From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 5 Jan 2026 04:24:27 +0000 (+0900)
Subject: random-util: assume getrandom(GRND_INSECURE) works
X-Git-Tag: v260-rc1~408^2~8
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ec21e5c58ebfc1ea7d76b94f8f6ec50fefe39866;p=thirdparty%2Fsystemd.git

random-util: assume getrandom(GRND_INSECURE) works

GRND_INSECURE was added in kernel 5.6, and our baseline on kernel is
5.10. Let's assume it always works. Even if it does not work, we have
further fallback logics. So, this should be safe.
---

diff --git a/src/basic/random-util.c b/src/basic/random-util.c
index ece0e419437..d05be6fa501 100644
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@@ -68,8 +68,6 @@ static void fallback_random_bytes(void *p, size_t n) {
 }
 
 void random_bytes(void *p, size_t n) {
-        static bool have_grndinsecure = true;
-
         assert(p || n == 0);
 
         if (n == 0)
@@ -78,15 +76,9 @@ void random_bytes(void *p, size_t n) {
         for (;;) {
                 ssize_t l;
 
-                l = getrandom(p, n, have_grndinsecure ? GRND_INSECURE : GRND_NONBLOCK);
-                if (l < 0 && errno == EINVAL && have_grndinsecure) {
-                        /* No GRND_INSECURE; fallback to GRND_NONBLOCK. */
-                        have_grndinsecure = false;
-                        continue;
-                }
+                l = getrandom(p, n, GRND_INSECURE);
                 if (l <= 0)
-                        break; /* Will block (with GRND_NONBLOCK), or unexpected error. Give up and fallback
-                                  to /dev/urandom. */
+                        break; /* Unexpected error. Give up and fallback to /dev/urandom. */
 
                 if ((size_t) l == n)
                         return; /* Done reading, success. */