libcrypto/arc4random/getentropy_linux.c

*b7041c07Sderaadt/*	$OpenBSD: getentropy_linux.c,v 1.48 2021/10/24 21:24:20 deraadt Exp $	*/
8286e41bSbeck
8286e41bSbeck/*
8286e41bSbeck * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
8286e41bSbeck * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
8286e41bSbeck *
8286e41bSbeck * Permission to use, copy, modify, and distribute this software for any
8286e41bSbeck * purpose with or without fee is hereby granted, provided that the above
8286e41bSbeck * copyright notice and this permission notice appear in all copies.
8286e41bSbeck *
8286e41bSbeck * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8286e41bSbeck * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
8286e41bSbeck * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
8286e41bSbeck * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
8286e41bSbeck * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
8286e41bSbeck * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
8286e41bSbeck * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
b5f12122Sderaadt *
b5f12122Sderaadt * Emulation of getentropy(2) as documented at:
b8461433Stb * http://man.openbsd.org/getentropy.2
8286e41bSbeck */
8286e41bSbeck
8286e41bSbeck#define	_POSIX_C_SOURCE	199309L
8286e41bSbeck#define	_GNU_SOURCE	1
8286e41bSbeck#include <sys/types.h>
8286e41bSbeck#include <sys/param.h>
8286e41bSbeck#include <sys/ioctl.h>
8286e41bSbeck#include <sys/resource.h>
8286e41bSbeck#include <sys/syscall.h>
3e3a5746Sbcook#ifdef SYS__sysctl
3e3a5746Sbcook#include <linux/sysctl.h>
80de5d26Sbeck#endif
8286e41bSbeck#include <sys/statvfs.h>
8286e41bSbeck#include <sys/socket.h>
8286e41bSbeck#include <sys/mount.h>
8286e41bSbeck#include <sys/mman.h>
8286e41bSbeck#include <sys/stat.h>
8286e41bSbeck#include <sys/time.h>
8286e41bSbeck#include <stdlib.h>
8286e41bSbeck#include <stdint.h>
8286e41bSbeck#include <stdio.h>
5a30a5b2Sderaadt#include <link.h>
8286e41bSbeck#include <termios.h>
8286e41bSbeck#include <fcntl.h>
8286e41bSbeck#include <signal.h>
8286e41bSbeck#include <string.h>
8286e41bSbeck#include <errno.h>
8286e41bSbeck#include <unistd.h>
8286e41bSbeck#include <time.h>
8286e41bSbeck#include <openssl/sha.h>
8286e41bSbeck
2ce34de7Sbcook#include <linux/types.h>
8286e41bSbeck#include <linux/random.h>
4f735644Sbeck#ifdef HAVE_GETAUXVAL
4f735644Sbeck#include <sys/auxv.h>
4f735644Sbeck#endif
8286e41bSbeck#include <sys/vfs.h>
8286e41bSbeck
8286e41bSbeck#define REPEAT 5
557f50beSderaadt#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
8286e41bSbeck
56419eb2Sderaadt#define HX(a, b) \
8286e41bSbeck	do { \
8286e41bSbeck		if ((a)) \
56419eb2Sderaadt			HD(errno); \
8286e41bSbeck		else \
56419eb2Sderaadt			HD(b); \
8286e41bSbeck	} while (0)
8286e41bSbeck
4f735644Sbeck#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
4f735644Sbeck#define HD(x)	 (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
54dec340Swouter#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
8286e41bSbeck
8286e41bSbeckint	getentropy(void *buf, size_t len);
8286e41bSbeck
e698281dSbcook#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
fea29d55Sderaadtstatic int getentropy_getrandom(void *buf, size_t len);
dc80d86aSbcook#endif
95438510Sottostatic int getentropy_urandom(void *buf, size_t len);
6cb1baa1Sderaadt#ifdef SYS__sysctl
95438510Sottostatic int getentropy_sysctl(void *buf, size_t len);
3279ccb0Sbeck#endif
95438510Sottostatic int getentropy_fallback(void *buf, size_t len);
5a30a5b2Sderaadtstatic int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
95438510Sotto
95438510Sottoint
95438510Sottogetentropy(void *buf, size_t len)
95438510Sotto{
95438510Sotto	int ret = -1;
95438510Sotto
95438510Sotto	if (len > 256) {
95438510Sotto		errno = EIO;
044fc755Sderaadt		return (-1);
95438510Sotto	}
95438510Sotto
e698281dSbcook#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
95438510Sotto	/*
edb2eeb7Sbeck	 * Try descriptor-less getrandom(), in non-blocking mode.
