git.ipfire.org Git - thirdparty/json-c.git/commit

author	Tobias Stoeckmann <tobias@stoeckmann.org>
	Sat, 15 Aug 2020 13:41:41 +0000 (15:41 +0200)
committer	Tobias Stoeckmann <tobias@stoeckmann.org>
	Sat, 15 Aug 2020 13:52:17 +0000 (15:52 +0200)
commit	f052e42f56eae6b8a5b3833731e1d85e054fa09e
tree	93c0338ffbad35ee3084fd67d12e419806c695c7	tree
parent	104b408ee83b45a0baa25c48fe323f48f26256c6	commit \| diff

Use GRND_NONBLOCK with getrandom.

The json-c library is used in cryptsetup for LUKS2 header information.
Since cryptsetup can be called very early during boot, the developers
avoid getrandom() calls in their own code base for now. [1]

Introducing a blocking getrandom() call in json-c therefore introduces
this issue for cryptsetup as well. Even though cryptsetup issues do not
have to be json-c issues, here is my proposal:

Let's use a non-blocking call, falling back to other sources if the call
would block. Since getrandom() accesses urandom, it must mean that we
are in an early boot phase -- otherwise the call would not block
according to its manual page.

As stated in manual page of random(4), accessing /dev/urandom won't
block but return weak random numbers, therefore this fallback would work
for json-c.

While at it, fixed the debug message.

[1] https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/47
which references to https://lwn.net/Articles/800509/