summaryrefslogtreecommitdiffstats
path: root/bin
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2019-02-18 12:44:07 +0100
committerGravatar Christian Hesse <mail@eworm.de>2019-02-18 12:44:07 +0100
commit25d3aaf2a9e5ee9fc461fd49b8a00af4e50096da (patch)
tree998d7546c4e9102a8c069d3650324aede9e2f68e /bin
parent51ca8e68863efa6d6a5afacb9cc43f64624dea78 (diff)
downloadmkinitcpio-ykfde-25d3aaf2a9e5ee9fc461fd49b8a00af4e50096da.tar.gz
mkinitcpio-ykfde-25d3aaf2a9e5ee9fc461fd49b8a00af4e50096da.tar.zst
completly replace rand() with getrandom()
Diffstat (limited to 'bin')
-rw-r--r--bin/ykfde.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/bin/ykfde.c b/bin/ykfde.c
index e808abe..9cbf01c 100644
--- a/bin/ykfde.c
+++ b/bin/ykfde.c
@@ -101,7 +101,7 @@ char * ask_secret(const char * text) {
}
int main(int argc, char **argv) {
- unsigned int version = 0, help = 0;
+ unsigned int version = 0, help = 0, challenge_int[CHALLENGELEN];
char challenge_old[CHALLENGELEN + 1],
challenge_new[CHALLENGELEN + 1],
response_old[RESPONSELEN],
@@ -112,7 +112,6 @@ int main(int argc, char **argv) {
char challengefilename[sizeof(CHALLENGEDIR) + 11 /* "/challenge-" */ + 10 /* unsigned int in char */ + 1],
challengefiletmpname[sizeof(CHALLENGEDIR) + 11 /* "/challenge-" */ + 10 /* unsigned int in char */ + 7 /* -XXXXXX */ + 1];
int challengefile = 0, challengefiletmp = 0;
- unsigned int seed;
int i;
size_t len;
int8_t rc = EXIT_FAILURE;
@@ -196,14 +195,8 @@ int main(int argc, char **argv) {
if (version > 0 || help > 0)
return EXIT_SUCCESS;
- /* initialize random seed */
- if (getentropy(&seed, sizeof(unsigned int)) != 0) {
- fprintf(stderr, "Initializing random seed failed.\n");
- goto out10;
- }
- srand(seed);
-
/* initialize static buffers */
+ memset(challenge_int, 0, CHALLENGELEN * sizeof(unsigned int));
memset(challenge_old, 0, CHALLENGELEN + 1);
memset(challenge_new, 0, CHALLENGELEN + 1);
memset(response_old, 0, RESPONSELEN);
@@ -297,9 +290,13 @@ int main(int argc, char **argv) {
(new_2nd_factor != NULL && *new_2nd_factor != 0)))
fprintf(stderr, "Warning: Processing second factor, but not enabled in config!\n");
- /* get random number and limit to printable ASCII character (32 to 126) */
- for(i = 0; i < CHALLENGELEN; i++)
- challenge_new[i] = (rand() % (126 - 32)) + 32;
+ /* get random number - try random first, fall back to urandom
+ We generate an array of unsigned int, the use modulo to limit to printable
+ ASCII characters (32 to 127). */
+ if ((len = getrandom(challenge_int, CHALLENGELEN * sizeof(unsigned int), GRND_RANDOM|GRND_NONBLOCK)) != CHALLENGELEN * sizeof(unsigned int))
+ getrandom((void *)((size_t)challenge_int + len), CHALLENGELEN * sizeof(unsigned int) - len, 0);
+ for (i = 0; i < CHALLENGELEN; i++)
+ challenge_new[i] = (challenge_int[i] % (127 - 32)) + 32;
/* these are the filenames for challenge
* we need this for reading and writing */
@@ -441,6 +438,7 @@ out20:
out10:
/* wipe response (cleartext password!) from memory */
/* This is statically allocated and always save to wipe! */
+ memset(challenge_int, 0, CHALLENGELEN * sizeof(unsigned int));
memset(challenge_old, 0, CHALLENGELEN + 1);
memset(challenge_new, 0, CHALLENGELEN + 1);
memset(response_old, 0, RESPONSELEN);