diff --git a/random/rand-internal.h b/random/rand-internal.h
index 2bc05f45..d99c6671 100644
--- a/random/rand-internal.h
+++ b/random/rand-internal.h
@@ -1,147 +1,148 @@
/* rand-internal.h - header to glue the random functions
* Copyright (C) 1998, 2002 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser general Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
*/
#ifndef G10_RAND_INTERNAL_H
#define G10_RAND_INTERNAL_H
#include "../src/cipher-proto.h"
/* Constants used to define the origin of random added to the pool.
The code is sensitive to the order of the values. */
enum random_origins
{
RANDOM_ORIGIN_INIT = 0, /* Used only for initialization. */
RANDOM_ORIGIN_EXTERNAL = 1, /* Added from an external source. */
RANDOM_ORIGIN_FASTPOLL = 2, /* Fast random poll function. */
RANDOM_ORIGIN_SLOWPOLL = 3, /* Slow poll function. */
RANDOM_ORIGIN_EXTRAPOLL = 4 /* Used to mark an extra pool seed
due to a GCRY_VERY_STRONG_RANDOM
random request. */
};
#define RANDOM_CONF_DISABLE_JENT 1
#define RANDOM_CONF_ONLY_URANDOM 2
/*-- random.c --*/
unsigned int _gcry_random_read_conf (void);
void _gcry_random_progress (const char *what, int printchar,
int current, int total);
/*-- random-csprng.c --*/
void _gcry_rngcsprng_initialize (int full);
void _gcry_rngcsprng_close_fds (void);
void _gcry_rngcsprng_dump_stats (void);
void _gcry_rngcsprng_secure_alloc (void);
void _gcry_rngcsprng_enable_quick_gen (void);
void _gcry_rngcsprng_set_daemon_socket (const char *socketname);
int _gcry_rngcsprng_use_daemon (int onoff);
int _gcry_rngcsprng_is_faked (void);
gcry_error_t _gcry_rngcsprng_add_bytes (const void *buf, size_t buflen,
int quality);
void *_gcry_rngcsprng_get_bytes (size_t nbytes,
enum gcry_random_level level);
void *_gcry_rngcsprng_get_bytes_secure (size_t nbytes,
enum gcry_random_level level);
void _gcry_rngcsprng_randomize (void *buffer, size_t length,
enum gcry_random_level level);
void _gcry_rngcsprng_set_seed_file (const char *name);
void _gcry_rngcsprng_update_seed_file (void);
void _gcry_rngcsprng_fast_poll (void);
/*-- random-drbg.c --*/
void _gcry_rngdrbg_inititialize (int full);
void _gcry_rngdrbg_close_fds (void);
void _gcry_rngdrbg_dump_stats (void);
int _gcry_rngdrbg_is_faked (void);
gcry_error_t _gcry_rngdrbg_add_bytes (const void *buf, size_t buflen,
int quality);
void _gcry_rngdrbg_randomize (void *buffer, size_t length,
enum gcry_random_level level);
gcry_error_t _gcry_rngdrbg_selftest (selftest_report_func_t report);
/*-- random-system.c --*/
void _gcry_rngsystem_initialize (int full);
void _gcry_rngsystem_close_fds (void);
void _gcry_rngsystem_dump_stats (void);
int _gcry_rngsystem_is_faked (void);
gcry_error_t _gcry_rngsystem_add_bytes (const void *buf, size_t buflen,
int quality);
void _gcry_rngsystem_randomize (void *buffer, size_t length,
enum gcry_random_level level);
/*-- rndlinux.c --*/
int _gcry_rndlinux_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
/*-- rndunix.c --*/
int _gcry_rndunix_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
/*-- rndegd.c --*/
int _gcry_rndegd_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
int _gcry_rndegd_connect_socket (int nofail);
/*-- rndw32.c --*/
int _gcry_rndw32_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
void _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin );
/*-- rndw32ce.c --*/
int _gcry_rndw32ce_gather_random (void (*add) (const void *, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level);
void _gcry_rndw32ce_gather_random_fast (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin );
/*-- rndjent.c --*/
size_t _gcry_rndjent_poll (void (*add)(const void*,
size_t, enum random_origins),
enum random_origins origin,
size_t length);
void _gcry_rndjent_dump_stats (void);
+void _gcry_rndjent_fini (void);
/*-- rndhw.c --*/
int _gcry_rndhw_failed_p (void);
void _gcry_rndhw_poll_fast (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin);
size_t _gcry_rndhw_poll_slow (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin);
#endif /*G10_RAND_INTERNAL_H*/
diff --git a/random/rndjent.c b/random/rndjent.c
index 3740ddd4..3d01290f 100644
--- a/random/rndjent.c
+++ b/random/rndjent.c
@@ -1,372 +1,389 @@
/* rndjent.c - Driver for the jitterentropy module.
