1// Copyright 2018 Developers of the Rand project.
2//
3// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
4// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
5// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
6// option. This file may not be copied, modified, or distributed
7// except according to those terms.
8
9//! Implementations that just need to read from a file
10use crate::{
11 util::LazyUsize,
12 util_libc::{open_readonly, sys_fill_exact},
13 Error,
14};
15use core::{
16 cell::UnsafeCell,
17 mem::MaybeUninit,
18 sync::atomic::{AtomicUsize, Ordering::Relaxed},
19};
20
21// We prefer using /dev/urandom and only use /dev/random if the OS
22// documentation indicates that /dev/urandom is insecure.
23// On Solaris/Illumos, see src/solaris_illumos.rs
24// On Dragonfly, Haiku, macOS, and QNX Neutrino the devices are identical.
25#[cfg(any(target_os = "solaris", target_os = "illumos"))]
26const FILE_PATH: &str = "/dev/random\0";
27#[cfg(any(
28 target_os = "aix",
29 target_os = "android",
30 target_os = "linux",
31 target_os = "redox",
32 target_os = "dragonfly",
33 target_os = "haiku",
34 target_os = "macos",
35 target_os = "nto",
36))]
37const FILE_PATH: &str = "/dev/urandom\0";
38
39pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
40 let fd = get_rng_fd()?;
41 sys_fill_exact(dest, |buf| unsafe {
42 libc::read(fd, buf.as_mut_ptr() as *mut libc::c_void, buf.len())
43 })
44}
45
46// Returns the file descriptor for the device file used to retrieve random
47// bytes. The file will be opened exactly once. All subsequent calls will
48// return the same file descriptor. This file descriptor is never closed.
49fn get_rng_fd() -> Result<libc::c_int, Error> {
50 static FD: AtomicUsize = AtomicUsize::new(LazyUsize::UNINIT);
51 fn get_fd() -> Option<libc::c_int> {
52 match FD.load(Relaxed) {
53 LazyUsize::UNINIT => None,
54 val => Some(val as libc::c_int),
55 }
56 }
57
58 // Use double-checked locking to avoid acquiring the lock if possible.
59 if let Some(fd) = get_fd() {
60 return Ok(fd);
61 }
62
63 // SAFETY: We use the mutex only in this method, and we always unlock it
64 // before returning, making sure we don't violate the pthread_mutex_t API.
65 static MUTEX: Mutex = Mutex::new();
66 unsafe { MUTEX.lock() };
67 let _guard = DropGuard(|| unsafe { MUTEX.unlock() });
68
69 if let Some(fd) = get_fd() {
70 return Ok(fd);
71 }
72
73 // On Linux, /dev/urandom might return insecure values.
74 #[cfg(any(target_os = "android", target_os = "linux"))]
75 wait_until_rng_ready()?;
76
77 let fd = unsafe { open_readonly(FILE_PATH)? };
78 // The fd always fits in a usize without conflicting with UNINIT.
79 debug_assert!(fd >= 0 && (fd as usize) < LazyUsize::UNINIT);
80 FD.store(fd as usize, Relaxed);
81
82 Ok(fd)
83}
84
85// Succeeds once /dev/urandom is safe to read from
86#[cfg(any(target_os = "android", target_os = "linux"))]
87fn wait_until_rng_ready() -> Result<(), Error> {
88 // Poll /dev/random to make sure it is ok to read from /dev/urandom.
89 let fd = unsafe { open_readonly("/dev/random\0")? };
90 let mut pfd = libc::pollfd {
91 fd,
92 events: libc::POLLIN,
93 revents: 0,
94 };
95 let _guard = DropGuard(|| unsafe {
96 libc::close(fd);
97 });
98
99 loop {
100 // A negative timeout means an infinite timeout.
101 let res = unsafe { libc::poll(&mut pfd, 1, -1) };
102 if res >= 0 {
103 debug_assert_eq!(res, 1); // We only used one fd, and cannot timeout.
104 return Ok(());
105 }
106 let err = crate::util_libc::last_os_error();
107 match err.raw_os_error() {
108 Some(libc::EINTR) | Some(libc::EAGAIN) => continue,
109 _ => return Err(err),
110 }
111 }
112}
113
114struct Mutex(UnsafeCell<libc::pthread_mutex_t>);
115
116impl Mutex {
117 const fn new() -> Self {
118 Self(UnsafeCell::new(libc::PTHREAD_MUTEX_INITIALIZER))
119 }
120 unsafe fn lock(&self) {
121 let r = libc::pthread_mutex_lock(self.0.get());
122 debug_assert_eq!(r, 0);
123 }
124 unsafe fn unlock(&self) {
125 let r = libc::pthread_mutex_unlock(self.0.get());
126 debug_assert_eq!(r, 0);
127 }
128}
129
130unsafe impl Sync for Mutex {}
131
132struct DropGuard<F: FnMut()>(F);
133
134impl<F: FnMut()> Drop for DropGuard<F> {
135 fn drop(&mut self) {
136 self.0()
137 }
138}
139