Joel Galenson | 4be0c6d | 2020-07-07 13:20:14 -0700 | [diff] [blame] | 1 | // Copyright 2018 Developers of the Rand project. |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or |
| 4 | // https://www.apache.org/licenses/LICENSE-2.0> or the MIT license |
| 5 | // <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your |
| 6 | // option. This file may not be copied, modified, or distributed |
| 7 | // except according to those terms. |
| 8 | |
| 9 | //! Implementations that just need to read from a file |
ThiƩbaud Weksteen | 9791b30 | 2021-03-03 16:30:20 +0100 | [diff] [blame] | 10 | use crate::{ |
| 11 | util::LazyUsize, |
| 12 | util_libc::{open_readonly, sys_fill_exact}, |
| 13 | Error, |
| 14 | }; |
| 15 | use core::{ |
| 16 | cell::UnsafeCell, |
| 17 | sync::atomic::{AtomicUsize, Ordering::Relaxed}, |
| 18 | }; |
Joel Galenson | 4be0c6d | 2020-07-07 13:20:14 -0700 | [diff] [blame] | 19 | |
Joel Galenson | 4be0c6d | 2020-07-07 13:20:14 -0700 | [diff] [blame] | 20 | #[cfg(any( |
| 21 | target_os = "dragonfly", |
| 22 | target_os = "emscripten", |
| 23 | target_os = "haiku", |
| 24 | target_os = "macos", |
| 25 | target_os = "solaris", |
| 26 | target_os = "illumos" |
| 27 | ))] |
| 28 | const FILE_PATH: &str = "/dev/random\0"; |
David LeGare | 010ab1d | 2022-03-02 16:21:18 +0000 | [diff] [blame] | 29 | #[cfg(any(target_os = "android", target_os = "linux", target_os = "redox"))] |
Joel Galenson | 4be0c6d | 2020-07-07 13:20:14 -0700 | [diff] [blame] | 30 | const FILE_PATH: &str = "/dev/urandom\0"; |
| 31 | |
| 32 | pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> { |
| 33 | let fd = get_rng_fd()?; |
| 34 | let read = |buf: &mut [u8]| unsafe { libc::read(fd, buf.as_mut_ptr() as *mut _, buf.len()) }; |
| 35 | |
| 36 | if cfg!(target_os = "emscripten") { |
| 37 | // `Crypto.getRandomValues` documents `dest` should be at most 65536 bytes. |
| 38 | for chunk in dest.chunks_mut(65536) { |
| 39 | sys_fill_exact(chunk, read)?; |
| 40 | } |
| 41 | } else { |
| 42 | sys_fill_exact(dest, read)?; |
| 43 | } |
| 44 | Ok(()) |
| 45 | } |
| 46 | |
| 47 | // Returns the file descriptor for the device file used to retrieve random |
David LeGare | 010ab1d | 2022-03-02 16:21:18 +0000 | [diff] [blame] | 48 | // bytes. The file will be opened exactly once. All subsequent calls will |
Joel Galenson | 4be0c6d | 2020-07-07 13:20:14 -0700 | [diff] [blame] | 49 | // return the same file descriptor. This file descriptor is never closed. |
| 50 | fn get_rng_fd() -> Result<libc::c_int, Error> { |
| 51 | static FD: AtomicUsize = AtomicUsize::new(LazyUsize::UNINIT); |
| 52 | fn get_fd() -> Option<libc::c_int> { |
| 53 | match FD.load(Relaxed) { |
| 54 | LazyUsize::UNINIT => None, |
| 55 | val => Some(val as libc::c_int), |
| 56 | } |
| 57 | } |
| 58 | |
| 59 | // Use double-checked locking to avoid acquiring the lock if possible. |
