 by Philipp Schafft 🦁 Committed by Philipp Schafft Feb 22, 2022
--- a/configure.ac
+++ b/configure.ac
@@ -121,6 +121,7 @@ AC_DEFUN([IC_CHECK_PATH], [

 IC_CHECK_PATH([machine-id], [machine_id], [MACHINE_ID], [/etc/machine-id])
 IC_CHECK_PATH([boot-id], [boot_id], [BOOT_ID], [/proc/sys/kernel/random/boot_id])
+IC_CHECK_PATH([urandom], [urandom], [URANDOM], [/dev/urandom])


 AC_DEFINE(igloo_INTERNAL,1,[Set to signal that we are building libigloo in contrast to linking against libigloo.])

--- a/src/prng.c
+++ b/src/prng.c
@@ -298,18 +298,48 @@ static igloo_error_t digest_instance_extra_once(const void *instanceraw, size_t
    return igloo_ERROR_NONE;
 }

+static inline size_t igloo_prng_auto_reseed_unlocked_urandom_buffer(void *buffer, size_t bufferlen)
+{
+#ifdef PATH_URANDOM
+    ssize_t ret;
+    int fh;
+
+#ifdef O_CLOEXEC
+    fh = open(PATH_URANDOM, O_RDONLY|O_CLOEXEC, 0);
+#else
+    fh = open(PATH_URANDOM, O_RDONLY, 0);
+#endif
+    if (fh < 0)
+        return 0;
+
+    ret = read(fh, buffer, bufferlen);
+    close(fh);
+
+    if (ret < 1)
+        return 0;
+
+    return ret;
+#else
+    return 0;
+#endif
+}
+
 igloo_error_t igloo_prng_auto_reseed_unlocked(igloo_prng_state_t *self, const void *instanceraw, size_t instancelen, igloo_ro_t instance)
 {
    igloo_prng_buffer_extra_t extra;
    igloo_error_t error;
+    char buffer[32];
+    size_t extrabytes;

    buffer_extra_init(&extra, instanceraw);
    self->callcount++;

+    extrabytes = igloo_prng_auto_reseed_unlocked_urandom_buffer(buffer, sizeof(buffer));
+
    if (self->state & STATE_AUTO_SEED_0) {
-        error = digest_instance_extra_once(instanceraw, instancelen, instance, &extra, NULL, 0, self->auto_seed0);
+        error = digest_instance_extra_once(instanceraw, instancelen, instance, &extra, buffer, extrabytes, self->auto_seed0);
    } else {
-        error = digest_instance_extra_once(instanceraw, instancelen, instance, &extra, NULL, 0, self->auto_seed1);
+        error = digest_instance_extra_once(instanceraw, instancelen, instance, &extra, buffer, extrabytes, self->auto_seed1);
    }
    if (error != igloo_ERROR_NONE) {
        pthread_mutex_unlock(&(self->lock));
@@ -317,7 +347,7 @@ igloo_error_t igloo_prng_auto_reseed_unlocked(igloo_prng_state_t *self, const vo
    }
    self->state ^= STATE_AUTO_SEED_0;

-    self->bits += 3;
+    self->bits += 3 + (extrabytes * 8 / 2);

    return igloo_ERROR_NONE;
 }