On Fri, Jun 1, 2018 at 3:53 PM, <yla...@apache.org> wrote: > Author: ylavic > Date: Fri Jun 1 13:53:50 2018 > New Revision: 1832691 > > URL: http://svn.apache.org/viewvc?rev=1832691&view=rev > Log: > rand: follow up to r1814240: still honor --with-devrandom if specified. > > --- apr/apr/trunk/misc/unix/rand.c (original) > +++ apr/apr/trunk/misc/unix/rand.c Fri Jun 1 13:53:50 2018 [] > +#elif defined(SYS_RANDOM) && defined(USE_GETRANDOM) > > do { > int rc; > > - rc = getrandom(buf, length, GRND_NONBLOCK); > + rc = getrandom(buf, length, 0);
Argh, I wanted to commit this separately. The new getrandom() syscall is meant simplify access to Linux' "urandom" pool (w/o opening and reading from /dev/...). But unlike reading from "/dev/urandom", the syscall may block in early booting, unless GRND_NONBLOCK is specified. The issue is that GRND_NONBLOCK may return EAGAIN which we can't do much with, whereas reading "/dev/urandom" in this case would have returned non random bytes (no entropy, no good random bytes...). So I changed the call to unlikely but possibly block (not like "/dev/random" though, the call will never block once the initial entropy is there, once and for all), which I find much better than unmanageable EAGAIN or bad random bytes. For those who really don't want to block, --with-devrandom="/dev/urandom" has now priority if configured explicitely. Regards, Yann.
