Add runtime fallback for GRND_INSECURE

The grndinsecure sysdep is only build-time tested and returns yes
if the kernel headers declare GRND_INSECURE. That is a problem
because the kernel headers are most likely provided by the toolchain
and do not reflect the exact capabilities of the run-time kernel.

If the run-time kernel doesn't support that option, getrandom()
fails. That made random_buf_early() busyloop.

To avoid that, we now fallback to random_devurandom() as an
implementation of random_buf_early() if getrandom() fails when
used with GRND_INSECURE. This adds a slight amount of overhead
to random_buf_early(), so it's probably better to just disable
the sysdep at build time if you're making binaries that will run
on older kernels.

Signed-off-by: Laurent Bercot <ska@appnovation.com>

1 files changed, 13 insertions, 3 deletions

diff --git a/src/librandom/random_buf_early.c b/src/librandom/random_buf_early.c
index a7a244d..ce2733b 100644
--- a/src/librandom/random_buf_early.c
+++ b/src/librandom/random_buf_early.c
@@ -15,21 +15,31 @@ void random_buf_early (char *s, size_t n)
 
 #elif defined(SKALIBS_HASGETRANDOM) && defined(SKALIBS_HASGRNDINSECURE)
 
+#include <errno.h>
 #include <sys/random.h>
 
 #include <skalibs/random.h>
 
 void random_buf_early (char *s, size_t n)
 {
+  static int broken = 0 ;
+  if (broken) goto bleh ;
   while (n)
   {
     ssize_t r = getrandom(s, n, GRND_INSECURE) ;
-    if (r >= 0)
+    if (r == -1)
     {
-      s += r ;
-      n -= r ;
+      if (errno != EINTR) goto breakit ;
+      else continue ;
     }
+    s += r ;
+    n -= r ;
   }
+  return ;
+ breakit:
+  broken = 1 ;
+ bleh:
+  random_devurandom(s, n) ;
 }
 
 #elif defined(SKALIBS_HASDEVURANDOM)