diff options
| author | Lennart Poettering <lennart@poettering.net> | 2018-11-07 19:31:39 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2018-11-08 09:44:27 +0100 |
| commit | 6fb6f13896b13e8a5afee30ebec110dd1c8f1b29 (patch) | |
| tree | 0147b83664179fb1a25babd6d42d2f7a5bebb703 /src/basic/random-util.c | |
| parent | 776cf7461fa54445a40df17c40cfd024b6f09578 (diff) | |
| download | systemd-6fb6f13896b13e8a5afee30ebec110dd1c8f1b29.tar.gz | |
random-util: introduce RANDOM_DONT_DRAIN
Originally, the high_quality_required boolean argument controlled two
things: whether to extend any random data we successfully read with
pseudo-random data, and whether to return -ENODATA if we couldn't read
any data at all.
The boolean got replaced by RANDOM_EXTEND_WITH_PSEUDO, but this name
doesn't really cover the second part nicely. Moreover hiding both
changes of behaviour under a single flag is confusing. Hence, let's
split this part off under a new flag, and use it from random_bytes().
Diffstat (limited to 'src/basic/random-util.c')
| -rw-r--r-- | src/basic/random-util.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/src/basic/random-util.c b/src/basic/random-util.c index 922b5a57b0..6b08f72fc2 100644 --- a/src/basic/random-util.c +++ b/src/basic/random-util.c @@ -72,9 +72,9 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { int r; /* Gathers some randomness from the kernel. This call won't block, unless the RANDOM_BLOCK flag is set. If - * RANDOM_EXTEND_WITH_PSEUDO is unset, it will always return some data from the kernel, regardless of whether - * the random pool is fully initialized or not. Otherwise, it will return success if at least some random - * bytes were successfully acquired, and an error if the kernel has no entropy whatsover for us. */ + * RANDOM_DONT_DRAIN is set, an error is returned if the random pool is not initialized. Otherwise it will + * always return some data from the kernel, regardless of whether the random pool is fully initialized or + * not. */ if (n == 0) return 0; @@ -117,16 +117,17 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { break; } else if (errno == EAGAIN) { - /* The kernel has no entropy whatsoever. Let's remember to - * use the syscall the next time again though. + /* The kernel has no entropy whatsoever. Let's remember to use the syscall the next + * time again though. * - * If high_quality_required is false, return an error so that - * random_bytes() can produce some pseudorandom - * bytes. Otherwise, fall back to /dev/urandom, which we know - * is empty, but the kernel will produce some bytes for us on - * a best-effort basis. */ + * If RANDOM_DONT_DRAIN is set, return an error so that random_bytes() can produce some + * pseudo-random bytes instead. Otherwise, fall back to /dev/urandom, which we know is empty, + * but the kernel will produce some bytes for us on a best-effort basis. */ have_syscall = true; + if (FLAGS_SET(flags, RANDOM_DONT_DRAIN)) + return -ENODATA; + if (FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { uint64_t u; size_t k; @@ -228,7 +229,7 @@ void pseudo_random_bytes(void *p, size_t n) { void random_bytes(void *p, size_t n) { - if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO) >= 0) + if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_DONT_DRAIN) >= 0) return; /* If for some reason some user made /dev/urandom unavailable to us, or the kernel has no entropy, use a PRNG instead. */ |