commit 664f0f3af7eb8aef89e6b1adee2d83b4c4f4cf9f
parent 0e4bc9efc11636b2d06e2cf6dccb7e6a6094f08f
Author: Laurent Bercot <ska-skaware@skarnet.org>
Date: Thu, 23 Jun 2022 08:46:40 +0000
Add runtime fallback for GRND_INSECURE
The grndinsecure sysdep is only build-time tested and returns yes
if the kernel headers declare GRND_INSECURE. That is a problem
because the kernel headers are most likely provided by the toolchain
and do not reflect the exact capabilities of the run-time kernel.
If the run-time kernel doesn't support that option, getrandom()
fails. That made random_buf_early() busyloop.
To avoid that, we now fallback to random_devurandom() as an
implementation of random_buf_early() if getrandom() fails when
used with GRND_INSECURE. This adds a slight amount of overhead
to random_buf_early(), so it's probably better to just disable
the sysdep at build time if you're making binaries that will run
on older kernels.
Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat:
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/librandom/random_buf_early.c b/src/librandom/random_buf_early.c
@@ -15,21 +15,31 @@ void random_buf_early (char *s, size_t n)
#elif defined(SKALIBS_HASGETRANDOM) && defined(SKALIBS_HASGRNDINSECURE)
+#include <errno.h>
#include <sys/random.h>
#include <skalibs/random.h>
void random_buf_early (char *s, size_t n)
{
+ static int broken = 0 ;
+ if (broken) goto bleh ;
while (n)
{
ssize_t r = getrandom(s, n, GRND_INSECURE) ;
- if (r >= 0)
+ if (r == -1)
{
- s += r ;
- n -= r ;
+ if (errno != EINTR) goto breakit ;
+ else continue ;
}
+ s += r ;
+ n -= r ;
}
+ return ;
+ breakit:
+ broken = 1 ;
+ bleh:
+ random_devurandom(s, n) ;
}
#elif defined(SKALIBS_HASDEVURANDOM)
