From: Eric Biggers <ebiggers@kernel.org>
Date: Thu, 26 Mar 2026 00:14:57 +0000 (-0700)
Subject: crypto: rng - Add crypto_stdrng_get_bytes()
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=52b84667bbdc656b380983262ac6303caf49ef2c;p=thirdparty%2Flinux.git

crypto: rng - Add crypto_stdrng_get_bytes()

All callers of crypto_get_default_rng() use the following sequence:

    crypto_get_default_rng()
    crypto_rng_get_bytes(crypto_default_rng, ...)
    crypto_put_default_rng()

While it may have been intended that callers amortize the cost of
getting and putting the "default RNG" (i.e. "stdrng") over multiple
calls, in practice that optimization is never used.  The callers just
want a function that gets random bytes from the "stdrng".

Therefore, add such a function: crypto_stdrng_get_bytes().

Importantly, this decouples the callers from the crypto_rng API.  That
allows a later commit to make this function simply call
get_random_bytes_wait() unless the kernel is in "FIPS mode".

Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

diff --git a/crypto/rng.c b/crypto/rng.c
index c6165c8eb3873..53a268ad5104f 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -145,6 +145,20 @@ void crypto_put_default_rng(void)
 }
 EXPORT_SYMBOL_GPL(crypto_put_default_rng);
 
+int crypto_stdrng_get_bytes(void *buf, unsigned int len)
+{
+	int err;
+
+	err = crypto_get_default_rng();
+	if (err)
+		return err;
+
+	err = crypto_rng_get_bytes(crypto_default_rng, buf, len);
+	crypto_put_default_rng();
+	return err;
+}
+EXPORT_SYMBOL_GPL(crypto_stdrng_get_bytes);
+
 #if defined(CONFIG_CRYPTO_RNG) || defined(CONFIG_CRYPTO_RNG_MODULE)
 int crypto_del_default_rng(void)
 {
diff --git a/include/crypto/rng.h b/include/crypto/rng.h
index d451b54b322a1..db6c3962a7df5 100644
--- a/include/crypto/rng.h
+++ b/include/crypto/rng.h
@@ -62,6 +62,19 @@ extern struct crypto_rng *crypto_default_rng;
 int crypto_get_default_rng(void);
 void crypto_put_default_rng(void);
 
+/**
+ * crypto_stdrng_get_bytes() - get cryptographically secure random bytes
+ * @buf: output buffer holding the random numbers
+ * @len: length of the output buffer
+ *
+ * This function fills the caller-allocated buffer with random numbers using the
+ * highest-priority "stdrng" algorithm in the crypto_rng subsystem.
+ *
+ * Context: May sleep
+ * Return: 0 function was successful; < 0 if an error occurred
+ */
+int crypto_stdrng_get_bytes(void *buf, unsigned int len);
+
 /**
  * DOC: Random number generator API
  *