]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/random-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 #include <linux/random.h>
32 # include <sys/auxv.h>
36 # include <sys/random.h>
38 # include <linux/random.h>
44 #include "random-util.h"
45 #include "time-util.h"
47 int acquire_random_bytes(void *p
, size_t n
, bool high_quality_required
) {
48 static int have_syscall
= -1;
50 _cleanup_close_
int fd
= -1;
51 unsigned already_done
= 0;
54 /* Gathers some randomness from the kernel. This call will never block. If
55 * high_quality_required, it will always return some data from the kernel,
56 * regardless of whether the random pool is fully initialized or not.
57 * Otherwise, it will return success if at least some random bytes were
58 * successfully acquired, and an error if the kernel has no entropy whatsover
61 /* Use the getrandom() syscall unless we know we don't have it. */
62 if (have_syscall
!= 0) {
63 r
= getrandom(p
, n
, GRND_NONBLOCK
);
68 if (!high_quality_required
) {
69 /* Fill in the remaining bytes using pseudorandom values */
70 pseudorandom_bytes((uint8_t*) p
+ r
, n
- r
);
75 } else if (errno
== ENOSYS
)
76 /* We lack the syscall, continue with reading from /dev/urandom. */
78 else if (errno
== EAGAIN
) {
79 /* The kernel has no entropy whatsoever. Let's remember to
80 * use the syscall the next time again though.
82 * If high_quality_required is false, return an error so that
83 * random_bytes() can produce some pseudorandom
84 * bytes. Otherwise, fall back to /dev/urandom, which we know
85 * is empty, but the kernel will produce some bytes for us on
86 * a best-effort basis. */
89 if (!high_quality_required
)
95 fd
= open("/dev/urandom", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
97 return errno
== ENOENT
? -ENOSYS
: -errno
;
99 return loop_read_exact(fd
, (uint8_t*) p
+ already_done
, n
- already_done
, true);
102 void initialize_srand(void) {
103 static bool srand_called
= false;
113 /* The kernel provides us with 16 bytes of entropy in auxv, so let's
114 * try to make use of that to seed the pseudo-random generator. It's
115 * better than nothing... */
117 auxv
= (void*) getauxval(AT_RANDOM
);
119 assert_cc(sizeof(x
) <= 16);
120 memcpy(&x
, auxv
, sizeof(x
));
126 x
^= (unsigned) now(CLOCK_REALTIME
);
127 x
^= (unsigned) gettid();
133 /* INT_MAX gives us only 31 bits, so use 24 out of that. */
134 #if RAND_MAX >= INT_MAX
137 /* SHORT_INT_MAX or lower gives at most 15 bits, we just just 8 out of that. */
141 void pseudorandom_bytes(void *p
, size_t n
) {
146 for (q
= p
; q
< (uint8_t*) p
+ n
; q
+= RAND_STEP
) {
149 rr
= (unsigned) rand();
152 if ((size_t) (q
- (uint8_t*) p
+ 2) < n
)
156 if ((size_t) (q
- (uint8_t*) p
+ 1) < n
)
163 void random_bytes(void *p
, size_t n
) {
166 r
= acquire_random_bytes(p
, n
, false);
170 /* If some idiot made /dev/urandom unavailable to us, or the
171 * kernel has no entropy, use a PRNG instead. */
172 return pseudorandom_bytes(p
, n
);