edb2eeb7Sbeck	 *
edb2eeb7Sbeck	 * The design of Linux getrandom is broken.  It has an
edb2eeb7Sbeck	 * uninitialized phase coupled with blocking behaviour, which
edb2eeb7Sbeck	 * is unacceptable from within a library at boot time without
edb2eeb7Sbeck	 * possible recovery. See http://bugs.python.org/issue26839#msg267745
fea29d55Sderaadt	 */
fea29d55Sderaadt	ret = getentropy_getrandom(buf, len);
fea29d55Sderaadt	if (ret != -1)
fea29d55Sderaadt		return (ret);
dc80d86aSbcook#endif
fea29d55Sderaadt
fea29d55Sderaadt	/*
95438510Sotto	 * Try to get entropy with /dev/urandom
95438510Sotto	 *
95438510Sotto	 * This can fail if the process is inside a chroot or if file
95438510Sotto	 * descriptors are exhausted.
95438510Sotto	 */
95438510Sotto	ret = getentropy_urandom(buf, len);
95438510Sotto	if (ret != -1)
95438510Sotto		return (ret);
95438510Sotto
6cb1baa1Sderaadt#ifdef SYS__sysctl
95438510Sotto	/*
93d8086cSbeck	 * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
93d8086cSbeck	 * sysctl is a failsafe API, so it guarantees a result.  This
93d8086cSbeck	 * should work inside a chroot, or when file descriptors are
2e9828cbStj	 * exhausted.
95438510Sotto	 *
93d8086cSbeck	 * However this can fail if the Linux kernel removes support
93d8086cSbeck	 * for sysctl.  Starting in 2007, there have been efforts to
93d8086cSbeck	 * deprecate the sysctl API/ABI, and push callers towards use
93d8086cSbeck	 * of the chroot-unavailable fd-using /proc mechanism --
93d8086cSbeck	 * essentially the same problems as /dev/urandom.
95438510Sotto	 *
95438510Sotto	 * Numerous setbacks have been encountered in their deprecation
edcadc37Sbeck	 * schedule, so as of June 2014 the kernel ABI still exists on
edcadc37Sbeck	 * most Linux architectures. The sysctl() stub in libc is missing
edcadc37Sbeck	 * on some systems.  There are also reports that some kernels
edcadc37Sbeck	 * spew messages to the console.
95438510Sotto	 */
95438510Sotto	ret = getentropy_sysctl(buf, len);
95438510Sotto	if (ret != -1)
95438510Sotto		return (ret);
6cb1baa1Sderaadt#endif /* SYS__sysctl */
95438510Sotto
95438510Sotto	/*
95438510Sotto	 * Entropy collection via /dev/urandom and sysctl have failed.
95438510Sotto	 *
95438510Sotto	 * No other API exists for collecting entropy.  See the large
95438510Sotto	 * comment block above.
95438510Sotto	 *
95438510Sotto	 * We have very few options:
95438510Sotto	 *     - Even syslog_r is unsafe to call at this low level, so
95438510Sotto	 *	 there is no way to alert the user or program.
93d8086cSbeck	 *     - Cannot call abort() because some systems have unsafe
93d8086cSbeck	 *	 corefiles.
