[thirdparty/systemd.git] / src / shared / random-util.c

/***
  This file is part of systemd.

  Copyright 2010 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <stdint.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <time.h>
#include <sys/auxv.h>
#include <linux/random.h>

#include "random-util.h"
#include "time-util.h"
#include "missing.h"
#include "util.h"

int dev_urandom(void *p, size_t n) {
        static int have_syscall = -1;

        _cleanup_close_ int fd = -1;
        int r;

        /* Gathers some randomness from the kernel. This call will
         * never block, and will always return some data from the
         * kernel, regardless if the random pool is fully initialized
         * or not. It thus makes no guarantee for the quality of the
         * returned entropy, but is good enough for or usual usecases
         * of seeding the hash functions for hashtable */

        /* Use the getrandom() syscall unless we know we don't have
         * it, or when the requested size is too large for it. */
        if (have_syscall != 0 || (size_t) (int) n != n) {
                r = getrandom(p, n, GRND_NONBLOCK);
                if (r == (int) n) {
                        have_syscall = true;
                        return 0;
                }

                if (r < 0) {
                        if (errno == ENOSYS)
                                /* we lack the syscall, continue with
                                 * reading from /dev/urandom */
                                have_syscall = false;
                        else if (errno == EAGAIN)
                                /* not enough entropy for now. Let's
                                 * remember to use the syscall the
                                 * next time, again, but also read
                                 * from /dev/urandom for now, which
                                 * doesn't care about the current
                                 * amount of entropy.  */
                                have_syscall = true;
                        else
                                return -errno;
                } else
                        /* too short read? */
                        return -ENODATA;
        }

        fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY);
        if (fd < 0)
                return errno == ENOENT ? -ENOSYS : -errno;

        return loop_read_exact(fd, p, n, true);
}

void initialize_srand(void) {
        static bool srand_called = false;
        unsigned x;
#ifdef HAVE_SYS_AUXV_H
        void *auxv;
#endif

        if (srand_called)
                return;

        x = 0;

#ifdef HAVE_SYS_AUXV_H
        /* The kernel provides us with a bit of entropy in auxv, so
         * let's try to make use of that to seed the pseudo-random
         * generator. It's better than nothing... */

        auxv = (void*) getauxval(AT_RANDOM);
        if (auxv)
                x ^= *(unsigned*) auxv;
#endif

        x ^= (unsigned) now(CLOCK_REALTIME);
        x ^= (unsigned) gettid();

        srand(x);
        srand_called = true;
}

void random_bytes(void *p, size_t n) {
        uint8_t *q;
        int r;

        r = dev_urandom(p, n);
        if (r >= 0)
                return;

        /* If some idiot made /dev/urandom unavailable to us, he'll
         * get a PRNG instead. */

        initialize_srand();

        for (q = p; q < (uint8_t*) p + n; q ++)
                *q = rand();
}
Commit	Line	Data
3df3e884 RC	1	/***
	2	This file is part of systemd.
	3
	4	Copyright 2010 Lennart Poettering
	5
	6	systemd is free software; you can redistribute it and/or modify it
	7	under the terms of the GNU Lesser General Public License as published by
	8	the Free Software Foundation; either version 2.1 of the License, or
	9	(at your option) any later version.
	10
	11	systemd is distributed in the hope that it will be useful, but
	12	WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	Lesser General Public License for more details.
	15
	16	You should have received a copy of the GNU Lesser General Public License
	17	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	18	***/
	19
	20	#include <stdint.h>
	21	#include <errno.h>
	22	#include <sys/types.h>
	23	#include <sys/stat.h>
	24	#include <fcntl.h>
	25	#include <time.h>
	26	#include <sys/auxv.h>
	27	#include <linux/random.h>
	28
	29	#include "random-util.h"
	30	#include "time-util.h"
	31	#include "missing.h"
	32	#include "util.h"
	33
	34	int dev_urandom(void *p, size_t n) {
	35	static int have_syscall = -1;
	36
	37	_cleanup_close_ int fd = -1;
	38	int r;
	39
	40	/* Gathers some randomness from the kernel. This call will
	41	* never block, and will always return some data from the
	42	* kernel, regardless if the random pool is fully initialized
	43	* or not. It thus makes no guarantee for the quality of the
	44	* returned entropy, but is good enough for or usual usecases
	45	* of seeding the hash functions for hashtable */
	46
	47	/* Use the getrandom() syscall unless we know we don't have
	48	* it, or when the requested size is too large for it. */
	49	if (have_syscall != 0 \|\| (size_t) (int) n != n) {
	50	r = getrandom(p, n, GRND_NONBLOCK);
	51	if (r == (int) n) {
	52	have_syscall = true;
	53	return 0;
	54	}
	55
	56	if (r < 0) {
	57	if (errno == ENOSYS)
	58	/* we lack the syscall, continue with
	59	* reading from /dev/urandom */
	60	have_syscall = false;
	61	else if (errno == EAGAIN)
	62	/* not enough entropy for now. Let's
	63	* remember to use the syscall the
	64	* next time, again, but also read
65	* from /dev/urandom for now, which
66	* doesn't care about the current
67	* amount of entropy. */
68	have_syscall = true;
69	else
70	return -errno;
71	} else
72	/* too short read? */
73	return -ENODATA;
74	}
75
76	fd = open("/dev/urandom", O_RDONLY\|O_CLOEXEC\|O_NOCTTY);
77	if (fd < 0)
78	return errno == ENOENT ? -ENOSYS : -errno;
79
80	return loop_read_exact(fd, p, n, true);
81	}
82
83	void initialize_srand(void) {
84	static bool srand_called = false;
85	unsigned x;
86	#ifdef HAVE_SYS_AUXV_H
87	void *auxv;
88	#endif
89
90	if (srand_called)
91	return;
92
93	x = 0;
94
95	#ifdef HAVE_SYS_AUXV_H
96	/* The kernel provides us with a bit of entropy in auxv, so
97	* let's try to make use of that to seed the pseudo-random
98	* generator. It's better than nothing... */
99
100	auxv = (void*) getauxval(AT_RANDOM);
101	if (auxv)
102	x ^= (unsigned) auxv;
103	#endif
104
105	x ^= (unsigned) now(CLOCK_REALTIME);
106	x ^= (unsigned) gettid();
107
108	srand(x);
109	srand_called = true;
110	}
111
112	void random_bytes(void *p, size_t n) {
113	uint8_t *q;
114	int r;
115
116	r = dev_urandom(p, n);
117	if (r >= 0)
118	return;
119
120	/* If some idiot made /dev/urandom unavailable to us, he'll
121	* get a PRNG instead. */
122
123	initialize_srand();
124
125	for (q = p; q < (uint8_t*) p + n; q ++)
126	*q = rand();
127	}