crypto/rand/urandom.c - boringssl - Git at Google

 /* Copyright (c) 2014, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 #include <openssl/rand.h>

 #if !defined(OPENSSL_WINDOWS)

 #include <assert.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <string.h>
 #include <unistd.h>

 #include <openssl/thread.h>
 #include <openssl/mem.h>

 #include "internal.h"
 #include "../internal.h"


 /* This file implements a PRNG by reading from /dev/urandom, optionally with a
  * buffer, which is unsafe across |fork|. */

 #define BUF_SIZE 4096

 /* rand_buffer contains unused, random bytes, some of which may have been
  * consumed already. */
 struct rand_buffer {
   size_t used;
   uint8_t rand[BUF_SIZE];
 };

 /* requested_lock is used to protect the |*_requested| variables. */
 static struct CRYPTO_STATIC_MUTEX requested_lock = CRYPTO_STATIC_MUTEX_INIT;

 /* urandom_fd_requested is set by |RAND_set_urandom_fd|.  It's protected by
  * |requested_lock|. */
 static int urandom_fd_requested = -2;

 /* urandom_fd is a file descriptor to /dev/urandom. It's protected by |once|. */
 static int urandom_fd = -2;

 /* urandom_buffering_requested is set by |RAND_enable_fork_unsafe_buffering|.
  * It's protected by |requested_lock|. */
 static int urandom_buffering_requested = 0;

 /* urandom_buffering controls whether buffering is enabled (1) or not (0). This
  * is protected by |once|. */
 static int urandom_buffering = 0;

 static CRYPTO_once_t once = CRYPTO_ONCE_INIT;

 /* init_once initializes the state of this module to values previously
  * requested. This is the only function that modifies |urandom_fd| and
  * |urandom_buffering|, whose values may be read safely after calling the
  * once. */
 static void init_once(void) {
   CRYPTO_STATIC_MUTEX_lock_read(&requested_lock);
   urandom_buffering = urandom_buffering_requested;
   int fd = urandom_fd_requested;
   CRYPTO_STATIC_MUTEX_unlock(&requested_lock);

   if (fd == -2) {
     do {
       fd = open("/dev/urandom", O_RDONLY);
     } while (fd == -1 && errno == EINTR);
   }

   if (fd < 0) {
     abort();
   }

   int flags = fcntl(fd, F_GETFD);
   if (flags == -1) {
     /* Native Client doesn't implement |fcntl|. */
     if (errno != ENOSYS) {
       abort();
     }
   } else {
     flags |= FD_CLOEXEC;
     if (fcntl(fd, F_SETFD, flags) == -1) {
       abort();
     }
   }
   urandom_fd = fd;
 }

 void RAND_cleanup(void) {}

 void RAND_set_urandom_fd(int fd) {
   fd = dup(fd);
   if (fd < 0) {
     abort();
   }

   CRYPTO_STATIC_MUTEX_lock_write(&requested_lock);
   urandom_fd_requested = fd;
   CRYPTO_STATIC_MUTEX_unlock(&requested_lock);

   CRYPTO_once(&once, init_once);
   if (urandom_fd != fd) {
     abort();  // Already initialized.
   }
 }

 void RAND_enable_fork_unsafe_buffering(int fd) {
   if (fd >= 0) {
     fd = dup(fd);
     if (fd < 0) {
       abort();
     }
   } else {
     fd = -2;
   }

   CRYPTO_STATIC_MUTEX_lock_write(&requested_lock);
   urandom_buffering_requested = 1;
   urandom_fd_requested = fd;
   CRYPTO_STATIC_MUTEX_unlock(&requested_lock);