95438510Sotto	 *     - Could raise(SIGKILL) resulting in silent program termination.
95438510Sotto	 *     - Return EIO, to hint that arc4random's stir function
95438510Sotto	 *       should raise(SIGKILL)
95438510Sotto	 *     - Do the best under the circumstances....
95438510Sotto	 *
95438510Sotto	 * This code path exists to bring light to the issue that Linux
edb2eeb7Sbeck	 * still does not provide a failsafe API for entropy collection.
95438510Sotto	 *
95438510Sotto	 * We hope this demonstrates that Linux should either retain their
95438510Sotto	 * sysctl ABI, or consider providing a new failsafe API which
95438510Sotto	 * works in a chroot or when file descriptors are exhausted.
95438510Sotto	 */
190c328cSderaadt#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
190c328cSderaadt#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
95438510Sotto	raise(SIGKILL);
95438510Sotto#endif
95438510Sotto	ret = getentropy_fallback(buf, len);
95438510Sotto	if (ret != -1)
95438510Sotto		return (ret);
95438510Sotto
95438510Sotto	errno = EIO;
95438510Sotto	return (ret);
95438510Sotto}
8286e41bSbeck
e698281dSbcook#if defined(SYS_getrandom) && defined(GRND_NONBLOCK)
8286e41bSbeckstatic int
fea29d55Sderaadtgetentropy_getrandom(void *buf, size_t len)
fea29d55Sderaadt{
3237117aSbcook	int pre_errno = errno;
aac66879Sbcook	int ret;
fea29d55Sderaadt	if (len > 256)
fea29d55Sderaadt		return (-1);
aac66879Sbcook	do {
edb2eeb7Sbeck		ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK);
aac66879Sbcook	} while (ret == -1 && errno == EINTR);
aac66879Sbcook
3237117aSbcook	if (ret != len)
aac66879Sbcook		return (-1);
3237117aSbcook	errno = pre_errno;
3237117aSbcook	return (0);
fea29d55Sderaadt}
dc80d86aSbcook#endif
fea29d55Sderaadt
fea29d55Sderaadtstatic int
8286e41bSbeckgetentropy_urandom(void *buf, size_t len)
8286e41bSbeck{
8286e41bSbeck	struct stat st;
8286e41bSbeck	size_t i;
f155de65Sbeck	int fd, cnt, flags;
8286e41bSbeck	int save_errno = errno;
8286e41bSbeck
8286e41bSbeckstart:
f155de65Sbeck
f155de65Sbeck	flags = O_RDONLY;
f155de65Sbeck#ifdef O_NOFOLLOW
f155de65Sbeck	flags |= O_NOFOLLOW;
f155de65Sbeck#endif
8286e41bSbeck#ifdef O_CLOEXEC
f155de65Sbeck	flags |= O_CLOEXEC;
f155de65Sbeck#endif
*b7041c07Sderaadt	fd = open("/dev/urandom", flags);
8286e41bSbeck	if (fd == -1) {
8286e41bSbeck		if (errno == EINTR)
8286e41bSbeck			goto start;
8286e41bSbeck		goto nodevrandom;
8286e41bSbeck	}
f155de65Sbeck#ifndef O_CLOEXEC
8286e41bSbeck	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
8286e41bSbeck#endif
8286e41bSbeck
8286e41bSbeck	/* Lightly verify that the device node looks sane */
8286e41bSbeck	if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
8286e41bSbeck		close(fd);
8286e41bSbeck		goto nodevrandom;
8286e41bSbeck	}
