Skip to content

Commit 6fb6f13

Browse files
poetteringpoettering
committed
random-util: introduce RANDOM_DONT_DRAIN
Originally, the high_quality_required boolean argument controlled two things: whether to extend any random data we successfully read with pseudo-random data, and whether to return -ENODATA if we couldn't read any data at all. The boolean got replaced by RANDOM_EXTEND_WITH_PSEUDO, but this name doesn't really cover the second part nicely. Moreover hiding both changes of behaviour under a single flag is confusing. Hence, let's split this part off under a new flag, and use it from random_bytes().
1 parent 776cf74 commit 6fb6f13

File tree

2 files changed

+13
-11
lines changed

2 files changed

+13
-11
lines changed

src/basic/random-util.c

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -72,9 +72,9 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
7272
int r;
7373

7474
/* Gathers some randomness from the kernel. This call won't block, unless the RANDOM_BLOCK flag is set. If
75-
* RANDOM_EXTEND_WITH_PSEUDO is unset, it will always return some data from the kernel, regardless of whether
76-
* the random pool is fully initialized or not. Otherwise, it will return success if at least some random
77-
* bytes were successfully acquired, and an error if the kernel has no entropy whatsover for us. */
75+
* RANDOM_DONT_DRAIN is set, an error is returned if the random pool is not initialized. Otherwise it will
76+
* always return some data from the kernel, regardless of whether the random pool is fully initialized or
77+
* not. */
7878

7979
if (n == 0)
8080
return 0;
@@ -117,16 +117,17 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
117117
break;
118118

119119
} else if (errno == EAGAIN) {
120-
/* The kernel has no entropy whatsoever. Let's remember to
121-
* use the syscall the next time again though.
120+
/* The kernel has no entropy whatsoever. Let's remember to use the syscall the next
121+
* time again though.
122122
*
123-
* If high_quality_required is false, return an error so that
124-
* random_bytes() can produce some pseudorandom
125-
* bytes. Otherwise, fall back to /dev/urandom, which we know
126-
* is empty, but the kernel will produce some bytes for us on
127-
* a best-effort basis. */
123+
* If RANDOM_DONT_DRAIN is set, return an error so that random_bytes() can produce some
124+
* pseudo-random bytes instead. Otherwise, fall back to /dev/urandom, which we know is empty,
125+
* but the kernel will produce some bytes for us on a best-effort basis. */
128126
have_syscall = true;
129127

128+
if (FLAGS_SET(flags, RANDOM_DONT_DRAIN))
129+
return -ENODATA;
130+
130131
if (FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) {
131132
uint64_t u;
132133
size_t k;
@@ -228,7 +229,7 @@ void pseudo_random_bytes(void *p, size_t n) {
228229

229230
void random_bytes(void *p, size_t n) {
230231

231-
if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO) >= 0)
232+
if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_DONT_DRAIN) >= 0)
232233
return;
233234

234235
/* If for some reason some user made /dev/urandom unavailable to us, or the kernel has no entropy, use a PRNG instead. */

src/basic/random-util.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
typedef enum RandomFlags {
99
RANDOM_EXTEND_WITH_PSEUDO = 1 << 0, /* If we can't get enough genuine randomness, but some, fill up the rest with pseudo-randomness */
1010
RANDOM_BLOCK = 1 << 1, /* Rather block than return crap randomness (only if the kernel supports that) */
11+
RANDOM_DONT_DRAIN = 1 << 2, /* If we can't get any randomness at all, return early with -EAGAIN */
1112
} RandomFlags;
1213

1314
int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled upwith pseudo random, if not enough is available */

0 commit comments

Comments
 (0)