   CRYPTO_once(&once, init_once);
   if (urandom_buffering != 1 || (fd >= 0 && urandom_fd != fd)) {
     abort();  // Already initialized.
   }
 }

 static struct rand_buffer *get_thread_local_buffer(void) {
   struct rand_buffer *buf =
       CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF);
   if (buf != NULL) {
     return buf;
   }

   buf = OPENSSL_malloc(sizeof(struct rand_buffer));
   if (buf == NULL) {
     return NULL;
   }
   buf->used = BUF_SIZE;  /* To trigger a |read_full| on first use. */
   if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF, buf,
                                OPENSSL_free)) {
     OPENSSL_free(buf);
     return NULL;
   }

   return buf;
 }

 /* read_full reads exactly |len| bytes from |fd| into |out| and returns 1. In
  * the case of an error it returns 0. */
 static char read_full(int fd, uint8_t *out, size_t len) {
   ssize_t r;

   while (len > 0) {
     do {
       r = read(fd, out, len);
     } while (r == -1 && errno == EINTR);

     if (r <= 0) {
       return 0;
     }
     out += r;
     len -= r;
   }

   return 1;
 }

 /* read_from_buffer reads |requested| random bytes from the buffer into |out|,
  * refilling it if necessary to satisfy the request. */
 static void read_from_buffer(struct rand_buffer *buf,
                              uint8_t *out, size_t requested) {
   size_t remaining = BUF_SIZE - buf->used;

   while (requested > remaining) {
     memcpy(out, &buf->rand[buf->used], remaining);
     buf->used += remaining;
     out += remaining;
     requested -= remaining;

     if (!read_full(urandom_fd, buf->rand, BUF_SIZE)) {
       abort();
       return;
     }
     buf->used = 0;
     remaining = BUF_SIZE;
   }

   memcpy(out, &buf->rand[buf->used], requested);
   buf->used += requested;
 }

 /* CRYPTO_sysrand puts |requested| random bytes into |out|. */
 void CRYPTO_sysrand(uint8_t *out, size_t requested) {
   if (requested == 0) {
     return;
   }

   CRYPTO_once(&once, init_once);
   if (urandom_buffering && requested < BUF_SIZE) {
     struct rand_buffer *buf = get_thread_local_buffer();
     if (buf != NULL) {
       read_from_buffer(buf, out, requested);
       return;
     }
   }

   if (!read_full(urandom_fd, out, requested)) {
     abort();
   }
 }

 #endif  /* !OPENSSL_WINDOWS */
	/* Copyright (c) 2014, Google Inc.
	*
	* Permission to use, copy, modify, and/or distribute this software for any
	* purpose with or without fee is hereby granted, provided that the above
	* copyright notice and this permission notice appear in all copies.
	*
	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

	#include <openssl/rand.h>

	#if !defined(OPENSSL_WINDOWS)

	#include <assert.h>
	#include <errno.h>
	#include <fcntl.h>
	#include <string.h>
	#include <unistd.h>

	#include <openssl/thread.h>
	#include <openssl/mem.h>

	#include "internal.h"
	#include "../internal.h"


	/* This file implements a PRNG by reading from /dev/urandom, optionally with a
	* buffer, which is unsafe across \|fork\|. */

	#define BUF_SIZE 4096

	/* rand_buffer contains unused, random bytes, some of which may have been
	* consumed already. */
	struct rand_buffer {
	size_t used;
	uint8_t rand[BUF_SIZE];
	};

	/* requested_lock is used to protect the \|_requested\| variables. /
	static struct CRYPTO_STATIC_MUTEX requested_lock = CRYPTO_STATIC_MUTEX_INIT;

	/* urandom_fd_requested is set by \|RAND_set_urandom_fd\|. It's protected by
	* \|requested_lock\|. */
	static int urandom_fd_requested = -2;

	/* urandom_fd is a file descriptor to /dev/urandom. It's protected by \|once\|. */
	static int urandom_fd = -2;

	/* urandom_buffering_requested is set by \|RAND_enable_fork_unsafe_buffering\|.
	* It's protected by \|requested_lock\|. */
	static int urandom_buffering_requested = 0;

	/* urandom_buffering controls whether buffering is enabled (1) or not (0). This
	* is protected by \|once\|. */
	static int urandom_buffering = 0;

	static CRYPTO_once_t once = CRYPTO_ONCE_INIT;