8286e41bSbeck	if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) {
8286e41bSbeck		close(fd);
8286e41bSbeck		goto nodevrandom;
8286e41bSbeck	}
8286e41bSbeck	for (i = 0; i < len; ) {
8286e41bSbeck		size_t wanted = len - i;
54dec340Swouter		ssize_t ret = read(fd, (char *)buf + i, wanted);
8286e41bSbeck
8286e41bSbeck		if (ret == -1) {
8286e41bSbeck			if (errno == EAGAIN || errno == EINTR)
8286e41bSbeck				continue;
8286e41bSbeck			close(fd);
8286e41bSbeck			goto nodevrandom;
8286e41bSbeck		}
8286e41bSbeck		i += ret;
8286e41bSbeck	}
8286e41bSbeck	close(fd);
8286e41bSbeck	errno = save_errno;
044fc755Sderaadt	return (0);		/* satisfied */
8286e41bSbecknodevrandom:
8286e41bSbeck	errno = EIO;
044fc755Sderaadt	return (-1);
8286e41bSbeck}
8286e41bSbeck
6cb1baa1Sderaadt#ifdef SYS__sysctl
8286e41bSbeckstatic int
8286e41bSbeckgetentropy_sysctl(void *buf, size_t len)
8286e41bSbeck{
3279ccb0Sbeck	static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
54dec340Swouter	size_t i;
8286e41bSbeck	int save_errno = errno;
8286e41bSbeck
8286e41bSbeck	for (i = 0; i < len; ) {
557f50beSderaadt		size_t chunk = MINIMUM(len - i, 16);
8286e41bSbeck
8286e41bSbeck		/* SYS__sysctl because some systems already removed sysctl() */
8286e41bSbeck		struct __sysctl_args args = {
8286e41bSbeck			.name = mib,
8286e41bSbeck			.nlen = 3,
b8457ac7Sderaadt			.oldval = (char *)buf + i,
8286e41bSbeck			.oldlenp = &chunk,
8286e41bSbeck		};
8286e41bSbeck		if (syscall(SYS__sysctl, &args) != 0)
8286e41bSbeck			goto sysctlfailed;
8286e41bSbeck		i += chunk;
8286e41bSbeck	}
8286e41bSbeck	errno = save_errno;
8286e41bSbeck	return (0);			/* satisfied */
8286e41bSbecksysctlfailed:
8286e41bSbeck	errno = EIO;
044fc755Sderaadt	return (-1);
8286e41bSbeck}
6cb1baa1Sderaadt#endif /* SYS__sysctl */
8286e41bSbeck
092b0306Sderaadtstatic const int cl[] = {
8286e41bSbeck	CLOCK_REALTIME,
8286e41bSbeck#ifdef CLOCK_MONOTONIC
8286e41bSbeck	CLOCK_MONOTONIC,
8286e41bSbeck#endif
8286e41bSbeck#ifdef CLOCK_MONOTONIC_RAW
8286e41bSbeck	CLOCK_MONOTONIC_RAW,
8286e41bSbeck#endif
8286e41bSbeck#ifdef CLOCK_TAI
8286e41bSbeck	CLOCK_TAI,
8286e41bSbeck#endif
8286e41bSbeck#ifdef CLOCK_VIRTUAL
8286e41bSbeck	CLOCK_VIRTUAL,
8286e41bSbeck#endif
8286e41bSbeck#ifdef CLOCK_UPTIME
8286e41bSbeck	CLOCK_UPTIME,
8286e41bSbeck#endif
8286e41bSbeck#ifdef CLOCK_PROCESS_CPUTIME_ID
8286e41bSbeck	CLOCK_PROCESS_CPUTIME_ID,
8286e41bSbeck#endif
8286e41bSbeck#ifdef CLOCK_THREAD_CPUTIME_ID
8286e41bSbeck	CLOCK_THREAD_CPUTIME_ID,
8286e41bSbeck#endif
8286e41bSbeck};
8286e41bSbeck
8286e41bSbeckstatic int
5a30a5b2Sderaadtgetentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
5a30a5b2Sderaadt{
5a30a5b2Sderaadt	SHA512_CTX *ctx = data;
5a30a5b2Sderaadt
5a30a5b2Sderaadt	SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
044fc755Sderaadt	return (0);
5a30a5b2Sderaadt}