* Copyright (C) 2017 g10 Code GmbH
* Copyright (C) 2017 Bundesamt für Sicherheit in der Informationstechnik
* Copyright (C) 2013 Stephan Mueller
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, and the entire permission notice in its entirety,
* including the disclaimer of warranties.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* ALTERNATIVELY, this product may be distributed under the terms of
* the GNU General Public License, in which case the provisions of the GPL are
* required INSTEAD OF the above restrictions. (This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD-style copyright.)
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
* WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
#include
#include
#include
#include
#ifdef HAVE_STDINT_H
# include
#endif
#include "types.h"
#include "g10lib.h"
#include "../cipher/bithelp.h"
#include "rand-internal.h"
/*
* Decide whether we can support jent at compile time.
*/
#undef USE_JENT
#define JENT_USES_RDTSC 1
#define JENT_USES_GETTIME 2
#define JENT_USES_READ_REAL_TIME 3
#ifdef ENABLE_JENT_SUPPORT
# if defined (__i386__) || defined(__x86_64__)
# define USE_JENT JENT_USES_RDTSC
# elif defined (HAVE_CLOCK_GETTIME)
# if _AIX
# define USE_JENT JENT_USES_READ_REAL_TIME
# else
# define USE_JENT JENT_USES_GETTIME
# endif
# endif
#endif /*ENABLE_JENT_SUPPORT*/
#ifdef USE_JENT
#undef CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT
/* Uncomment the next line to build with statistics. */
/* #define CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT 1 */
/* Note that we source include the actual jitter entropy code.
* Platform dependent code is indirectly included from our own
* jitterentropy-user-base.h file. */
/* Tell jitterentropy* that all functions shall be static. */
#define JENT_PRIVATE_COMPILE 1
#include "jitterentropy-base.c"
/* This is the lock we use to serialize access to this RNG. The extra
* integer variable is only used to check the locking state; that is,
* it is not meant to be thread-safe but merely as a failsafe feature
* to assert proper locking. */
GPGRT_LOCK_DEFINE (jent_rng_lock);
static int jent_rng_is_locked;
/* This flag tracks whether the RNG has been initialized - either
* with error or with success. Protected by JENT_RNG_LOCK. */
static int jent_rng_is_initialized;
/* Our collector. The RNG is in a working state if its value is not
* NULL. Protected by JENT_RNG_LOCK. */
struct rand_data *jent_rng_collector;
/* The number of times the core entropy function has been called and
* the number of random bytes retrieved. */
static unsigned long jent_rng_totalcalls;
static unsigned long jent_rng_totalbytes;
�
/* JENT statistic helper code. */
#ifdef CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT
static void
jent_init_statistic (struct rand_data *rand_data)
{
/* int i; */
/* struct entropy_stat *stat = &rand_data->entropy_stat; */
/* for (i = 0; i < 64; i++) */
/* { */
/* stat->bitslot[i] = 0; */
/* stat->bitvar[i] = 0; */
/* } */
/* jent_get_nstime (&stat->collection_begin); */
}
static void
jent_bit_count (struct rand_data *rand_data, u64 prev_data)
{
/* int i; */
/* if (!rand_data->entropy_stat.enable_bit_test) */
/* return; */
/* for (i = 0; i < 64; i++) */
/* { */
/* /\* collect the count of set bits per bit position in the */
/* * current ->data field *\/ */
/* rand_data->entropy_stat.bitslot[i] += (rand_data->data & 1<data & 1<entropy_stat.bitvar[i] += 1; */
/* } */
}
static void
jent_statistic_copy_stat (struct entropy_stat *src, struct entropy_stat *dst)
{
/* /\* not copying bitslot and bitvar as they are not needed for */
/* * statistic printout *\/ */
/* dst->collection_begin = src->collection_begin; */
/* dst->collection_end = src->collection_end; */
/* dst->old_delta = src->old_delta; */
/* dst->setbits = src->setbits; */
/* dst->varbits = src->varbits; */
/* dst->obsbits = src->obsbits; */
/* dst->collection_loop_cnt= src->collection_loop_cnt; */
}
/*
* Assessment of statistical behavior of the generated output and returning
* the information to the caller by filling the target value.
