summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/freebl/unix_urandom.c
blob: 73006cdbb42ff5b77b5280815252e9069dcd80db (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include "secerr.h"
#include "secrng.h"
#include "prprf.h"

/* syscall getentropy() is limited to retrieving 256 bytes */
#define GETENTROPY_MAX_BYTES 256

void
RNG_SystemInfoForRNG(void)
{
    PRUint8 bytes[SYSTEM_RNG_SEED_COUNT];
    size_t numBytes = RNG_SystemRNG(bytes, SYSTEM_RNG_SEED_COUNT);
    if (!numBytes) {
        /* error is set */
        return;
    }
    RNG_RandomUpdate(bytes, numBytes);
    PORT_Memset(bytes, 0, sizeof bytes);
}

size_t
RNG_SystemRNG(void *dest, size_t maxLen)
{
    int fd;
    int bytes;
    size_t fileBytes = 0;
    unsigned char *buffer = dest;

#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD_version >= 1200000) || (defined(LINUX) && defined(__GLIBC__) && ((__GLIBC__ > 2) || ((__GLIBC__ == 2) && (__GLIBC_MINOR__ >= 25))))
    int result;

    while (fileBytes < maxLen) {
        size_t getBytes = maxLen - fileBytes;
        if (getBytes > GETENTROPY_MAX_BYTES) {
            getBytes = GETENTROPY_MAX_BYTES;
        }
        result = getentropy(buffer, getBytes);
        if (result == 0) { /* success */
            fileBytes += getBytes;
            buffer += getBytes;
        } else {
            break;
        }
    }
    if (fileBytes == maxLen) { /* success */
        return maxLen;
    }
    /* If we failed with an error other than ENOSYS, it means the destination
     * buffer is not writeable. We don't need to try writing to it again. */
    if (errno != ENOSYS) {
        PORT_SetError(SEC_ERROR_NEED_RANDOM);
        return 0;
    }
    /* ENOSYS means the kernel doesn't support getentropy()/getrandom().
     * Reset the number of bytes to get and fall back to /dev/urandom. */
    fileBytes = 0;
#endif
    fd = open("/dev/urandom", O_RDONLY);
    if (fd < 0) {
        PORT_SetError(SEC_ERROR_NEED_RANDOM);
        return 0;
    }
    while (fileBytes < maxLen) {
        bytes = read(fd, buffer, maxLen - fileBytes);
        if (bytes <= 0) {
            break;
        }
        fileBytes += bytes;
        buffer += bytes;
    }
    (void)close(fd);
    if (fileBytes != maxLen) {
        PORT_SetError(SEC_ERROR_NEED_RANDOM);
        return 0;
    }
    return fileBytes;
}