5a30a5b2Sderaadt
5a30a5b2Sderaadtstatic int
8286e41bSbeckgetentropy_fallback(void *buf, size_t len)
8286e41bSbeck{
8286e41bSbeck	uint8_t results[SHA512_DIGEST_LENGTH];
54dec340Swouter	int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
56419eb2Sderaadt	static int cnt;
8286e41bSbeck	struct timespec ts;
8286e41bSbeck	struct timeval tv;
8286e41bSbeck	struct rusage ru;
8286e41bSbeck	sigset_t sigset;
8286e41bSbeck	struct stat st;
8286e41bSbeck	SHA512_CTX ctx;
581198e5Sderaadt	static pid_t lastpid;
8286e41bSbeck	pid_t pid;
54dec340Swouter	size_t i, ii, m;
56419eb2Sderaadt	char *p;
8286e41bSbeck
581198e5Sderaadt	pid = getpid();
203e5dbfSbeck	if (lastpid == pid) {
203e5dbfSbeck		faster = 1;
203e5dbfSbeck		repeat = 2;
203e5dbfSbeck	} else {
203e5dbfSbeck		faster = 0;
581198e5Sderaadt		lastpid = pid;
203e5dbfSbeck		repeat = REPEAT;
203e5dbfSbeck	}
8286e41bSbeck	for (i = 0; i < len; ) {
e4e2062fSbeck		int j;
8286e41bSbeck		SHA512_Init(&ctx);
203e5dbfSbeck		for (j = 0; j < repeat; j++) {
56419eb2Sderaadt			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
8286e41bSbeck			if (e != -1) {
56419eb2Sderaadt				cnt += (int)tv.tv_sec;
80a8e717Sbeck				cnt += (int)tv.tv_usec;
8286e41bSbeck			}
8286e41bSbeck
5a30a5b2Sderaadt			dl_iterate_phdr(getentropy_phdr, &ctx);
5a30a5b2Sderaadt
8286e41bSbeck			for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
56419eb2Sderaadt				HX(clock_gettime(cl[ii], &ts) == -1, ts);
8286e41bSbeck
56419eb2Sderaadt			HX((pid = getpid()) == -1, pid);
56419eb2Sderaadt			HX((pid = getsid(pid)) == -1, pid);
56419eb2Sderaadt			HX((pid = getppid()) == -1, pid);
56419eb2Sderaadt			HX((pid = getpgid(0)) == -1, pid);
54dec340Swouter			HX((e = getpriority(0, 0)) == -1, e);
8286e41bSbeck
203e5dbfSbeck			if (!faster) {
8286e41bSbeck				ts.tv_sec = 0;
8286e41bSbeck				ts.tv_nsec = 1;
8286e41bSbeck				(void) nanosleep(&ts, NULL);
203e5dbfSbeck			}
8286e41bSbeck
56419eb2Sderaadt			HX(sigpending(&sigset) == -1, sigset);
56419eb2Sderaadt			HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
93d8086cSbeck			    sigset);
8286e41bSbeck
54dec340Swouter			HF(getentropy);	/* an addr in this library */
54dec340Swouter			HF(printf);		/* an addr in libc */
56419eb2Sderaadt			p = (char *)&p;
56419eb2Sderaadt			HD(p);		/* an addr on stack */
56419eb2Sderaadt			p = (char *)&errno;
56419eb2Sderaadt			HD(p);		/* the addr of errno */
8286e41bSbeck
8286e41bSbeck			if (i == 0) {
8286e41bSbeck				struct sockaddr_storage ss;
8286e41bSbeck				struct statvfs stvfs;
8286e41bSbeck				struct termios tios;
8286e41bSbeck				struct statfs stfs;
8286e41bSbeck				socklen_t ssl;
8286e41bSbeck				off_t off;
8286e41bSbeck
8286e41bSbeck				/*
8286e41bSbeck				 * Prime-sized mappings encourage fragmentation;
8286e41bSbeck				 * thus exposing some address entropy.