*
* Details about the bit statistics are given in chapter 4 of the doc.
* Chapter 5 documents the timer analysis and the resulting entropy.
*/
static void
jent_calc_statistic (struct rand_data *rand_data,
struct entropy_stat *target, unsigned int loop_cnt)
{
/* int i; */
/* struct entropy_stat *stat = &rand_data->entropy_stat; */
/* jent_get_nstime(&stat->collection_end); */
/* stat->collection_loop_cnt = loop_cnt; */
/* stat->setbits = 0; */
/* stat->varbits = 0; */
/* stat->obsbits = 0; */
/* for (i = 0; i < DATA_SIZE_BITS; i++) */
/* { */
/* stat->setbits += stat->bitslot[i]; */
/* stat->varbits += stat->bitvar[i]; */
/* /\* This is the sum of set bits in the current observation */
/* * of the random data. *\/ */
/* stat->obsbits += (rand_data->data & 1<old_delta = (stat->collection_end - stat->collection_begin); */
}
#endif /*CONFIG_CRYPTO_CPU_JITTERENTROPY_STAT*/
/* Acquire the jent_rng_lock. */
static void
lock_rng (void)
{
gpg_err_code_t rc;
rc = gpgrt_lock_lock (&jent_rng_lock);
if (rc)
log_fatal ("failed to acquire the Jent RNG lock: %s\n",
gpg_strerror (rc));
jent_rng_is_locked = 1;
}
/* Release the jent_rng_lock. */
static void
unlock_rng (void)
{
gpg_err_code_t rc;
jent_rng_is_locked = 0;
rc = gpgrt_lock_unlock (&jent_rng_lock);
if (rc)
log_fatal ("failed to release the Jent RNG lock: %s\n",
gpg_strerror (rc));
}
/* Return true if the JENT RNG code can be run. It may not yet been
* initialized, though. */
static int
is_rng_available (void)
{
#if USE_JENT == JENT_USES_RDTSC
return !!(_gcry_get_hw_features () & HWF_INTEL_RDTSC);
#elif USE_JENT == JENT_USES_GETTIME
return 2;
#elif USE_JENT == JENT_USES_READ_REAL_TIME
return 3;
#else /* Ooops */
return 0;
#endif
}
#endif /* USE_JENT */
�
/*
* The API used by the high level code.
