wangxin/loongoffice
1
0
Fork 0
forked from amazingfate/loongoffice
Code Pull Requests Activity
Files
51cfdfd7d4e50c33d040f830cd0133dff7cb6893
loongoffice/include/rtl/random.h
Michael Stahl e9531b792d sal: rtlRandomPool: require OS random device, abort if not present 
Both rtl_random_createPool() and rtl_random_getBytes() first try to get
random data from the OS, via /dev/urandom or rand_s() (documented to
call RtlGenRandom(), see [1]).

In case this does not succeed, there is a fallback to a custom
implementation of a PRNG of unknown design that has never been
substantially changed since initial CVS import, and is presumably not
what would be considered state of the art today, particularly if there's
no actual entropy available to seed it.

Except for a few miscellaneous usages in URE (presumably to avoid
dependencies on non-URE libs), rtlRandomPool is almost always used to
generate material for encryption of documents, which is demanding and
probably beyond what a pure user-space PRNG implementation without
entropy from the OS can provide.

So remove the custom PRNG and instead abort() if reading from the OS
random device fails for whatever reason.

rtl_random_addBytes() becomes a no-op and is therefore deprecated.

Presumably the only kind of environment where random device would be
unavailable in practice is running in some sort of chroot or container
that is missing the device or has incorrect permissions on it; better to
fail hard than to produce encrypted documents of questionable security.

[1] https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/rand-s?view=msvc-170

Change-Id: I3f020c2d11570f8351381d70188ce59bfec9f720
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/163056
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2024-02-07 11:15:47 +01:00

104 lines
2.7 KiB
C
Raw Blame History

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* This file incorporates work covered by the following license notice:
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed
* with this work for additional information regarding copyright
* ownership. The ASF licenses this file to you under the Apache
* License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
/*
* This file is part of LibreOffice published API.
*/
#ifndef INCLUDED_RTL_RANDOM_H
#define INCLUDED_RTL_RANDOM_H
#include "sal/config.h"
#include "sal/saldllapi.h"
#include "sal/types.h"
#ifdef __cplusplus
extern "C" {
#endif
/** Random Pool opaque type.
*/
typedef void* rtlRandomPool;
/** Error Code enumeration.
*/
enum __rtl_RandomError
{
rtl_Random_E_None,
rtl_Random_E_Argument,
rtl_Random_E_Memory,
rtl_Random_E_Unknown,
rtl_Random_E_FORCE_EQUAL_SIZE = SAL_MAX_ENUM
};
/** Error Code type.
*/
typedef enum __rtl_RandomError rtlRandomError;
/** Create a Random Pool.
@return initialized Random Pool, or NULL upon failure.
*/
SAL_DLLPUBLIC rtlRandomPool SAL_CALL rtl_random_createPool (void) SAL_THROW_EXTERN_C();
/** Destroy a Random Pool.
@param[in] Pool a Random Pool.
*/
SAL_DLLPUBLIC void SAL_CALL rtl_random_destroyPool (
rtlRandomPool Pool
) SAL_THROW_EXTERN_C();
/** Add bytes to a Random Pool.
@param[in] Pool a Random Pool.
@param[in] Buffer a buffer containing the bytes to add.
@param[in] Bytes the number of bytes to read from the buffer.
@retval rtl_Random_E_None upon success.
@deprecated This now does nothing.
*/
SAL_DLLPUBLIC rtlRandomError SAL_CALL rtl_random_addBytes (
rtlRandomPool Pool,
const void *Buffer,
sal_Size Bytes
) SAL_THROW_EXTERN_C();
/** Retrieve bytes from a Random Pool.
@param[in] Pool a Random Pool.
@param[in,out] Buffer a buffer to receive the random bytes.
@param[in] Bytes the number of bytes to write to the buffer.
@retval rtl_Random_E_None upon success.
*/
SAL_DLLPUBLIC rtlRandomError SAL_CALL rtl_random_getBytes (
rtlRandomPool Pool,
void *Buffer,
sal_Size Bytes
) SAL_THROW_EXTERN_C();
#ifdef __cplusplus
}
#endif
#endif // INCLUDED_RTL_RANDOM_H
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
View Git Blame Copy Permalink