8286e41bSbeck				 */
8286e41bSbeck				struct mm {
8286e41bSbeck					size_t	npg;
8286e41bSbeck					void	*p;
8286e41bSbeck				} mm[] =	 {
8286e41bSbeck					{ 17, MAP_FAILED }, { 3, MAP_FAILED },
8286e41bSbeck					{ 11, MAP_FAILED }, { 2, MAP_FAILED },
8286e41bSbeck					{ 5, MAP_FAILED }, { 3, MAP_FAILED },
8286e41bSbeck					{ 7, MAP_FAILED }, { 1, MAP_FAILED },
8286e41bSbeck					{ 57, MAP_FAILED }, { 3, MAP_FAILED },
8286e41bSbeck					{ 131, MAP_FAILED }, { 1, MAP_FAILED },
8286e41bSbeck				};
8286e41bSbeck
8286e41bSbeck				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
56419eb2Sderaadt					HX(mm[m].p = mmap(NULL,
56419eb2Sderaadt					    mm[m].npg * pgs,
8286e41bSbeck					    PROT_READ|PROT_WRITE,
56419eb2Sderaadt					    MAP_PRIVATE|MAP_ANON, -1,
56419eb2Sderaadt					    (off_t)0), mm[m].p);
8286e41bSbeck					if (mm[m].p != MAP_FAILED) {
56419eb2Sderaadt						size_t mo;
8286e41bSbeck
8286e41bSbeck						/* Touch some memory... */
56419eb2Sderaadt						p = mm[m].p;
56419eb2Sderaadt						mo = cnt %
56419eb2Sderaadt						    (mm[m].npg * pgs - 1);
56419eb2Sderaadt						p[mo] = 1;
56419eb2Sderaadt						cnt += (int)((long)(mm[m].p)
56419eb2Sderaadt						    / pgs);
8286e41bSbeck					}
8286e41bSbeck
56419eb2Sderaadt					/* Check cnts and times... */
8286e41bSbeck					for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
8286e41bSbeck					    ii++) {
56419eb2Sderaadt						HX((e = clock_gettime(cl[ii],
93d8086cSbeck						    &ts)) == -1, ts);
8286e41bSbeck						if (e != -1)
56419eb2Sderaadt							cnt += (int)ts.tv_nsec;
8286e41bSbeck					}
8286e41bSbeck
56419eb2Sderaadt					HX((e = getrusage(RUSAGE_SELF,
56419eb2Sderaadt					    &ru)) == -1, ru);
8286e41bSbeck					if (e != -1) {
56419eb2Sderaadt						cnt += (int)ru.ru_utime.tv_sec;
56419eb2Sderaadt						cnt += (int)ru.ru_utime.tv_usec;
8286e41bSbeck					}
8286e41bSbeck				}
8286e41bSbeck
8286e41bSbeck				for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
8286e41bSbeck					if (mm[m].p != MAP_FAILED)
56419eb2Sderaadt						munmap(mm[m].p, mm[m].npg * pgs);
8286e41bSbeck					mm[m].p = MAP_FAILED;
8286e41bSbeck				}
8286e41bSbeck
56419eb2Sderaadt				HX(stat(".", &st) == -1, st);
56419eb2Sderaadt				HX(statvfs(".", &stvfs) == -1, stvfs);
56419eb2Sderaadt				HX(statfs(".", &stfs) == -1, stfs);
8286e41bSbeck
56419eb2Sderaadt				HX(stat("/", &st) == -1, st);
56419eb2Sderaadt				HX(statvfs("/", &stvfs) == -1, stvfs);
56419eb2Sderaadt				HX(statfs("/", &stfs) == -1, stfs);
8286e41bSbeck
56419eb2Sderaadt				HX((e = fstat(0, &st)) == -1, st);
8286e41bSbeck				if (e == -1) {