| 60 | if let Some(fd) = get_fd() { |
| 61 | return Ok(fd); |
| 62 | } |
| 63 | |
| 64 | // SAFETY: We use the mutex only in this method, and we always unlock it |
| 65 | // before returning, making sure we don't violate the pthread_mutex_t API. |
| 66 | static MUTEX: Mutex = Mutex::new(); |
| 67 | unsafe { MUTEX.lock() }; |
| 68 | let _guard = DropGuard(|| unsafe { MUTEX.unlock() }); |
| 69 | |
| 70 | if let Some(fd) = get_fd() { |
| 71 | return Ok(fd); |
| 72 | } |
| 73 | |
| 74 | // On Linux, /dev/urandom might return insecure values. |
| 75 | #[cfg(any(target_os = "android", target_os = "linux"))] |
| 76 | wait_until_rng_ready()?; |
| 77 | |
| 78 | let fd = unsafe { open_readonly(FILE_PATH)? }; |
| 79 | // The fd always fits in a usize without conflicting with UNINIT. |
| 80 | debug_assert!(fd >= 0 && (fd as usize) < LazyUsize::UNINIT); |
| 81 | FD.store(fd as usize, Relaxed); |
| 82 | |
| 83 | Ok(fd) |
| 84 | } |
| 85 | |
| 86 | // Succeeds once /dev/urandom is safe to read from |
| 87 | #[cfg(any(target_os = "android", target_os = "linux"))] |
| 88 | fn wait_until_rng_ready() -> Result<(), Error> { |
| 89 | // Poll /dev/random to make sure it is ok to read from /dev/urandom. |
| 90 | let fd = unsafe { open_readonly("/dev/random\0")? }; |
| 91 | let mut pfd = libc::pollfd { |
| 92 | fd, |
| 93 | events: libc::POLLIN, |
| 94 | revents: 0, |
| 95 | }; |
| 96 | let _guard = DropGuard(|| unsafe { |
| 97 | libc::close(fd); |
| 98 | }); |
| 99 | |
| 100 | loop { |
| 101 | // A negative timeout means an infinite timeout. |
| 102 | let res = unsafe { libc::poll(&mut pfd, 1, -1) }; |
| 103 | if res >= 0 { |
ThiƩbaud Weksteen | 9791b30 | 2021-03-03 16:30:20 +0100 | [diff] [blame] | 104 | debug_assert_eq!(res, 1); // We only used one fd, and cannot timeout. |
Joel Galenson | 4be0c6d | 2020-07-07 13:20:14 -0700 | [diff] [blame] | 105 | return Ok(()); |
| 106 | } |
| 107 | let err = crate::util_libc::last_os_error(); |
| 108 | match err.raw_os_error() { |
| 109 | Some(libc::EINTR) | Some(libc::EAGAIN) => continue, |
| 110 | _ => return Err(err), |
| 111 | } |
| 112 | } |
| 113 | } |
| 114 | |
| 115 | struct Mutex(UnsafeCell<libc::pthread_mutex_t>); |
| 116 | |
| 117 | impl Mutex { |
| 118 | const fn new() -> Self { |
| 119 | Self(UnsafeCell::new(libc::PTHREAD_MUTEX_INITIALIZER)) |
| 120 | } |
| 121 | unsafe fn lock(&self) { |
| 122 | let r = libc::pthread_mutex_lock(self.0.get()); |
| 123 | debug_assert_eq!(r, 0); |
| 124 | } |
| 125 | unsafe fn unlock(&self) { |
| 126 | let r = libc::pthread_mutex_unlock(self.0.get()); |
| 127 | debug_assert_eq!(r, 0); |
| 128 | } |
| 129 | } |
| 130 | |
| 131 | unsafe impl Sync for Mutex {} |
| 132 | |
| 133 | struct DropGuard<F: FnMut()>(F); |
| 134 | |
| 135 | impl<F: FnMut()> Drop for DropGuard<F> { |
| 136 | fn drop(&mut self) { |
| 137 | self.0() |
| 138 | } |
| 139 | } |