json-c/f052e42f56eae6b8a5b3833731e1d85e054fa09e.patch

From f052e42f56eae6b8a5b3833731e1d85e054fa09e Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sat, 15 Aug 2020 15:41:41 +0200
Subject: [PATCH] Use GRND_NONBLOCK with getrandom.

The json-c library is used in cryptsetup for LUKS2 header information.
Since cryptsetup can be called very early during boot, the developers
avoid getrandom() calls in their own code base for now. [1]

Introducing a blocking getrandom() call in json-c therefore introduces
this issue for cryptsetup as well. Even though cryptsetup issues do not
have to be json-c issues, here is my proposal:

Let's use a non-blocking call, falling back to other sources if the call
would block. Since getrandom() accesses urandom, it must mean that we
are in an early boot phase -- otherwise the call would not block
according to its manual page.

As stated in manual page of random(4), accessing /dev/urandom won't
block but return weak random numbers, therefore this fallback would work
for json-c.

While at it, fixed the debug message.

[1] https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/47
    which references to https://lwn.net/Articles/800509/
---
 random_seed.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/random_seed.c b/random_seed.c
index 17727c6a1c..c428da9c67 100644
--- a/random_seed.c
+++ b/random_seed.c
@@ -164,19 +164,21 @@ static int get_rdrand_seed(void)
 
 static int get_getrandom_seed(void)
 {
-	DEBUG_SEED("get_dev_random_seed");
+	DEBUG_SEED("get_getrandom_seed");
 
 	int r;
 	ssize_t ret;
 
 	do {
-		ret = getrandom(&r, sizeof(r), 0);
+		ret = getrandom(&r, sizeof(r), GRND_NONBLOCK);
 	} while ((ret == -1) && (errno == EINTR));
 
 	if (ret == -1)
 	{
 		if (errno == ENOSYS) /* syscall not available in kernel */
 			return -1;
+		if (errno == EAGAIN) /* entropy not yet initialized */
+			return -1;
 
 		fprintf(stderr, "error from getrandom(): %s", strerror(errno));
 		exit(1);