]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/random-util.c
2 This file is part of systemd.
4 Copyright 2010 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
26 #include <linux/random.h>
29 #ifdef HAVE_SYS_AUXV_H
30 # include <sys/auxv.h>
33 #ifdef USE_SYS_RANDOM_H
34 # include <sys/random.h>
36 # include <linux/random.h>
42 #include "random-util.h"
43 #include "time-util.h"
45 int acquire_random_bytes(void *p
, size_t n
, bool high_quality_required
) {
46 static int have_syscall
= -1;
48 _cleanup_close_
int fd
= -1;
49 unsigned already_done
= 0;
52 /* Gathers some randomness from the kernel. This call will never block. If
53 * high_quality_required, it will always return some data from the kernel,
54 * regardless of whether the random pool is fully initialized or not.
55 * Otherwise, it will return success if at least some random bytes were
56 * successfully acquired, and an error if the kernel has no entropy whatsover
59 /* Use the getrandom() syscall unless we know we don't have it. */
60 if (have_syscall
!= 0) {
61 r
= getrandom(p
, n
, GRND_NONBLOCK
);
66 if (!high_quality_required
) {
67 /* Fill in the remaining bytes using pseudorandom values */
68 pseudorandom_bytes((uint8_t*) p
+ r
, n
- r
);
73 } else if (errno
== ENOSYS
)
74 /* We lack the syscall, continue with reading from /dev/urandom. */
76 else if (errno
== EAGAIN
) {
77 /* The kernel has no entropy whatsoever. Let's remember to
78 * use the syscall the next time again though.
80 * If high_quality_required is false, return an error so that
81 * random_bytes() can produce some pseudorandom
82 * bytes. Otherwise, fall back to /dev/urandom, which we know
83 * is empty, but the kernel will produce some bytes for us on
84 * a best-effort basis. */
87 if (!high_quality_required
)
93 fd
= open("/dev/urandom", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
95 return errno
== ENOENT
? -ENOSYS
: -errno
;
97 return loop_read_exact(fd
, (uint8_t*) p
+ already_done
, n
- already_done
, true);
100 void initialize_srand(void) {
101 static bool srand_called
= false;
103 #ifdef HAVE_SYS_AUXV_H
110 #ifdef HAVE_SYS_AUXV_H
111 /* The kernel provides us with 16 bytes of entropy in auxv, so let's
112 * try to make use of that to seed the pseudo-random generator. It's
113 * better than nothing... */
115 auxv
= (void*) getauxval(AT_RANDOM
);
117 assert_cc(sizeof(x
) <= 16);
118 memcpy(&x
, auxv
, sizeof(x
));
124 x
^= (unsigned) now(CLOCK_REALTIME
);
125 x
^= (unsigned) gettid();
131 /* INT_MAX gives us only 31 bits, so use 24 out of that. */
132 #if RAND_MAX >= INT_MAX
135 /* SHORT_INT_MAX or lower gives at most 15 bits, we just just 8 out of that. */
139 void pseudorandom_bytes(void *p
, size_t n
) {
144 for (q
= p
; q
< (uint8_t*) p
+ n
; q
+= RAND_STEP
) {
147 rr
= (unsigned) rand();
150 if ((size_t) (q
- (uint8_t*) p
+ 2) < n
)
154 if ((size_t) (q
- (uint8_t*) p
+ 1) < n
)
161 void random_bytes(void *p
, size_t n
) {
164 r
= acquire_random_bytes(p
, n
, false);
168 /* If some idiot made /dev/urandom unavailable to us, or the
169 * kernel has no entropy, use a PRNG instead. */
170 return pseudorandom_bytes(p
, n
);