Add fill_exact helper function

Author: josephlr

src/freebsd.rs

@@ -7,14 +7,12 @@
 // except according to those terms.
 
 //! Implementation for FreeBSD
-extern crate std;
-
+use crate::util_libc::fill_exact;
 use crate::Error;
 use core::num::NonZeroU32;
 use core::ptr;
-use std::io;
 
-fn kern_arnd(buf: &mut [u8]) -> Result<usize, Error> {
+fn kern_arnd(buf: &mut [u8]) -> libc::ssize_t {
     static MIB: [libc::c_int; 2] = [libc::CTL_KERN, libc::KERN_ARND];
     let mut len = buf.len();
     let ret = unsafe {
@@ -29,17 +27,14 @@ fn kern_arnd(buf: &mut [u8]) -> Result<usize, Error> {
     };
     if ret == -1 {
         error!("freebsd: kern.arandom syscall failed");
-        return Err(io::Error::last_os_error().into());
+        -1
+    } else {
+        len as libc::ssize_t
     }
-    Ok(len)
 }
 
 pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
-    let mut start = 0;
-    while start < dest.len() {
-        start += kern_arnd(&mut dest[start..])?;
-    }
-    Ok(())
+    fill_exact(dest, kern_arnd)
 }
 
 #[inline(always)]

src/linux_android.rs

@@ -10,45 +10,32 @@
 extern crate std;
 
 use crate::util::LazyBool;
+use crate::util_libc::fill_exact;
 use crate::{use_file, Error};
 use core::num::NonZeroU32;
 use std::io;
 
-fn syscall_getrandom(dest: &mut [u8], block: bool) -> Result<usize, io::Error> {
-    let flags = if block { 0 } else { libc::GRND_NONBLOCK };
-    let ret = unsafe { libc::syscall(libc::SYS_getrandom, dest.as_mut_ptr(), dest.len(), flags) };
-    if ret < 0 {
-        let err = io::Error::last_os_error();
-        if err.raw_os_error() == Some(libc::EINTR) {
-            return Ok(0); // Call was interrupted, try again
-        }
-        error!("Linux getrandom syscall failed with return value {}", ret);
-        return Err(err);
-    }
-    Ok(ret as usize)
-}
-
 pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
     static HAS_GETRANDOM: LazyBool = LazyBool::new();
     if HAS_GETRANDOM.unsync_init(is_getrandom_available) {
-        let mut start = 0;
-        while start < dest.len() {
-            start += syscall_getrandom(&mut dest[start..], true)?;
-        }
-        Ok(())
+        fill_exact(dest, |buf| unsafe {
+            libc::syscall(libc::SYS_getrandom, buf.as_mut_ptr(), buf.len(), 0) as libc::ssize_t
+        })
     } else {
         use_file::getrandom_inner(dest)
     }
 }
 
 fn is_getrandom_available() -> bool {
-    match syscall_getrandom(&mut [], false) {
-        Err(err) => match err.raw_os_error() {
+    let res = unsafe { libc::syscall(libc::SYS_getrandom, 0, 0, libc::GRND_NONBLOCK) };
+    if res < 0 {
+        match io::Error::last_os_error().raw_os_error() {
             Some(libc::ENOSYS) => false, // No kernel support
             Some(libc::EPERM) => false,  // Blocked by seccomp
             _ => true,
-        },
-        Ok(_) => true,
+        }
+    } else {
+        true
     }
 }
 

src/solaris_illumos.rs

@@ -17,13 +17,10 @@
 //! To make sure we can compile on both Solaris and its derivatives, as well as
 //! function, we check for the existance of getrandom(2) in libc by calling
 //! libc::dlsym.
-extern crate std;
-
-use crate::util_libc::Weak;
+use crate::util_libc::{fill_exact, Weak};
 use crate::{use_file, Error};
 use core::mem;
 use core::num::NonZeroU32;
-use std::io;
 
 #[cfg(target_os = "illumos")]
 type GetRandomFn = unsafe extern "C" fn(*mut u8, libc::size_t, libc::c_uint) -> libc::ssize_t;
@@ -37,11 +34,9 @@ pub fn getrandom_inner(dest: &mut [u8]) -> Result<(), Error> {
         // 256 bytes is the lowest common denominator across all the Solaris
         // derived platforms for atomically obtaining random data.
         for chunk in dest.chunks_mut(256) {
-            let ret = unsafe { func(chunk.as_mut_ptr(), chunk.len(), 0) };
-            if ret != chunk.len() as _ {
-                error!("getrandom syscall failed with ret={}", ret);
-                return Err(io::Error::last_os_error().into());
-            }
+            fill_exact(chunk, |buf| unsafe {
+                func(buf.as_mut_ptr(), buf.len(), 0) as libc::ssize_t
+            })?
         }
         Ok(())
     } else {

src/util_libc.rs

@@ -5,9 +5,30 @@
 // <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
 // option. This file may not be copied, modified, or distributed
 // except according to those terms.
+extern crate std;
 
 use crate::util::LazyUsize;
+use crate::Error;
 use core::ptr::NonNull;
+use std::io;
+
+pub fn fill_exact(mut buf: &mut [u8], f: impl Fn(&mut [u8]) -> libc::ssize_t) -> Result<(), Error> {
+    while !buf.is_empty() {
+        let res = f(buf);
+        if res < 0 {
+            let err = io::Error::last_os_error();
+            // We should try again if the call was interrupted.
+            if err.raw_os_error() != Some(libc::EINTR) {
+                return Err(err.into());
+            }
+        } else {
+            // We don't check for EOF (ret = 0) as the data we are reading
+            // should be an infinite stream of random bytes.
+            buf = &mut buf[(res as usize)..];
+        }
+    }
+    Ok(())
+}
 
 // A "weak" binding to a C function that may or may not be present at runtime.
 // Used for supporting newer OS features while still building on older systems.