43 lines
1.8 KiB
Rust
43 lines
1.8 KiB
Rust
//! Solaris implementation using getrandom(2).
|
|
//!
|
|
//! While getrandom(2) has been available since Solaris 11.3, it has a few
|
|
//! quirks not present on other OSes. First, on Solaris 11.3, calls will always
|
|
//! fail if bufsz > 1024. Second, it will always either fail or completely fill
|
|
//! the buffer (returning bufsz). Third, error is indicated by returning 0,
|
|
//! rather than by returning -1. Finally, "if GRND_RANDOM is not specified
|
|
//! then getrandom(2) is always a non blocking call". This _might_ imply that
|
|
//! in early-boot scenarios with low entropy, getrandom(2) will not properly
|
|
//! block. To be safe, we set GRND_RANDOM, mirroring the man page examples.
|
|
//!
|
|
//! For more information, see the man page linked in lib.rs and this blog post:
|
|
//! https://blogs.oracle.com/solaris/post/solaris-new-system-calls-getentropy2-and-getrandom2
|
|
//! which also explains why this crate should not use getentropy(2).
|
|
use crate::Error;
|
|
use core::{ffi::c_void, mem::MaybeUninit};
|
|
|
|
pub use crate::util::{inner_u32, inner_u64};
|
|
|
|
#[path = "../util_libc.rs"]
|
|
mod util_libc;
|
|
|
|
const MAX_BYTES: usize = 1024;
|
|
|
|
#[inline]
|
|
pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
|
|
for chunk in dest.chunks_mut(MAX_BYTES) {
|
|
let ptr = chunk.as_mut_ptr().cast::<c_void>();
|
|
let ret = unsafe { libc::getrandom(ptr, chunk.len(), libc::GRND_RANDOM) };
|
|
// In case the man page has a typo, we also check for negative ret.
|
|
// If getrandom(2) succeeds, it should have completely filled chunk.
|
|
match usize::try_from(ret) {
|
|
// Good. Keep going.
|
|
Ok(ret) if ret == chunk.len() => {}
|
|
// The syscall failed.
|
|
Ok(0) => return Err(util_libc::last_os_error()),
|
|
// All other cases should be impossible.
|
|
_ => return Err(Error::UNEXPECTED),
|
|
}
|
|
}
|
|
Ok(())
|
|
}
|