lib/randread.c

   1 /* Generate buffers of random data.
   2
   3    Copyright (C) 2006 Free Software Foundation, Inc.
   4
   5    This program is free software; you can redistribute it and/or modify
   6    it under the terms of the GNU General Public License as published by
   7    the Free Software Foundation; either version 2, or (at your option)
   8    any later version.
   9
  10    This program is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  13    GNU General Public License for more details.
  14
  15    You should have received a copy of the GNU General Public License
  16    along with this program; if not, write to the Free Software Foundation,
  17    Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
  18
  19 /* Written by Paul Eggert.  */
  20
  21 #include <config.h>
  22
  23 #include "randread.h"
  24
  25 #include <errno.h>
  26 #include <error.h>
  27 #include <exitfail.h>
  28 #include <quotearg.h>
  29 #include <stdbool.h>
  30 #include <stdint.h>
  31 #include <stdio.h>
  32 #include <stdlib.h>
  33 #include <string.h>
  34
  35 #include "gettext.h"
  36 #define _(msgid) gettext (msgid)
  37
  38 #include "rand-isaac.h"
  39 #include "stdio-safer.h"
  40 #include "unlocked-io.h"
  41 #include "xalloc.h"
  42
  43 #ifndef MIN
  44 # define MIN(a, b) ((a) < (b) ? (a) : (b))
  45 #endif
  46
  47 #if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 8) || __STRICT_ANSI__
  48 # define __attribute__(x)
  49 #endif
  50
  51 #ifndef ATTRIBUTE_UNUSED
  52 # define ATTRIBUTE_UNUSED __attribute__ ((__unused__))
  53 #endif
  54
  55 #if _STRING_ARCH_unaligned
  56 # define ALIGNED_POINTER(ptr, type) true
  57 #else
  58 # define alignof(type) offsetof (struct { char c; type x; }, x)
  59 # define ALIGNED_POINTER(ptr, type) ((size_t) (ptr) % alignof (type) == 0)
  60 #endif
  61
  62 #ifndef DEFAULT_RANDOM_FILE
  63 # define DEFAULT_RANDOM_FILE "/dev/urandom"
  64 #endif
  65
  66 /* The maximum buffer size used for reads of random data.  Using the
  67    value 2 * ISAAC_BYTES makes this the largest power of two that
  68    would not otherwise cause struct randread_source to grow.  */
  69 #define RANDREAD_BUFFER_SIZE (2 * ISAAC_BYTES)
  70
  71 /* A source of random data for generating random buffers.  */
  72 struct randread_source
  73 {
  74   /* Stream to read random bytes from.  If null, the behavior is
  75      undefined; the current implementation uses ISAAC in this case,
  76      but this is for old-fashioned implementations that lack
  77      /dev/urandom and callers should not rely on this.  */
  78   FILE *source;
  79
  80   /* Function to call, and its argument, if there is an input error or
  81      end of file when reading from the stream; errno is nonzero if
  82      there was an error.  If this function returns, it should fix the
  83      problem before returning.  The default handler assumes that
  84      handler_arg is the file name of the source.  */
  85   void (*handler) (void const *);
  86   void const *handler_arg;
  87
  88   /* The buffer for SOURCE.  It's kept here to simplify storage
  89      allocation and to make it easier to clear out buffered random
  90      data.  */
  91   union
  92   {
  93     /* The stream buffer, if SOURCE is not null.  */
  94     char c[RANDREAD_BUFFER_SIZE];
  95
  96     /* The buffered ISAAC pseudorandom buffer, if SOURCE is null.  */
  97     struct isaac
  98     {
  99       /* The number of bytes that are buffered at the end of data.b.  */
 100       size_t buffered;
 101
 102       /* State of the ISAAC generator.  */
 103       struct isaac_state state;
 104
 105       /* Up to a buffer's worth of pseudorandom data.  */
 106       union
 107       {
 108         uint32_t w[ISAAC_WORDS];
 109         unsigned char b[ISAAC_BYTES];
 110       } data;
 111     } isaac;
 112   } buf;
 113 };
 114
 115
 116 /* The default error handler.  */
 117
 118 static void
 119 randread_error (void const *file_name)
 120 {
 121   if (file_name)
 122     error (exit_failure, errno,
 123            _(errno == 0 ? "%s: end of file" : "%s: read error"),
 124            quotearg_colon (file_name));
 125   abort ();
 126 }
 127
 128 /* Simply return a new randread_source object with the default error
 129    handler.  */
 130
 131 static struct randread_source *
 132 simple_new (FILE *source, void const *handler_arg)
 133 {
 134   struct randread_source *s = xmalloc (sizeof *s);
 135   s->source = source;
 136   s->handler = randread_error;
 137   s->handler_arg = handler_arg;
 138   return s;
 139 }
 140
 141 /* Create and initialize a random data source from NAME, or use a
 142    reasonable default source if NAME is null.  BYTES_BOUND is an upper
 143    bound on the number of bytes that will be needed.  If zero, it is a
 144    hard bound; otherwise it is just an estimate.
