// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "base/rand_util.h" #include <errno.h> #include <fcntl.h> #include <stddef.h> #include <stdint.h> #include <sys/syscall.h> #include <sys/utsname.h> #include <unistd.h> #include "base/check.h" #include "base/compiler_specific.h" #include "base/containers/span.h" #include "base/feature_list.h" #include "base/files/file_util.h" #include "base/metrics/histogram_macros.h" #include "base/no_destructor.h" #include "base/posix/eintr_wrapper.h" #include "base/time/time.h" #include "build/build_config.h" #if (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)) && !BUILDFLAG(IS_NACL) #include "third_party/lss/linux_syscall_support.h" #elif BUILDFLAG(IS_MAC) // TODO(crbug.com/40641285): Waiting for this header to appear in the iOS SDK. // (See below.) #include <sys/random.h> #endif #if !BUILDFLAG(IS_NACL) #include "third_party/boringssl/src/include/openssl/rand.h" #endif namespace base { namespace { #if BUILDFLAG(IS_AIX) // AIX has no 64-bit support for O_CLOEXEC. static constexpr int kOpenFlags = O_RDONLY; #else static constexpr int kOpenFlags = …; #endif // We keep the file descriptor for /dev/urandom around so we don't need to // reopen it (which is expensive), and since we may not even be able to reopen // it if we are later put in a sandbox. This class wraps the file descriptor so // we can use a static-local variable to handle opening it on the first access. class URandomFd { … }; #if (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || \ BUILDFLAG(IS_ANDROID)) && \ !BUILDFLAG(IS_NACL) // TODO(pasko): Unify reading kernel version numbers in: // mojo/core/channel_linux.cc // chrome/browser/android/seccomp_support_detector.cc void KernelVersionNumbers(int32_t* major_version, int32_t* minor_version, int32_t* bugfix_version) { … } bool KernelSupportsGetRandom() { … } bool GetRandomSyscall(void* output, size_t output_length) { … } #endif // (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || // BUILDFLAG(IS_ANDROID)) && !BUILDFLAG(IS_NACL) #if BUILDFLAG(IS_ANDROID) std::atomic<bool> g_use_getrandom; // Note: the BoringSSL feature takes precedence over the getrandom() trial if // both are enabled. BASE_FEATURE(kUseGetrandomForRandBytes, "UseGetrandomForRandBytes", FEATURE_ENABLED_BY_DEFAULT); bool UseGetrandom() { return g_use_getrandom.load(std::memory_order_relaxed); } #elif (BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)) && !BUILDFLAG(IS_NACL) bool UseGetrandom() { … } #endif } // namespace namespace internal { #if BUILDFLAG(IS_ANDROID) void ConfigureRandBytesFieldTrial() { g_use_getrandom.store(FeatureList::IsEnabled(kUseGetrandomForRandBytes), std::memory_order_relaxed); } #endif namespace { #if !BUILDFLAG(IS_NACL) // The BoringSSl helpers are duplicated in rand_util_fuchsia.cc and // rand_util_win.cc. std::atomic<bool> g_use_boringssl; BASE_FEATURE(…); } // namespace void ConfigureBoringSSLBackedRandBytesFieldTrial() { … } bool UseBoringSSLForRandBytes() { … } #endif } // namespace internal namespace { void RandBytesInternal(span<uint8_t> output, bool avoid_allocation) { … } } // namespace namespace internal { double RandDoubleAvoidAllocation() { … } } // namespace internal void RandBytes(span<uint8_t> output) { … } int GetUrandomFD() { … } } // namespace base
Codebase Browser
chromium