From 664f0f3af7eb8aef89e6b1adee2d83b4c4f4cf9f Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Thu, 23 Jun 2022 08:46:40 +0000 Subject: Add runtime fallback for GRND_INSECURE The grndinsecure sysdep is only build-time tested and returns yes if the kernel headers declare GRND_INSECURE. That is a problem because the kernel headers are most likely provided by the toolchain and do not reflect the exact capabilities of the run-time kernel. If the run-time kernel doesn't support that option, getrandom() fails. That made random_buf_early() busyloop. To avoid that, we now fallback to random_devurandom() as an implementation of random_buf_early() if getrandom() fails when used with GRND_INSECURE. This adds a slight amount of overhead to random_buf_early(), so it's probably better to just disable the sysdep at build time if you're making binaries that will run on older kernels. Signed-off-by: Laurent Bercot --- src/librandom/random_buf_early.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/librandom/random_buf_early.c b/src/librandom/random_buf_early.c index a7a244d..ce2733b 100644 --- a/src/librandom/random_buf_early.c +++ b/src/librandom/random_buf_early.c @@ -15,21 +15,31 @@ void random_buf_early (char *s, size_t n) #elif defined(SKALIBS_HASGETRANDOM) && defined(SKALIBS_HASGRNDINSECURE) +#include #include #include void random_buf_early (char *s, size_t n) { + static int broken = 0 ; + if (broken) goto bleh ; while (n) { ssize_t r = getrandom(s, n, GRND_INSECURE) ; - if (r >= 0) + if (r == -1) { - s += r ; - n -= r ; + if (errno != EINTR) goto breakit ; + else continue ; } + s += r ; + n -= r ; } + return ; + breakit: + broken = 1 ; + bleh: + random_devurandom(s, n) ; } #elif defined(SKALIBS_HASDEVURANDOM) -- cgit v1.2.3