The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/kern/sys_getrandom.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
    3  *
    4  * Copyright (c) 2018 Conrad Meyer <cem@FreeBSD.org>
    5  * All rights reserved.
    6  *
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 1. Redistributions of source code must retain the above copyright
   11  *    notice, this list of conditions and the following disclaimer.
   12  * 2. Redistributions in binary form must reproduce the above copyright
   13  *    notice, this list of conditions and the following disclaimer in the
   14  *    documentation and/or other materials provided with the distribution.
   15  *
   16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   17  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   18  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   20  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   24  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   25  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   26  * SUCH DAMAGE.
   27  */
   28 
   29 #include <sys/cdefs.h>
   30 __FBSDID("$FreeBSD$");
   31 
   32 #include <sys/param.h>
   33 #include <sys/errno.h>
   34 #include <sys/limits.h>
   35 #include <sys/proc.h>
   36 #include <sys/random.h>
   37 #include <sys/sysproto.h>
   38 #include <sys/systm.h>
   39 #include <sys/uio.h>
   40 
   41 #define GRND_VALIDFLAGS (GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE)
   42 
   43 /*
   44  * random_read_uio(9) returns EWOULDBLOCK if a nonblocking request would block,
   45  * but the Linux API name is EAGAIN.  On FreeBSD, they have the same numeric
   46  * value for now.
   47  */
   48 CTASSERT(EWOULDBLOCK == EAGAIN);
   49 
   50 static int
   51 kern_getrandom(struct thread *td, void *user_buf, size_t buflen,
   52     unsigned int flags)
   53 {
   54         struct uio auio;
   55         struct iovec aiov;
   56         int error;
   57 
   58         if ((flags & ~GRND_VALIDFLAGS) != 0)
   59                 return (EINVAL);
   60         if (buflen > IOSIZE_MAX)
   61                 return (EINVAL);
   62 
   63         /*
   64          * Linux compatibility: We have two choices for handling Linux's
   65          * GRND_INSECURE.
   66          *
   67          * 1. We could ignore it completely (like GRND_RANDOM).  However, this
   68          * might produce the surprising result of GRND_INSECURE requests
   69          * blocking, when the Linux API does not block.
   70          *
   71          * 2. Alternatively, we could treat GRND_INSECURE requests as requests
   72          * for GRND_NONBLOCK.  Here, the surprising result for Linux programs
   73          * is that invocations with unseeded random(4) will produce EAGAIN,
   74          * rather than garbage.
   75          *
   76          * Honoring the flag in the way Linux does seems fraught.  If we
   77          * actually use the output of a random(4) implementation prior to
   78          * seeding, we leak some entropy about the initial seed to attackers.
   79          * This seems unacceptable -- it defeats the purpose of blocking on
   80          * initial seeding.
   81          *
   82          * Secondary to that concern, before seeding we may have arbitrarily
   83          * little entropy collected; producing output from zero or a handful of
   84          * entropy bits does not seem particularly useful to userspace.
   85          *
   86          * If userspace can accept garbage, insecure non-random bytes, they can
   87          * create their own insecure garbage with srandom(time(NULL)) or
   88          * similar.  Asking the kernel to produce it from the secure
   89          * getrandom(2) API seems inane.
   90          *
   91          * We elect to emulate GRND_INSECURE as an alternative spelling of
   92          * GRND_NONBLOCK (2).
   93          */
   94         if ((flags & GRND_INSECURE) != 0)
   95                 flags |= GRND_NONBLOCK;
   96 
   97         if (buflen == 0) {
   98                 td->td_retval[0] = 0;
   99                 return (0);
  100         }
  101 
  102         aiov.iov_base = user_buf;
  103         aiov.iov_len = buflen;
  104         auio.uio_iov = &aiov;
  105         auio.uio_iovcnt = 1;
  106         auio.uio_offset = 0;
  107         auio.uio_resid = buflen;
  108         auio.uio_segflg = UIO_USERSPACE;
  109         auio.uio_rw = UIO_READ;
  110         auio.uio_td = td;
  111 
  112         error = read_random_uio(&auio, (flags & GRND_NONBLOCK) != 0);
  113         if (error == 0)
  114                 td->td_retval[0] = buflen - auio.uio_resid;
  115         return (error);
  116 }
  117 
  118 #ifndef _SYS_SYSPROTO_H_
  119 struct getrandom_args {
  120         void            *buf;
  121         size_t          buflen;
  122         unsigned int    flags;
  123 };
  124 #endif
  125 
  126 int
  127 sys_getrandom(struct thread *td, struct getrandom_args *uap)
  128 {
  129         return (kern_getrandom(td, uap->buf, uap->buflen, uap->flags));
  130 }

Cache object: ed2a6ca268109b4b9a4937cc6b295f67


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.