2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2018 Conrad Meyer <cem@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 #include <sys/param.h>
31 #include <sys/errno.h>
32 #include <sys/limits.h>
34 #include <sys/random.h>
35 #include <sys/sysproto.h>
36 #include <sys/systm.h>
39 #define GRND_VALIDFLAGS (GRND_NONBLOCK | GRND_RANDOM | GRND_INSECURE)
42 * read_random_uio(9) returns EWOULDBLOCK if a nonblocking request would block,
43 * but the Linux API name is EAGAIN. On FreeBSD, they have the same numeric
46 CTASSERT(EWOULDBLOCK == EAGAIN);
49 kern_getrandom(struct thread *td, void *user_buf, size_t buflen,
56 if ((flags & ~GRND_VALIDFLAGS) != 0)
58 if (buflen > IOSIZE_MAX)
62 * Linux compatibility: We have two choices for handling Linux's
65 * 1. We could ignore it completely (like GRND_RANDOM). However, this
66 * might produce the surprising result of GRND_INSECURE requests
67 * blocking, when the Linux API does not block.
69 * 2. Alternatively, we could treat GRND_INSECURE requests as requests
70 * for GRND_NONBLOCK. Here, the surprising result for Linux programs
71 * is that invocations with unseeded random(4) will produce EAGAIN,
72 * rather than garbage.
74 * Honoring the flag in the way Linux does seems fraught. If we
75 * actually use the output of a random(4) implementation prior to
76 * seeding, we leak some entropy about the initial seed to attackers.
77 * This seems unacceptable -- it defeats the purpose of blocking on
80 * Secondary to that concern, before seeding we may have arbitrarily
81 * little entropy collected; producing output from zero or a handful of
82 * entropy bits does not seem particularly useful to userspace.
84 * If userspace can accept garbage, insecure non-random bytes, they can
85 * create their own insecure garbage with srandom(time(NULL)) or
86 * similar. Asking the kernel to produce it from the secure
87 * getrandom(2) API seems inane.
89 * We elect to emulate GRND_INSECURE as an alternative spelling of
92 if ((flags & GRND_INSECURE) != 0)
93 flags |= GRND_NONBLOCK;
100 aiov.iov_base = user_buf;
101 aiov.iov_len = buflen;
102 auio.uio_iov = &aiov;
105 auio.uio_resid = buflen;
106 auio.uio_segflg = UIO_USERSPACE;
107 auio.uio_rw = UIO_READ;
110 error = read_random_uio(&auio, (flags & GRND_NONBLOCK) != 0);
112 td->td_retval[0] = buflen - auio.uio_resid;
116 #ifndef _SYS_SYSPROTO_H_
117 struct getrandom_args {
125 sys_getrandom(struct thread *td, struct getrandom_args *uap)
127 return (kern_getrandom(td, uap->buf, uap->buflen, uap->flags));