	/* init_once initializes the state of this module to values previously
	* requested. This is the only function that modifies \|urandom_fd\| and
	* \|urandom_buffering\|, whose values may be read safely after calling the
	* once. */
	static void init_once(void) {
	CRYPTO_STATIC_MUTEX_lock_read(&requested_lock);
	urandom_buffering = urandom_buffering_requested;
	int fd = urandom_fd_requested;
	CRYPTO_STATIC_MUTEX_unlock(&requested_lock);

	if (fd == -2) {
	do {
	fd = open("/dev/urandom", O_RDONLY);
	} while (fd == -1 && errno == EINTR);
	}

	if (fd < 0) {
	abort();
	}

	int flags = fcntl(fd, F_GETFD);
	if (flags == -1) {
	/* Native Client doesn't implement \|fcntl\|. */
	if (errno != ENOSYS) {
	abort();
	}
	} else {
	flags \|= FD_CLOEXEC;
	if (fcntl(fd, F_SETFD, flags) == -1) {
	abort();
	}
	}
	urandom_fd = fd;
	}

	void RAND_cleanup(void) {}

	void RAND_set_urandom_fd(int fd) {
	fd = dup(fd);
	if (fd < 0) {
	abort();
	}

	CRYPTO_STATIC_MUTEX_lock_write(&requested_lock);
	urandom_fd_requested = fd;
	CRYPTO_STATIC_MUTEX_unlock(&requested_lock);

	CRYPTO_once(&once, init_once);
	if (urandom_fd != fd) {
	abort(); // Already initialized.
	}
	}

	void RAND_enable_fork_unsafe_buffering(int fd) {
	if (fd >= 0) {
	fd = dup(fd);
	if (fd < 0) {
	abort();
	}
	} else {
	fd = -2;
	}

	CRYPTO_STATIC_MUTEX_lock_write(&requested_lock);
	urandom_buffering_requested = 1;
	urandom_fd_requested = fd;
	CRYPTO_STATIC_MUTEX_unlock(&requested_lock);

	CRYPTO_once(&once, init_once);
	if (urandom_buffering != 1 \|\| (fd >= 0 && urandom_fd != fd)) {
	abort(); // Already initialized.
	}
	}

	static struct rand_buffer *get_thread_local_buffer(void) {
	struct rand_buffer *buf =
	CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF);
	if (buf != NULL) {
	return buf;
	}

	buf = OPENSSL_malloc(sizeof(struct rand_buffer));
	if (buf == NULL) {
	return NULL;
	}
	buf->used = BUF_SIZE; /* To trigger a \|read_full\| on first use. */
	if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_URANDOM_BUF, buf,
	OPENSSL_free)) {
	OPENSSL_free(buf);
	return NULL;
	}

	return buf;
	}

	/* read_full reads exactly \|len\| bytes from \|fd\| into \|out\| and returns 1. In
	* the case of an error it returns 0. */
	static char read_full(int fd, uint8_t *out, size_t len) {
	ssize_t r;

	while (len > 0) {
	do {
	r = read(fd, out, len);
	} while (r == -1 && errno == EINTR);

	if (r <= 0) {
	return 0;
	}
	out += r;
	len -= r;
	}

	return 1;
	}

	/* read_from_buffer reads \|requested\| random bytes from the buffer into \|out\|,
	* refilling it if necessary to satisfy the request. */
	static void read_from_buffer(struct rand_buffer *buf,
	uint8_t *out, size_t requested) {
	size_t remaining = BUF_SIZE - buf->used;

	while (requested > remaining) {
	memcpy(out, &buf->rand[buf->used], remaining);
	buf->used += remaining;
	out += remaining;
	requested -= remaining;

	if (!read_full(urandom_fd, buf->rand, BUF_SIZE)) {
	abort();
	return;
	}
	buf->used = 0;
	remaining = BUF_SIZE;
	}

	memcpy(out, &buf->rand[buf->used], requested);
	buf->used += requested;
	}

	/* CRYPTO_sysrand puts \|requested\| random bytes into \|out\|. */
	void CRYPTO_sysrand(uint8_t *out, size_t requested) {
	if (requested == 0) {
	return;
	}

	CRYPTO_once(&once, init_once);
	if (urandom_buffering && requested < BUF_SIZE) {
	struct rand_buffer *buf = get_thread_local_buffer();
	if (buf != NULL) {
	read_from_buffer(buf, out, requested);
	return;
	}
	}

	if (!read_full(urandom_fd, out, requested)) {
	abort();
	}
	}

	#endif /* !OPENSSL_WINDOWS */