From patchwork Tue Jan 12 12:59:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella X-Patchwork-Id: 41695 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 0C3673844041; Tue, 12 Jan 2021 13:00:07 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0C3673844041 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1610456407; bh=rEyapu0O7rDXbxDxPDcPS2yerGcxQNsCTTz5w95UcqA=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=V6llDrt3D6nm68g43kNmwFy60luQl4J/UHtDn3IcJoIgIsVu1Uv3Af8PUujpHzodK HL17SQ1ikz/NI3Cz2+uQMctQSFOc3NVYKTHmx+oPE2ZUoEEkwKJGloDAi91UzZyJuE zakKedk9vONpi4gZIo0ifaGEuIxnzo7kr6OBZP9k= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) by sourceware.org (Postfix) with ESMTPS id B0A993858D29 for ; Tue, 12 Jan 2021 13:00:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org B0A993858D29 Received: by mail-qk1-x730.google.com with SMTP id 143so1687302qke.10 for ; Tue, 12 Jan 2021 05:00:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rEyapu0O7rDXbxDxPDcPS2yerGcxQNsCTTz5w95UcqA=; b=G0Xfg7/hZqcVorQpflR8+cHx8eiXLHeBdztNW8+p4NoN9BORfxtYf6OojdDMZoUv4G Yz6MfjAWxw0S2fO9b2TTf+UyJgYnrsRfc/LRb3+qK/Zo5lpKQZdDUqzWnrOqW5bqF/hv xqpw2GWaZYLmP70EydufV/AYDjnu/48uM2I+Z02SOiJ2oiQTYUCQHt8XAuHfxzHDWbRQ he4KOYCR0uXxfoEWAyyxswZTfsoSy3ZSqlz+g6qXNYfttMnYUkgXRSNTZLOmdvxWq9tu 7Pxf8y9UM5fInmnpaKGXMinuV9bEmfVR0rFkBQ9ld8WwuEZATvNeF8mCOGoSMQlrYw1h T7bw== X-Gm-Message-State: AOAM533hcmuk2S11o8qYroiHwp0AG/m+rqwc+YZ1flvbkG/yByjA46mn Bkwy9v6sr/Vo7rnRwvQ9ni3KLUnsacR7pA== X-Google-Smtp-Source: ABdhPJzDfiFytMruveaWLb5+o8djS+QbFLXcVkUqPXuc7KEs85IMN9o97Dn5bXW+kUIA1mNkOjdr2g== X-Received: by 2002:a37:68c2:: with SMTP id d185mr4447723qkc.45.1610456404106; Tue, 12 Jan 2021 05:00:04 -0800 (PST) Received: from localhost.localdomain ([177.194.48.209]) by smtp.googlemail.com with ESMTPSA id 17sm1118779qtu.23.2021.01.12.05.00.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Jan 2021 05:00:03 -0800 (PST) To: libc-alpha@sourceware.org Subject: [COMMITTED] posix: consume less entropy on tempname Date: Tue, 12 Jan 2021 09:59:56 -0300 Message-Id: <20210112125956.1309619-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Spam-Status: No, score=-13.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Adhemerval Zanella via Libc-alpha From: Adhemerval Zanella Reply-To: Adhemerval Zanella Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" The first getrandom is used only for __GT_NOCREATE, which is inherently insecure and can use the entropy as a small improvement. On the second and later attempts it might help against DoS attacks. It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2. Checked on x86_64-linux-gnu. --- sysdeps/posix/tempname.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c index f199b25a7a..5f804b38d7 100644 --- a/sysdeps/posix/tempname.c +++ b/sysdeps/posix/tempname.c @@ -22,6 +22,7 @@ #include #include +#include #include @@ -77,11 +78,11 @@ typedef uint_fast64_t random_value; #define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62) static random_value -random_bits (random_value var) +random_bits (random_value var, bool use_getrandom) { random_value r; /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */ - if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) + if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) return r; #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME) /* Add entropy if getrandom did not work. */ @@ -269,6 +270,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args, /* How many random base-62 digits can currently be extracted from V. */ int vdigits = 0; + /* Whether to consume entropy when acquiring random bits. On the + first try it's worth the entropy cost with __GT_NOCREATE, which + is inherently insecure and can use the entropy to make it a bit + less secure. On the (rare) second and later attempts it might + help against DoS attacks. */ + bool use_getrandom = tryfunc == try_nocreate; + /* Least unfair value for V. If V is less than this, V can generate BASE_62_DIGITS digits fairly. Otherwise it might be biased. */ random_value const unfair_min @@ -292,7 +300,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args, if (vdigits == 0) { do - v = random_bits (v); + { + v = random_bits (v, use_getrandom); + use_getrandom = true; + } while (unfair_min <= v); vdigits = BASE_62_DIGITS;