*/
/* Read up to LENGTH bytes from a jitter RNG and return the number of
* bytes actually read. */
size_t
_gcry_rndjent_poll (void (*add)(const void*, size_t, enum random_origins),
enum random_origins origin, size_t length)
{
size_t nbytes = 0;
#ifdef USE_JENT
if ( is_rng_available () )
{
lock_rng ();
if (!jent_rng_is_initialized)
{
/* Auto-initialize. */
jent_rng_is_initialized = 1;
jent_entropy_collector_free (jent_rng_collector);
jent_rng_collector = NULL;
if ( !(_gcry_random_read_conf () & RANDOM_CONF_DISABLE_JENT))
{
if (!jent_entropy_init ())
jent_rng_collector = jent_entropy_collector_alloc (1, 0);
}
}
if (jent_rng_collector && add)
{
/* We have a working JENT and it has not been disabled. */
char buffer[32];
while (length)
{
int rc;
size_t n = length < sizeof(buffer)? length : sizeof (buffer);
jent_rng_totalcalls++;
rc = jent_read_entropy (jent_rng_collector, buffer, n);
if (rc < 0)
break;
/* We need to hash the output to conform to the BSI
* NTG.1 specs. */
_gcry_md_hash_buffer (GCRY_MD_SHA256, buffer, buffer, rc);
n = rc < 32? rc : 32;
(*add) (buffer, n, origin);
length -= n;
nbytes += n;
jent_rng_totalbytes += n;
}
wipememory (buffer, sizeof buffer);
}
unlock_rng ();
}
#else
(void)add;
(void)origin;
#endif
return nbytes;
}
/* Return the version number of the JENT RNG. If the RNG is not
* initialized or usable 0 is returned. If R_ACTIVE is not NULL the
* jitter RNG will be initialized and true is stored at R_ACTIVE if
* the initialization succeeded. */
unsigned int
_gcry_rndjent_get_version (int *r_active)
{
if (r_active)
*r_active = 0;
#ifdef USE_JENT
if ( is_rng_available () )
{
if (r_active)
{
/* Make sure the RNG is initialized. */
_gcry_rndjent_poll (NULL, 0, 0);
lock_rng ();
/* To ease debugging we store 2 for a clock_gettime based
* implementation and 1 for a rdtsc based code. */
*r_active = jent_rng_collector? is_rng_available () : 0;
unlock_rng ();
}
return jent_version ();
}
else
return 0;
#else
return 0;
#endif
}
/* Log statistical informantion about the use of this module. */
void
_gcry_rndjent_dump_stats (void)
{
/* In theory we would need to lock the stats here. However this
* function is usually called during cleanup and then we _might_ run
* into problems. */
#ifdef USE_JENT
if ( is_rng_available () )
{
log_info ("rndjent stat: collector=%p calls=%lu bytes=%lu\n",
jent_rng_collector, jent_rng_totalcalls, jent_rng_totalbytes);
}
#endif /*USE_JENT*/
}
+
+
+void
+_gcry_rndjent_fini (void)
+{
+#ifdef USE_JENT
+ lock_rng ();
+
+ if (jent_rng_is_initialized)
+ {
+ jent_entropy_collector_free (jent_rng_collector);
+ jent_rng_collector = NULL;
+ }
+
+ unlock_rng ();
+#endif
+}
diff --git a/random/rndlinux.c b/random/rndlinux.c
index fefc3c37..3d41cd33 100644
--- a/random/rndlinux.c
+++ b/random/rndlinux.c
@@ -1,359 +1,361 @@
/* rndlinux.c - raw random number for OSes with /dev/random
* Copyright (C) 1998, 2001, 2002, 2003, 2007,
* 2009 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
* Libgcrypt is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* Libgcrypt is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
*/
#include
#include
#include
#include
#include
#include
#include
#ifdef HAVE_GETTIMEOFDAY
# include
#endif
#include
#include
#include
#if defined(__linux__) && defined(HAVE_SYSCALL)
# include
#endif
#include "types.h"
#include "g10lib.h"
#include "rand-internal.h"
static int open_device (const char *name, int retry);
static int
set_cloexec_flag (int fd)
{
int oldflags;
oldflags= fcntl (fd, F_GETFD, 0);
if (oldflags < 0)
return oldflags;
oldflags |= FD_CLOEXEC;
return fcntl (fd, F_SETFD, oldflags);
}
/*
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it
* exists)). If RETRY is true, the function does not terminate with
* a fatal error but retries until it is able to reopen the device.
