random-util: introduce RANDOM_DONT_DRAIN

Originally, the high_quality_required boolean argument controlled two things: whether to extend any random data we successfully read with pseudo-random data, and whether to return -ENODATA if we couldn't read any data at all. The boolean got replaced by RANDOM_EXTEND_WITH_PSEUDO, but this name doesn't really cover the second part nicely. Moreover hiding both changes of behaviour under a single flag is confusing. Hence, let's split this part off under a new flag, and use it from random_bytes().
author: Lennart Poettering <lennart@poettering.net> 2018-11-07 19:31:39 +0100
committer: Lennart Poettering <lennart@poettering.net> 2018-11-08 09:44:27 +0100
commit: 6fb6f13896b13e8a5afee30ebec110dd1c8f1b29 (patch)
tree: 0147b83664179fb1a25babd6d42d2f7a5bebb703 /src
parent: 776cf7461fa54445a40df17c40cfd024b6f09578 (diff)
download: systemd-6fb6f13896b13e8a5afee30ebec110dd1c8f1b29.tar.gz
systemd-6fb6f13896b13e8a5afee30ebec110dd1c8f1b29.tar.bz2
systemd-6fb6f13896b13e8a5afee30ebec110dd1c8f1b29.zip
2 files changed, 13 insertions, 11 deletions
diff --git a/src/basic/random-util.c b/src/basic/random-util.c
index 922b5a57b0..6b08f72fc2 100644
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@@ -72,9 +72,9 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
         int r;
 
         /* Gathers some randomness from the kernel. This call won't block, unless the RANDOM_BLOCK flag is set. If
-         * RANDOM_EXTEND_WITH_PSEUDO is unset, it will always return some data from the kernel, regardless of whether
-         * the random pool is fully initialized or not.  Otherwise, it will return success if at least some random
-         * bytes were successfully acquired, and an error if the kernel has no entropy whatsover for us. */
+         * RANDOM_DONT_DRAIN is set, an error is returned if the random pool is not initialized. Otherwise it will
+         * always return some data from the kernel, regardless of whether the random pool is fully initialized or
+         * not. */
 
         if (n == 0)
                 return 0;
@@ -117,16 +117,17 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) {
                                 break;
 
                         } else if (errno == EAGAIN) {
-                                /* The kernel has no entropy whatsoever. Let's remember to
-                                 * use the syscall the next time again though.
+                                /* The kernel has no entropy whatsoever. Let's remember to use the syscall the next
+                                 * time again though.
                                  *
-                                 * If high_quality_required is false, return an error so that
-                                 * random_bytes() can produce some pseudorandom
-                                 * bytes. Otherwise, fall back to /dev/urandom, which we know
-                                 * is empty, but the kernel will produce some bytes for us on
-                                 * a best-effort basis. */
+                                 * If RANDOM_DONT_DRAIN is set, return an error so that random_bytes() can produce some
+                                 * pseudo-random bytes instead. Otherwise, fall back to /dev/urandom, which we know is empty,
+                                 * but the kernel will produce some bytes for us on a best-effort basis. */
                                 have_syscall = true;
 
+                                if (FLAGS_SET(flags, RANDOM_DONT_DRAIN))
+                                        return -ENODATA;
+
                                 if (FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) {
                                         uint64_t u;
                                         size_t k;
@@ -228,7 +229,7 @@ void pseudo_random_bytes(void *p, size_t n) {
 
 void random_bytes(void *p, size_t n) {
 
-        if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO) >= 0)
+        if (genuine_random_bytes(p, n, RANDOM_EXTEND_WITH_PSEUDO|RANDOM_DONT_DRAIN) >= 0)
                 return;
 
         /* If for some reason some user made /dev/urandom unavailable to us, or the kernel has no entropy, use a PRNG instead. */
diff --git a/src/basic/random-util.h b/src/basic/random-util.h
index 0813314a05..487f20e0ab 100644
--- a/src/basic/random-util.h
+++ b/src/basic/random-util.h
@@ -8,6 +8,7 @@
 typedef enum RandomFlags {
         RANDOM_EXTEND_WITH_PSEUDO = 1 << 0, /* If we can't get enough genuine randomness, but some, fill up the rest with pseudo-randomness */
         RANDOM_BLOCK              = 1 << 1, /* Rather block than return crap randomness (only if the kernel supports that) */
+        RANDOM_DONT_DRAIN         = 1 << 2, /* If we can't get any randomness at all, return early with -EAGAIN */
 } RandomFlags;
 
 int genuine_random_bytes(void *p, size_t n, RandomFlags flags); /* returns "genuine" randomness, optionally filled upwith pseudo random, if not enough is available */
author	Lennart Poettering <lennart@poettering.net>	2018-11-07 19:31:39 +0100
committer	Lennart Poettering <lennart@poettering.net>	2018-11-08 09:44:27 +0100
commit	6fb6f13896b13e8a5afee30ebec110dd1c8f1b29 (patch)
tree	0147b83664179fb1a25babd6d42d2f7a5bebb703 /src
parent	776cf7461fa54445a40df17c40cfd024b6f09578 (diff)
download	systemd-6fb6f13896b13e8a5afee30ebec110dd1c8f1b29.tar.gz systemd-6fb6f13896b13e8a5afee30ebec110dd1c8f1b29.tar.bz2 systemd-6fb6f13896b13e8a5afee30ebec110dd1c8f1b29.zip