X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=lib%2Frandom.c;h=0dfcff96bc10150164ab9afa9103d6f0f62997c1;hb=420ad62f0bb77970a6ba234bde9e1405f7df7789;hp=870ab64f6c23f16fd66bdb13109ed670e2e68523;hpb=9910c7dcd0956e7608f53fcf7c7b81793f581556;p=platform%2Fupstream%2Fcryptsetup.git diff --git a/lib/random.c b/lib/random.c index 870ab64..0dfcff9 100644 --- a/lib/random.c +++ b/lib/random.c @@ -1,11 +1,12 @@ /* * cryptsetup kernel RNG access functions * - * Copyright (C) 2010-2012, Red Hat, Inc. All rights reserved. + * Copyright (C) 2010-2023 Red Hat, Inc. All rights reserved. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License - * version 2 as published by the Free Software Foundation. + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -19,13 +20,11 @@ #include #include -#include #include -#include +#include #include "libcryptsetup.h" #include "internal.h" -#include "crypto_backend.h" static int random_initialised = 0; @@ -42,8 +41,7 @@ static int random_fd = -1; #define RANDOM_DEVICE_TIMEOUT 5 /* URANDOM_DEVICE access */ -static int _get_urandom(struct crypt_device *ctx __attribute__((unused)), - char *buf, size_t len) +static int _get_urandom(char *buf, size_t len) { int r; size_t old_len = len; @@ -51,7 +49,7 @@ static int _get_urandom(struct crypt_device *ctx __attribute__((unused)), assert(urandom_fd != -1); - while(len) { + while (len) { r = read(urandom_fd, buf, len); if (r == -1 && errno != EINTR) return -EINVAL; @@ -151,48 +149,52 @@ int crypt_random_init(struct crypt_device *ctx) /* Used for CRYPT_RND_NORMAL */ if(urandom_fd == -1) - urandom_fd = open(URANDOM_DEVICE, O_RDONLY); + urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC); if(urandom_fd == -1) - goto fail; + goto err; /* Used for CRYPT_RND_KEY */ if(random_fd == -1) - random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK); + random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC); if(random_fd == -1) - goto fail; + goto err; + + if (crypt_fips_mode()) + log_verbose(ctx, _("Running in FIPS mode.")); random_initialised = 1; return 0; -fail: +err: crypt_random_exit(); - log_err(ctx, _("Fatal error during RNG initialisation.\n")); + log_err(ctx, _("Fatal error during RNG initialisation.")); return -ENOSYS; } +/* coverity[ -taint_source : arg-1 ] */ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int quality) { int status, rng_type; switch(quality) { case CRYPT_RND_NORMAL: - status = _get_urandom(ctx, buf, len); + status = _get_urandom(buf, len); break; case CRYPT_RND_SALT: if (crypt_fips_mode()) - status = crypt_backend_fips_rng(buf, len, quality); + status = crypt_backend_rng(buf, len, quality, 1); else - status = _get_urandom(ctx, buf, len); + status = _get_urandom(buf, len); break; case CRYPT_RND_KEY: if (crypt_fips_mode()) { - status = crypt_backend_fips_rng(buf, len, quality); + status = crypt_backend_rng(buf, len, quality, 1); break; } rng_type = ctx ? crypt_get_rng_type(ctx) : crypt_random_default_key_rng(); switch (rng_type) { case CRYPT_RNG_URANDOM: - status = _get_urandom(ctx, buf, len); + status = _get_urandom(buf, len); break; case CRYPT_RNG_RANDOM: status = _get_random(ctx, buf, len); @@ -202,13 +204,12 @@ int crypt_random_get(struct crypt_device *ctx, char *buf, size_t len, int qualit } break; default: - log_err(ctx, _("Unknown RNG quality requested.\n")); + log_err(ctx, _("Unknown RNG quality requested.")); return -EINVAL; } if (status) - log_err(ctx, _("Error %d reading from RNG: %s\n"), - errno, strerror(errno)); + log_err(ctx, _("Error reading from RNG.")); return status; } @@ -230,9 +231,11 @@ void crypt_random_exit(void) int crypt_random_default_key_rng(void) { + /* coverity[pointless_string_compare] */ if (!strcmp(DEFAULT_RNG, RANDOM_DEVICE)) return CRYPT_RNG_RANDOM; + /* coverity[pointless_string_compare] */ if (!strcmp(DEFAULT_RNG, URANDOM_DEVICE)) return CRYPT_RNG_URANDOM;