*/
static int
open_device (const char *name, int retry)
{
int fd;
if (retry)
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
again:
fd = open (name, O_RDONLY);
if (fd == -1 && retry)
{
struct timeval tv;
tv.tv_sec = 5;
tv.tv_usec = 0;
_gcry_random_progress ("wait_dev_random", 'X', 0, (int)tv.tv_sec);
select (0, NULL, NULL, NULL, &tv);
goto again;
}
if (fd == -1)
log_fatal ("can't open %s: %s\n", name, strerror(errno) );
if (set_cloexec_flag (fd))
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
fd, strerror (errno));
/* We used to do the following check, however it turned out that this
is not portable since more OSes provide a random device which is
sometimes implemented as another device type.
struct stat sb;
if( fstat( fd, &sb ) )
log_fatal("stat() off %s failed: %s\n", name, strerror(errno) );
if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) )
log_fatal("invalid random device!\n" );
*/
return fd;
}
/* Note that the caller needs to make sure that this function is only
* called by one thread at a time. The function returns 0 on success
* or true on failure (in which case the caller will signal a fatal
* error). This function should be entered only by one thread at a
* time. */
int
_gcry_rndlinux_gather_random (void (*add)(const void*, size_t,
enum random_origins),
enum random_origins origin,
size_t length, int level )
{
static int fd_urandom = -1;
static int fd_random = -1;
static int only_urandom = -1;
static unsigned char ever_opened;
static volatile pid_t my_pid; /* The volatile is there to make sure
* the compiler does not optimize the
* code away in case the getpid
* function is badly attributed. */
volatile pid_t apid;
int fd;
int n;
byte buffer[768];
size_t n_hw;
size_t want = length;
size_t last_so_far = 0;
int any_need_entropy = 0;
int delay;
/* On the first call read the conf file to check whether we want to
* use only urandom. */
if (only_urandom == -1)
{
my_pid = getpid ();
if ((_gcry_random_read_conf () & RANDOM_CONF_ONLY_URANDOM))
only_urandom = 1;
else
only_urandom = 0;
}
if (!add)
{
/* Special mode to close the descriptors. */
if (fd_random != -1)
{
close (fd_random);
fd_random = -1;
}
if (fd_urandom != -1)
{
close (fd_urandom);
fd_urandom = -1;
}
+
+ _gcry_rndjent_fini ();
return 0;
}
/* Detect a fork and close the devices so that we don't use the old
* file descriptors. Note that open_device will be called in retry
* mode if the devices was opened by the parent process. */
apid = getpid ();
if (my_pid != apid)
{
if (fd_random != -1)
{
close (fd_random);
fd_random = -1;
}
if (fd_urandom != -1)
{
close (fd_urandom);
fd_urandom = -1;
}
my_pid = apid;
}
/* First read from a hardware source. However let it account only
for up to 50% (or 25% for RDRAND) of the requested bytes. */
n_hw = _gcry_rndhw_poll_slow (add, origin);
if ((_gcry_get_hw_features () & HWF_INTEL_RDRAND))
{
if (n_hw > length/4)
n_hw = length/4;
}
else
{
if (n_hw > length/2)
n_hw = length/2;
}
if (length > 1)
length -= n_hw;
/* When using a blocking random generator try to get some entropy
* from the jitter based RNG. In this case we take up to 50% of the
* remaining requested bytes. */
if (level >= GCRY_VERY_STRONG_RANDOM)
{
n_hw = _gcry_rndjent_poll (add, origin, length/2);
if (n_hw > length/2)
n_hw = length/2;
if (length > 1)
length -= n_hw;
}
/* Open the requested device. The first time a device is to be
opened we fail with a fatal error if the device does not exists.
