xmlparse.c: Read /dev/urandom if non-blocking getrandom failed

This is in line with what recent Python does: 1) Calling getrandom with GRND_NONBLOCK 1abcf6700b/Python/bootstrap_hash.c (L594) 2) Reading /dev/urandom if getrandom failed 1abcf6700b/Python/bootstrap_hash.c (L503)
2025-04-06 05:34:59 +00:00 · 2017-07-26 20:40:55 +02:00 · 2017-07-26 20:40:55 +02:00 · 55839b633f
commit 55839b633f
parent cfd6b138d6
1 changed files with 40 additions and 1 deletions
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@ -21,6 +21,8 @@
 #include <sys/time.h>                   /* gettimeofday() */
 #include <sys/types.h>                  /* getpid() */
 #include <unistd.h>                     /* getpid() */
+#include <fcntl.h>                      /* O_RDONLY */
+#include <errno.h>
 #endif

 #define XML_BUILDING_EXPAT 1
@ -36,7 +38,6 @@
 #include "siphash.h"

 #if defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM)
-# include <errno.h>
 # if defined(HAVE_GETRANDOM)
 #  include <sys/random.h>    /* getrandom */
 # else
@ -783,6 +784,39 @@ writeRandomBytes_getrandom_nonblock(void * target, size_t count) {
 #endif  /* defined(HAVE_GETRANDOM) || defined(HAVE_SYSCALL_GETRANDOM) */


+#if ! defined(_WIN32)
+
+/* Extract entropy from /dev/urandom */
+static int
+writeRandomBytes_dev_urandom(void * target, size_t count) {
+  int success = 0;  /* full count bytes written? */
+  size_t bytesWrittenTotal = 0;
+
+  const int fd = open("/dev/urandom", O_RDONLY);
+  if (fd < 0) {
+    return 0;
+  }
+
+  do {
+    void * const currentTarget = (void*)((char*)target + bytesWrittenTotal);
+    const size_t bytesToWrite = count - bytesWrittenTotal;
+
+    const ssize_t bytesWrittenMore = read(fd, currentTarget, bytesToWrite);
+
+    if (bytesWrittenMore > 0) {
+      bytesWrittenTotal += bytesWrittenMore;
+      if (bytesWrittenTotal >= count)
+        success = 1;
+    }
+  } while (! success && (errno == EINTR));
+
+  close(fd);
+  return success;
+}
+
+#endif  /* ! defined(_WIN32) */
+
+
 #if defined(HAVE_ARC4RANDOM)

 static void
@ -905,6 +939,11 @@ generate_hash_secret_salt(XML_Parser parser)
    return ENTROPY_DEBUG("getrandom", entropy);
  }
 #endif
+#if ! defined(_WIN32)
+  if (writeRandomBytes_dev_urandom((void *)&entropy, sizeof(entropy))) {
+    return ENTROPY_DEBUG("/dev/urandom", entropy);
+  }
+#endif  /* ! defined(_WIN32) */
  /* .. and self-made low quality for backup: */

  /* Process ID is 0 bits entropy if attacker has local access */