Skip Menu |

This queue is for tickets about the Crypt-CBC CPAN distribution.

Report information
The Basics
Id: 131170
Status: new
Priority: 0/
Queue: Crypt-CBC

People
Owner: Nobody in particular
Requestors: jondoe842gthb [...] vodafonemail.de
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 2.33
Fixed in: (no value)



Subject: _get_random_bytes() "wastes" entropy
_get_random_bytes() uses read() to fetch random bytes from /dev/urandom. Although read() only stores as much bytes as requested in the destination buffer, it reads the data in chunks of 4 or 8 KiB (check with strace) which is a "waste" of entropy. It would be better to use sysread() instead. Find a patch attached.
Subject: _get_random_bytes.patch
--- CBC.pm.orig Thu Dec 12 12:40:01 2019 +++ CBC.pm Thu Dec 12 12:45:52 2019 @@ -1,5 +1,6 @@ package Crypt::CBC; +use Errno; use Digest::MD5 'md5'; use Carp; use strict; @@ -455,7 +456,12 @@ my $result; if (-r RANDOM_DEVICE && open(F,RANDOM_DEVICE)) { - read(F,$result,$length); + binmode F; + for (my $size = 0; $size < $length;) { + my $n = sysread F, $result, $length - $size, $size; + $!{EINTR} and next or die "sysread(): $!" unless defined $n; + $size += $n; + } close F; } else { $result = pack("C*",map {rand(256)} 1..$length);