Switched random number generation from rust rng to ocicrypt native or…

… ring approach
confidential-containers · Nov 9, 2023 · 45b5acf · 45b5acf
1 parent 31372e7
commit 45b5acf
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/image-rs/src/snapshots/occlum/unionfs.rs b/image-rs/src/snapshots/occlum/unionfs.rs
@@ -18,6 +18,8 @@ use fs_extra::dir;
 use nix::mount::MsFlags;
 use rand::Rng;
 
+use ocicrypt_rs::blockcipher::rand::rand_bytes;
+
 use crate::snapshots::{MountPoint, Snapshotter};
 
 const LD_LIB: &str = "ld-linux-x86-64.so.2";
@@ -64,8 +66,9 @@ fn create_key_file(path: &PathBuf, key: &str) -> Result<()> {
 // returns randomly generted random 128 bit key
 fn generate_random_key() -> String {
 
-    let mut rng = rand::thread_rng();
-    let key: [u8; 16] = rng.gen();
+    let mut key: [u8; 16] = [0u8; 16];
+
+    rand_bytes(&mut key).expect("Random fill failed");
 
     let formatted_key = key.iter().map(|byte| format!("{:02x}", byte)).collect::<Vec<String>>().join("-");
 

diff --git a/ocicrypt-rs/src/blockcipher/mod.rs b/ocicrypt-rs/src/blockcipher/mod.rs
@@ -12,7 +12,7 @@ use serde::{de, Deserialize, Deserializer, Serialize, Serializer};
 mod aes_ctr;
 use aes_ctr::AESCTRBlockCipher;
 
-mod rand;
+pub mod rand;
 
 /// Type of the cipher algorithm used to encrypt/decrypt image layers.
 pub type LayerCipherType = String;

diff --git a/ocicrypt-rs/src/blockcipher/rand.rs b/ocicrypt-rs/src/blockcipher/rand.rs
@@ -4,7 +4,7 @@
 use anyhow::Result;
 
 /// Fill the given slice with cryptographically generated random numbers
-pub(crate) fn rand_bytes(data: &mut [u8]) -> Result<()> {
+pub fn rand_bytes(data: &mut [u8]) -> Result<()> {
     cfg_if::cfg_if! {
         if #[cfg(feature = "block-cipher-openssl")] {
             openssl::rand::rand_bytes(&mut data[..])?;