summaryrefslogtreecommitdiffstats
path: root/third_party/rust/getrandom/src/use_file.rs
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /third_party/rust/getrandom/src/use_file.rs
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'third_party/rust/getrandom/src/use_file.rs')
-rw-r--r--third_party/rust/getrandom/src/use_file.rs139
1 files changed, 139 insertions, 0 deletions
diff --git a/third_party/rust/getrandom/src/use_file.rs b/third_party/rust/getrandom/src/use_file.rs
new file mode 100644
index 0000000000..16c0216b67
--- /dev/null
+++ b/third_party/rust/getrandom/src/use_file.rs
@@ -0,0 +1,139 @@
+// Copyright 2018 Developers of the Rand project.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! Implementations that just need to read from a file
+use crate::{
+ util::LazyUsize,
+ util_libc::{open_readonly, sys_fill_exact},
+ Error,
+};
+use core::{
+ cell::UnsafeCell,
+ sync::atomic::{AtomicUsize, Ordering::Relaxed},
+};
+
+#[cfg(any(
+ target_os = "dragonfly",
+ target_os = "emscripten",
+ target_os = "haiku",
+ target_os = "macos",
+ target_os = "solaris",
+ target_os = "illumos"
+))]
+const FILE_PATH: &str = "/dev/random\0";
+#[cfg(any(target_os = "android", target_os = "linux", target_os = "redox"))]
+const FILE_PATH: &str = "/dev/urandom\0";
+
+pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
+ let fd = get_rng_fd()?;
+ let read = |buf: &mut [u8]| unsafe { libc::read(fd, buf.as_mut_ptr() as *mut _, buf.len()) };
+
+ if cfg!(target_os = "emscripten") {
+ // `Crypto.getRandomValues` documents `dest` should be at most 65536 bytes.
+ for chunk in dest.chunks_mut(65536) {
+ sys_fill_exact(chunk, read)?;
+ }
+ } else {
+ sys_fill_exact(dest, read)?;
+ }
+ Ok(())
+}
+
+// Returns the file descriptor for the device file used to retrieve random
+// bytes. The file will be opened exactly once. All subsequent calls will
+// return the same file descriptor. This file descriptor is never closed.
+fn get_rng_fd() -> Result<libc::c_int, Error> {
+ static FD: AtomicUsize = AtomicUsize::new(LazyUsize::UNINIT);
+ fn get_fd() -> Option<libc::c_int> {
+ match FD.load(Relaxed) {
+ LazyUsize::UNINIT => None,
+ val => Some(val as libc::c_int),
+ }
+ }
+
+ // Use double-checked locking to avoid acquiring the lock if possible.
+ if let Some(fd) = get_fd() {
+ return Ok(fd);
+ }
+
+ // SAFETY: We use the mutex only in this method, and we always unlock it
+ // before returning, making sure we don't violate the pthread_mutex_t API.
+ static MUTEX: Mutex = Mutex::new();
+ unsafe { MUTEX.lock() };
+ let _guard = DropGuard(|| unsafe { MUTEX.unlock() });
+
+ if let Some(fd) = get_fd() {
+ return Ok(fd);
+ }
+
+ // On Linux, /dev/urandom might return insecure values.
+ #[cfg(any(target_os = "android", target_os = "linux"))]
+ wait_until_rng_ready()?;
+
+ let fd = unsafe { open_readonly(FILE_PATH)? };
+ // The fd always fits in a usize without conflicting with UNINIT.
+ debug_assert!(fd >= 0 && (fd as usize) < LazyUsize::UNINIT);
+ FD.store(fd as usize, Relaxed);
+
+ Ok(fd)
+}
+
+// Succeeds once /dev/urandom is safe to read from
+#[cfg(any(target_os = "android", target_os = "linux"))]
+fn wait_until_rng_ready() -> Result<(), Error> {
+ // Poll /dev/random to make sure it is ok to read from /dev/urandom.
+ let fd = unsafe { open_readonly("/dev/random\0")? };
+ let mut pfd = libc::pollfd {
+ fd,
+ events: libc::POLLIN,
+ revents: 0,
+ };
+ let _guard = DropGuard(|| unsafe {
+ libc::close(fd);
+ });
+
+ loop {
+ // A negative timeout means an infinite timeout.
+ let res = unsafe { libc::poll(&mut pfd, 1, -1) };
+ if res >= 0 {
+ debug_assert_eq!(res, 1); // We only used one fd, and cannot timeout.
+ return Ok(());
+ }
+ let err = crate::util_libc::last_os_error();
+ match err.raw_os_error() {
+ Some(libc::EINTR) | Some(libc::EAGAIN) => continue,
+ _ => return Err(err),
+ }
+ }
+}
+
+struct Mutex(UnsafeCell<libc::pthread_mutex_t>);
+
+impl Mutex {
+ const fn new() -> Self {
+ Self(UnsafeCell::new(libc::PTHREAD_MUTEX_INITIALIZER))
+ }
+ unsafe fn lock(&self) {
+ let r = libc::pthread_mutex_lock(self.0.get());
+ debug_assert_eq!(r, 0);
+ }
+ unsafe fn unlock(&self) {
+ let r = libc::pthread_mutex_unlock(self.0.get());
+ debug_assert_eq!(r, 0);
+ }
+}
+
+unsafe impl Sync for Mutex {}
+
+struct DropGuard<F: FnMut()>(F);
+
+impl<F: FnMut()> Drop for DropGuard<F> {
+ fn drop(&mut self) {
+ self.0()
+ }
+}