 145
 146    If NAME is not null, NAME is saved for use as the argument of the
 147    default handler.  Unless a non-default handler is used, NAME's
 148    lifetime should be at least that of the returned value.
 149
 150    Return NULL (setting errno) on failure.  */
 151
 152 struct randread_source *
 153 randread_new (char const *name, size_t bytes_bound)
 154 {
 155   if (bytes_bound == 0)
 156     return simple_new (NULL, NULL);
 157   else
 158     {
 159       char const *file_name = (name ? name : DEFAULT_RANDOM_FILE);
 160       FILE *source = fopen_safer (file_name, "rb");
 161       struct randread_source *s;
 162
 163       if (! source)
 164         {
 165           if (name)
 166             return NULL;
 167           file_name = NULL;
 168         }
 169
 170       s = simple_new (source, file_name);
 171
 172       if (source)
 173         setvbuf (source, s->buf.c, _IOFBF, MIN (sizeof s->buf.c, bytes_bound));
 174       else
 175         {
 176           s->buf.isaac.buffered = 0;
 177           isaac_seed (&s->buf.isaac.state);
 178         }
 179
 180       return s;
 181     }
 182 }
 183
 184
 185 /* Set S's handler and its argument.  HANDLER (HANDLER_ARG) is called
 186    when there is a read error or end of file from the random data
 187    source; errno is nonzero if there was an error.  If HANDLER
 188    returns, it should fix the problem before returning.  The default
 189    handler assumes that handler_arg is the file name of the source; it
 190    does not return.  */
 191
 192 void
 193 randread_set_handler (struct randread_source *s, void (*handler) (void const *))
 194 {
 195   s->handler = handler;
 196 }
 197
 198 void
 199 randread_set_handler_arg (struct randread_source *s, void const *handler_arg)
 200 {
 201   s->handler_arg = handler_arg;
 202 }
 203
 204
 205 /* Place SIZE random bytes into the buffer beginning at P, using
 206    the stream in S.  */
 207
 208 static void
 209 readsource (struct randread_source *s, unsigned char *p, size_t size)
 210 {
 211   for (;;)
 212     {
 213       size_t inbytes = fread (p, sizeof *p, size, s->source);
 214       int fread_errno = errno;
 215       p += inbytes;
 216       size -= inbytes;
 217       if (size == 0)
 218         break;
 219       errno = (ferror (s->source) ? fread_errno : 0);
 220       s->handler (s->handler_arg);
 221     }
 222 }
 223
 224
 225 /* Place SIZE pseudorandom bytes into the buffer beginning at P, using
 226    the buffered ISAAC generator in ISAAC.  */
 227
 228 static void
 229 readisaac (struct isaac *isaac, unsigned char *p, size_t size)
 230 {
 231   size_t inbytes = isaac->buffered;
 232
 233   for (;;)
 234     {
 235       if (size <= inbytes)
 236         {
 237           memcpy (p, isaac->data.b + ISAAC_BYTES - inbytes, size);
 238           isaac->buffered = inbytes - size;
 239           return;
 240         }
 241
 242       memcpy (p, isaac->data.b + ISAAC_BYTES - inbytes, inbytes);
 243       p += inbytes;
 244       size -= inbytes;
 245
 246       /* If P is aligned, write to *P directly to avoid the overhead
 247          of copying from the buffer.  */
 248       if (ALIGNED_POINTER (p, uint32_t))
 249         {
 250           uint32_t *wp = (uint32_t *) p;
 251           while (ISAAC_BYTES <= size)
 252             {
 253               isaac_refill (&isaac->state, wp);
 254               wp += ISAAC_WORDS;
 255               size -= ISAAC_BYTES;
 256               if (size == 0)
 257                 {
 258                   isaac->buffered = 0;
 259                   return;
 260                 }
 261             }
 262           p = (unsigned char *) wp;
 263         }
 264
 265       isaac_refill (&isaac->state, isaac->data.w);
 266       inbytes = ISAAC_BYTES;
 267     }
 268 }
 269
 270
 271 /* Consume random data from *S to generate a random buffer BUF of size
 272    SIZE.  */
 273
 274 void
 275 randread (struct randread_source *s, void *buf, size_t size)
 276 {
 277   if (s->source)
 278     readsource (s, buf, size);
 279   else
 280     readisaac (&s->buf.isaac, buf, size);
 281 }
 282
 283
 284 /* Clear *S so that it no longer contains undelivered random data, and
 285    deallocate any system resources associated with *S.  Return 0 if
 286    successful, a negative number (setting errno) if not (this is rare,
 287    but can occur in theory if there is an input error).  */
 288
 289 int
 290 randread_free (struct randread_source *s)
 291 {
 292   FILE *source = s->source;
 293   memset (s, 0, sizeof *s);
 294   free (s);
 295   return (source ? fclose (source) : 0);
 296 }