]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/random-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
11 #include <linux/random.h>
19 # include <sys/auxv.h>
23 # include <sys/random.h>
25 # include <linux/random.h>
31 #include "random-util.h"
32 #include "time-util.h"
34 int acquire_random_bytes(void *p
, size_t n
, bool high_quality_required
) {
35 static int have_syscall
= -1;
37 _cleanup_close_
int fd
= -1;
38 unsigned already_done
= 0;
41 /* Gathers some randomness from the kernel. This call will never block. If
42 * high_quality_required, it will always return some data from the kernel,
43 * regardless of whether the random pool is fully initialized or not.
44 * Otherwise, it will return success if at least some random bytes were
45 * successfully acquired, and an error if the kernel has no entropy whatsover
48 /* Use the getrandom() syscall unless we know we don't have it. */
49 if (have_syscall
!= 0) {
50 r
= getrandom(p
, n
, GRND_NONBLOCK
);
55 if (!high_quality_required
) {
56 /* Fill in the remaining bytes using pseudorandom values */
57 pseudorandom_bytes((uint8_t*) p
+ r
, n
- r
);
62 } else if (errno
== ENOSYS
)
63 /* We lack the syscall, continue with reading from /dev/urandom. */
65 else if (errno
== EAGAIN
) {
66 /* The kernel has no entropy whatsoever. Let's remember to
67 * use the syscall the next time again though.
69 * If high_quality_required is false, return an error so that
70 * random_bytes() can produce some pseudorandom
71 * bytes. Otherwise, fall back to /dev/urandom, which we know
72 * is empty, but the kernel will produce some bytes for us on
73 * a best-effort basis. */
76 if (!high_quality_required
)
82 fd
= open("/dev/urandom", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
84 return errno
== ENOENT
? -ENOSYS
: -errno
;
86 return loop_read_exact(fd
, (uint8_t*) p
+ already_done
, n
- already_done
, true);
89 void initialize_srand(void) {
90 static bool srand_called
= false;
100 /* The kernel provides us with 16 bytes of entropy in auxv, so let's
101 * try to make use of that to seed the pseudo-random generator. It's
102 * better than nothing... */
104 auxv
= (void*) getauxval(AT_RANDOM
);
106 assert_cc(sizeof(x
) <= 16);
107 memcpy(&x
, auxv
, sizeof(x
));
113 x
^= (unsigned) now(CLOCK_REALTIME
);
114 x
^= (unsigned) gettid();
120 /* INT_MAX gives us only 31 bits, so use 24 out of that. */
121 #if RAND_MAX >= INT_MAX
124 /* SHORT_INT_MAX or lower gives at most 15 bits, we just just 8 out of that. */
128 void pseudorandom_bytes(void *p
, size_t n
) {
133 for (q
= p
; q
< (uint8_t*) p
+ n
; q
+= RAND_STEP
) {
136 rr
= (unsigned) rand();
139 if ((size_t) (q
- (uint8_t*) p
+ 2) < n
)
143 if ((size_t) (q
- (uint8_t*) p
+ 1) < n
)
150 void random_bytes(void *p
, size_t n
) {
153 r
= acquire_random_bytes(p
, n
, false);
157 /* If some idiot made /dev/urandom unavailable to us, or the
158 * kernel has no entropy, use a PRNG instead. */
159 return pseudorandom_bytes(p
, n
);