In case the device has ever been closed, further open requests
will however retry indefinitely. The rationale for this behaviour is
that we always require the device to be existent but want a more
graceful behaviour if the rarely needed close operation has been
used and the device needs to be re-opened later. */
if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
{
if (fd_random == -1)
{
fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
ever_opened |= 1;
}
fd = fd_random;
}
else
{
if (fd_urandom == -1)
{
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
ever_opened |= 2;
}
fd = fd_urandom;
}
/* Enter the read loop. */
delay = 0; /* Start with 0 seconds so that we do no block on the
first iteration and in turn call the progress function
before blocking. To give the OS a better chance to
return with something we will actually use 100ms. */
while (length)
{
fd_set rfds;
struct timeval tv;
int rc;
/* If we have a modern Linux kernel, we first try to use the new
* getrandom syscall. That call guarantees that the kernel's
* RNG has been properly seeded before returning any data. This
* is different from /dev/urandom which may, due to its
* non-blocking semantics, return data even if the kernel has
* not been properly seeded. And it differs from /dev/random by never
* blocking once the kernel is seeded. Unfortunately we need to use a
* syscall and not a new device and thus we are not able to use
* select(2) to have a timeout. */
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
{
long ret;
size_t nbytes;
do
{
nbytes = length < sizeof(buffer)? length : sizeof(buffer);
if (nbytes > 256)
nbytes = 256;
_gcry_pre_syscall ();
ret = syscall (__NR_getrandom,
(void*)buffer, (size_t)nbytes, (unsigned int)0);
_gcry_post_syscall ();
}
while (ret == -1 && errno == EINTR);
if (ret == -1 && errno == ENOSYS)
; /* The syscall is not supported - fallback to pulling from fd. */
else
{ /* The syscall is supported. Some sanity checks. */
if (ret == -1)
log_fatal ("unexpected error from getrandom: %s\n",
strerror (errno));
else if (ret != nbytes)
log_fatal ("getrandom returned only"
" %ld of %zu requested bytes\n", ret, nbytes);
(*add)(buffer, nbytes, origin);
length -= nbytes;
continue; /* until LENGTH is zero. */
}
}
#endif
/* If we collected some bytes update the progress indicator. We
do this always and not just if the select timed out because
often just a few bytes are gathered within the timeout
period. */
if (any_need_entropy || last_so_far != (want - length) )
{
last_so_far = want - length;
_gcry_random_progress ("need_entropy", 'X',
(int)last_so_far, (int)want);
any_need_entropy = 1;
}
/* If the system has no limit on the number of file descriptors
and we encounter an fd which is larger than the fd_set size,
we don't use the select at all. The select code is only used
to emit progress messages. A better solution would be to
fall back to poll() if available. */
#ifdef FD_SETSIZE
if (fd < FD_SETSIZE)
#endif
{
FD_ZERO(&rfds);
FD_SET(fd, &rfds);
tv.tv_sec = delay;
tv.tv_usec = delay? 0 : 100000;
_gcry_pre_syscall ();
rc = select (fd+1, &rfds, NULL, NULL, &tv);
_gcry_post_syscall ();
if (!rc)
{
any_need_entropy = 1;
delay = 3; /* Use 3 seconds henceforth. */
continue;
}
else if( rc == -1 )
{
log_error ("select() error: %s\n", strerror(errno));
if (!delay)
delay = 1; /* Use 1 second if we encounter an error before
we have ever blocked. */
continue;
}
}
do
{
size_t nbytes;
nbytes = length < sizeof(buffer)? length : sizeof(buffer);
n = read (fd, buffer, nbytes);
if (n >= 0 && n > nbytes)
{
log_error("bogus read from random device (n=%d)\n", n );
n = nbytes;
}
}
while (n == -1 && errno == EINTR);
if (n == -1)
log_fatal("read error on random device: %s\n", strerror(errno));
(*add)(buffer, n, origin);
length -= n;
}
wipememory (buffer, sizeof buffer);
if (any_need_entropy)
_gcry_random_progress ("need_entropy", 'X', (int)want, (int)want);
return 0; /* success */
}