93d8086cSbeck					if (S_ISREG(st.st_mode) ||
93d8086cSbeck					    S_ISFIFO(st.st_mode) ||
8286e41bSbeck					    S_ISSOCK(st.st_mode)) {
56419eb2Sderaadt						HX(fstatvfs(0, &stvfs) == -1,
93d8086cSbeck						    stvfs);
56419eb2Sderaadt						HX(fstatfs(0, &stfs) == -1,
56419eb2Sderaadt						    stfs);
56419eb2Sderaadt						HX((off = lseek(0, (off_t)0,
8286e41bSbeck						    SEEK_CUR)) < 0, off);
8286e41bSbeck					}
8286e41bSbeck					if (S_ISCHR(st.st_mode)) {
56419eb2Sderaadt						HX(tcgetattr(0, &tios) == -1,
56419eb2Sderaadt						    tios);
8286e41bSbeck					} else if (S_ISSOCK(st.st_mode)) {
8286e41bSbeck						memset(&ss, 0, sizeof ss);
8286e41bSbeck						ssl = sizeof(ss);
56419eb2Sderaadt						HX(getpeername(0,
56419eb2Sderaadt						    (void *)&ss, &ssl) == -1,
56419eb2Sderaadt						    ss);
8286e41bSbeck					}
8286e41bSbeck				}
8286e41bSbeck
56419eb2Sderaadt				HX((e = getrusage(RUSAGE_CHILDREN,
56419eb2Sderaadt				    &ru)) == -1, ru);
8286e41bSbeck				if (e != -1) {
56419eb2Sderaadt					cnt += (int)ru.ru_utime.tv_sec;
56419eb2Sderaadt					cnt += (int)ru.ru_utime.tv_usec;
8286e41bSbeck				}
8286e41bSbeck			} else {
8286e41bSbeck				/* Subsequent hashes absorb previous result */
56419eb2Sderaadt				HD(results);
8286e41bSbeck			}
8286e41bSbeck
56419eb2Sderaadt			HX((e = gettimeofday(&tv, NULL)) == -1, tv);
8286e41bSbeck			if (e != -1) {
56419eb2Sderaadt				cnt += (int)tv.tv_sec;
56419eb2Sderaadt				cnt += (int)tv.tv_usec;
8286e41bSbeck			}
8286e41bSbeck
56419eb2Sderaadt			HD(cnt);
56419eb2Sderaadt		}
912a9ab1Skettenis#ifdef HAVE_GETAUXVAL
4f735644Sbeck#ifdef AT_RANDOM
4f735644Sbeck		/* Not as random as you think but we take what we are given */
4f735644Sbeck		p = (char *) getauxval(AT_RANDOM);
4f735644Sbeck		if (p)
4f735644Sbeck			HR(p, 16);
4f735644Sbeck#endif
4f735644Sbeck#ifdef AT_SYSINFO_EHDR
4f735644Sbeck		p = (char *) getauxval(AT_SYSINFO_EHDR);
4f735644Sbeck		if (p)
11014432Sbeck			HR(p, pgs);
4f735644Sbeck#endif
4f735644Sbeck#ifdef AT_BASE
4f735644Sbeck		p = (char *) getauxval(AT_BASE);
4f735644Sbeck		if (p)
900d1301Sderaadt			HD(p);
4f735644Sbeck#endif
912a9ab1Skettenis#endif
4f735644Sbeck
8286e41bSbeck		SHA512_Final(results, &ctx);
557f50beSderaadt		memcpy((char *)buf + i, results, MINIMUM(sizeof(results), len - i));
557f50beSderaadt		i += MINIMUM(sizeof(results), len - i);
8286e41bSbeck	}
5fd8226cSguenther	explicit_bzero(&ctx, sizeof ctx);
5fd8226cSguenther	explicit_bzero(results, sizeof results);
8286e41bSbeck	errno = save_errno;
044fc755Sderaadt	return (0);		/* satisfied */
8286e41bSbeck}