Enable ASLR feature

[platform/upstream/cryptsetup.git] / lib / random.c

diff --git a/lib/random.c b/lib/random.c
index 870ab64..060be4f 100644 (file)
--- a/lib/random.c
+++ b/lib/random.c
@@ -1,11 +1,12 @@
 /*
  * cryptsetup kernel RNG access functions
  *
- * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2010-2020 Red Hat, Inc. All rights reserved.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -19,13 +20,12 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include <fcntl.h>
 #include <errno.h>
 #include <assert.h>
+#include <sys/select.h>
 
 #include "libcryptsetup.h"
 #include "internal.h"
-#include "crypto_backend.h"
 
 static int random_initialised = 0;
 
@@ -151,21 +151,24 @@ int crypt_random_init(struct crypt_device *ctx)
 
        /* Used for CRYPT_RND_NORMAL */
        if(urandom_fd == -1)
-               urandom_fd = open(URANDOM_DEVICE, O_RDONLY);
+               urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC);
        if(urandom_fd == -1)
                goto fail;
 
        /* Used for CRYPT_RND_KEY */
        if(random_fd == -1)
-               random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK);
+               random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
        if(random_fd == -1)
                goto fail;
 
+       if (crypt_fips_mode())
+               log_verbose(ctx, _("Running in FIPS mode."));
+
        random_initialised = 1;
        return 0;
 fail:
        crypt_random_exit();
-       log_err(ctx, _("Fatal error during RNG initialisation.\n"));
+       log_err(ctx, _("Fatal error during RNG initialisation."));
        return -ENOSYS;
 }
 
@@ -179,13 +182,13 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit
                break;
        case CRYPT_RND_SALT:
                if (crypt_fips_mode())
-                       status = crypt_backend_fips_rng(buf, len, quality);
+                       status = crypt_backend_rng(buf, len, quality, 1);
                else
                        status = _get_urandom(ctx, buf, len);
                break;
        case CRYPT_RND_KEY:
                if (crypt_fips_mode()) {
-                       status = crypt_backend_fips_rng(buf, len, quality);
+                       status = crypt_backend_rng(buf, len, quality, 1);
                        break;
                }
                rng_type = ctx ? crypt_get_rng_type(ctx) :
@@ -202,13 +205,12 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit
                }
                break;
        default:
-               log_err(ctx, _("Unknown RNG quality requested.\n"));
+               log_err(ctx, _("Unknown RNG quality requested."));
                return -EINVAL;
        }
 
        if (status)
-               log_err(ctx, _("Error %d reading from RNG: %s\n"),
-                       errno, strerror(errno));
+               log_err(ctx, _("Error reading from RNG."));
 
        return status;
 }
@@ -230,9 +232,11 @@ void crypt_random_exit(void)
 
 int crypt_random_default_key_rng(void)
 {
+       /* coverity[pointless_string_compare] */
        if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE))
                return CRYPT_RNG_RANDOM;
 
+       /* coverity[pointless_string_compare] */
        if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE))
                return CRYPT_RNG_URANDOM;