projects
/
platform
/
upstream
/
cryptsetup.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'upstream' into tizen
[platform/upstream/cryptsetup.git]
/
lib
/
random.c
diff --git
a/lib/random.c
b/lib/random.c
index
870ab64
..
0dfcff9
100644
(file)
--- a/
lib/random.c
+++ b/
lib/random.c
@@
-1,11
+1,12
@@
/*
* cryptsetup kernel RNG access functions
*
/*
* cryptsetup kernel RNG access functions
*
- * Copyright (C) 2010-20
12,
Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-20
23
Red Hat, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
@@
-19,13
+20,11
@@
#include <stdlib.h>
#include <string.h>
#include <stdlib.h>
#include <string.h>
-#include <fcntl.h>
#include <errno.h>
#include <errno.h>
-#include <
asser
t.h>
+#include <
sys/selec
t.h>
#include "libcryptsetup.h"
#include "internal.h"
#include "libcryptsetup.h"
#include "internal.h"
-#include "crypto_backend.h"
static int random_initialised = 0;
static int random_initialised = 0;
@@
-42,8
+41,7
@@
static int random_fd = -1;
#define RANDOM_DEVICE_TIMEOUT 5
/* URANDOM_DEVICE access */
#define RANDOM_DEVICE_TIMEOUT 5
/* URANDOM_DEVICE access */
-static int _get_urandom(struct crypt_device *ctx __attribute__((unused)),
- char *buf, size_t len)
+static int _get_urandom(char *buf, size_t len)
{
int r;
size_t old_len = len;
{
int r;
size_t old_len = len;
@@
-51,7
+49,7
@@
static int _get_urandom(struct crypt_device *ctx __attribute__((unused)),
assert(urandom_fd != -1);
assert(urandom_fd != -1);
- while(len) {
+ while
(len) {
r = read(urandom_fd, buf, len);
if (r == -1 && errno != EINTR)
return -EINVAL;
r = read(urandom_fd, buf, len);
if (r == -1 && errno != EINTR)
return -EINVAL;
@@
-151,48
+149,52
@@
int crypt_random_init(struct crypt_device *ctx)
/* Used for CRYPT_RND_NORMAL */
if(urandom_fd == -1)
/* Used for CRYPT_RND_NORMAL */
if(urandom_fd == -1)
- urandom_fd = open(URANDOM_DEVICE, O_RDONLY);
+ urandom_fd = open(URANDOM_DEVICE, O_RDONLY
| O_CLOEXEC
);
if(urandom_fd == -1)
if(urandom_fd == -1)
- goto
fail
;
+ goto
err
;
/* Used for CRYPT_RND_KEY */
if(random_fd == -1)
/* Used for CRYPT_RND_KEY */
if(random_fd == -1)
- random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK);
+ random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK
| O_CLOEXEC
);
if(random_fd == -1)
if(random_fd == -1)
- goto fail;
+ goto err;
+
+ if (crypt_fips_mode())
+ log_verbose(ctx, _("Running in FIPS mode."));
random_initialised = 1;
return 0;
random_initialised = 1;
return 0;
-
fail
:
+
err
:
crypt_random_exit();
crypt_random_exit();
- log_err(ctx, _("Fatal error during RNG initialisation.
\n
"));
+ log_err(ctx, _("Fatal error during RNG initialisation."));
return -ENOSYS;
}
return -ENOSYS;
}
+/* coverity[ -taint_source : arg-1 ] */
int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality)
{
int status, rng_type;
switch(quality) {
case CRYPT_RND_NORMAL:
int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality)
{
int status, rng_type;
switch(quality) {
case CRYPT_RND_NORMAL:
- status = _get_urandom(
ctx,
buf, len);
+ status = _get_urandom(buf, len);
break;
case CRYPT_RND_SALT:
if (crypt_fips_mode())
break;
case CRYPT_RND_SALT:
if (crypt_fips_mode())
- status = crypt_backend_
fips_rng(buf, len, quality
);
+ status = crypt_backend_
rng(buf, len, quality, 1
);
else
else
- status = _get_urandom(
ctx,
buf, len);
+ status = _get_urandom(buf, len);
break;
case CRYPT_RND_KEY:
if (crypt_fips_mode()) {
break;
case CRYPT_RND_KEY:
if (crypt_fips_mode()) {
- status = crypt_backend_
fips_rng(buf, len, quality
);
+ status = crypt_backend_
rng(buf, len, quality, 1
);
break;
}
rng_type = ctx ? crypt_get_rng_type(ctx) :
crypt_random_default_key_rng();
switch (rng_type) {
case CRYPT_RNG_URANDOM:
break;
}
rng_type = ctx ? crypt_get_rng_type(ctx) :
crypt_random_default_key_rng();
switch (rng_type) {
case CRYPT_RNG_URANDOM:
- status = _get_urandom(
ctx,
buf, len);
+ status = _get_urandom(buf, len);
break;
case CRYPT_RNG_RANDOM:
status = _get_random(ctx, buf, len);
break;
case CRYPT_RNG_RANDOM:
status = _get_random(ctx, buf, len);
@@
-202,13
+204,12
@@
int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit
}
break;
default:
}
break;
default:
- log_err(ctx, _("Unknown RNG quality requested.
\n
"));
+ log_err(ctx, _("Unknown RNG quality requested."));
return -EINVAL;
}
if (status)
return -EINVAL;
}
if (status)
- log_err(ctx, _("Error %d reading from RNG: %s\n"),
- errno, strerror(errno));
+ log_err(ctx, _("Error reading from RNG."));
return status;
}
return status;
}
@@
-230,9
+231,11
@@
void crypt_random_exit(void)
int crypt_random_default_key_rng(void)
{
int crypt_random_default_key_rng(void)
{
+ /* coverity[pointless_string_compare] */
if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE))
return CRYPT_RNG_RANDOM;
if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE))
return CRYPT_RNG_RANDOM;
+ /* coverity[pointless_string_compare] */
if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE))
return CRYPT_RNG_URANDOM;
if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE))
return CRYPT_RNG_URANDOM;