mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-15 04:24:32 +00:00
glib-aux/trivial: reword code comments about bad random fallback in "nm-random-utils.c"
This commit is contained in:
parent
d359a9a1e7
commit
da3c9e470e
|
@ -187,9 +187,9 @@ _bad_random_init_seed(BadRandSeed *seed)
|
||||||
int seed_idx;
|
int seed_idx;
|
||||||
GRand *rand;
|
GRand *rand;
|
||||||
|
|
||||||
/* g_rand_new() reads /dev/urandom, but we already noticed that
|
/* g_rand_new() reads /dev/urandom too, but we already know that
|
||||||
* /dev/urandom fails to give us good randomness (which is why
|
* /dev/urandom fails to give us good randomness (which is why
|
||||||
* we hit the "bad randomness" code path). So this may not be as
|
* we hit the "bad random" code path). So this may not be as
|
||||||
* good as we wish, but let's hope that it it does something smart
|
* good as we wish, but let's hope that it it does something smart
|
||||||
* to give some extra entropy... */
|
* to give some extra entropy... */
|
||||||
rand = g_rand_new();
|
rand = g_rand_new();
|
||||||
|
@ -231,14 +231,14 @@ _bad_random_bytes(guint8 *buf, gsize n)
|
||||||
* to give us good randomness. Try our best.
|
* to give us good randomness. Try our best.
|
||||||
*
|
*
|
||||||
* Our ability to get entropy for the CPRNG is very limited and thus the overall
|
* Our ability to get entropy for the CPRNG is very limited and thus the overall
|
||||||
* result will not be good randomness. See _bad_random_init_seed().
|
* result will be bad randomness.
|
||||||
*
|
*
|
||||||
* Once we have some seed material, we combine GRand (which is not a cryptographically
|
* Once we have some seed material, we combine GRand (which is not a cryptographically
|
||||||
* secure PRNG) with some iterative sha256 hashing. It would be nice if we had
|
* secure PRNG) with some iterative sha256 hashing. It would be nice if we had
|
||||||
* easy access to chacha20, but it's probably more cumbersome to fork those
|
* easy access to chacha20, but it's probably more cumbersome to fork those
|
||||||
* implementations than hack a bad CPRNG by using sha256 hashing. After all, this
|
* implementations than hack a bad CPRNG by using sha256 hashing. After all, this
|
||||||
* is fallback code to get *some* randomness. And with the inability to get a good
|
* is fallback code to get *some* bad randomness. And with the inability to get a good
|
||||||
* seed, the CPRNG is not going to give us truly good randomness. */
|
* seed, any CPRNG can only give us bad randomness. */
|
||||||
|
|
||||||
{
|
{
|
||||||
static BadRandState gl_state;
|
static BadRandState gl_state;
|
||||||
|
@ -277,11 +277,11 @@ _bad_random_bytes(guint8 *buf, gsize n)
|
||||||
nm_utils_checksum_get_digest(sum, gl_state.sha_digest.full);
|
nm_utils_checksum_get_digest(sum, gl_state.sha_digest.full);
|
||||||
|
|
||||||
/* gl_state.sha_digest.full and gl_state.rand_vals contain now our
|
/* gl_state.sha_digest.full and gl_state.rand_vals contain now our
|
||||||
* random values, but they are also the state for the next iteration.
|
* bad random values, but they are also the state for the next iteration.
|
||||||
* We must not directly expose that state to the caller, so XOR the values.
|
* We must not directly expose that state to the caller, so XOR the values.
|
||||||
*
|
*
|
||||||
* That means, per iteration we can generate 16 bytes of randomness. That
|
* That means, per iteration we can generate 16 bytes of bad randomness. That
|
||||||
* is for example required to generate a random UUID. */
|
* is suitable to initialize a random UUID. */
|
||||||
for (i = 0; i < (int) (NM_UTILS_CHECKSUM_LENGTH_SHA256 / 2); i++) {
|
for (i = 0; i < (int) (NM_UTILS_CHECKSUM_LENGTH_SHA256 / 2); i++) {
|
||||||
nm_assert(n > 0);
|
nm_assert(n > 0);
|
||||||
buf[0] = gl_state.sha_digest.half_1[i] ^ gl_state.sha_digest.half_2[i]
|
buf[0] = gl_state.sha_digest.half_1[i] ^ gl_state.sha_digest.half_2[i]
|
||||||
|
@ -448,6 +448,8 @@ again_getrandom:
|
||||||
return nm_utils_fd_read_loop_exact(fd, p, n, FALSE);
|
return nm_utils_fd_read_loop_exact(fd, p, n, FALSE);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
|
||||||
guint64
|
guint64
|
||||||
nm_random_u64_range_full(guint64 begin, guint64 end, gboolean crypto_bytes)
|
nm_random_u64_range_full(guint64 begin, guint64 end, gboolean crypto_bytes)
|
||||||
{
|
{
|
||||||
|
@ -465,7 +467,7 @@ nm_random_u64_range_full(guint64 begin, guint64 end, gboolean crypto_bytes)
|
||||||
* not crypto_bytes despite being requested). Check errno if you care. */
|
* not crypto_bytes despite being requested). Check errno if you care. */
|
||||||
|
|
||||||
if (begin >= end) {
|
if (begin >= end) {
|
||||||
/* systemd's random_u64_range(0) is an alias for random_u64_range((uint64_t)-1).
|
/* systemd's random_u64_range(0) is an alias for nm_random_u64().
|
||||||
* Not for us. It's a caller error to request an element from an empty range. */
|
* Not for us. It's a caller error to request an element from an empty range. */
|
||||||
return nm_assert_unreachable_val(begin);
|
return nm_assert_unreachable_val(begin);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue