};
static random_fn random_generate;
-static bool_t random_generate(void *data, int32_t bytes, uint8_t *buff)
+static void random_generate(void *data, int32_t bytes, uint8_t *buff)
{
struct rgen_data *st=data;
int r;
r= read(st->fd,buff,bytes);
assert(r == bytes);
- /* This is totally crap error checking, but AFAICT many callers of
- * this function do not check the return value. This is a minimal
- * change to make the code not fail silently-but-insecurely.
- *
- * A proper fix requires either:
- * - Declare all random number generation failures as fatal
- * errors, and make this return void, and fix all callers,
- * and make this call some appropriate function if it fails.
- * - Make this have proper error checking (and reporting!)
- * and make all callers check the error (and report!);
- * this will be tricky, I think, because you have to report
- * the errno somewhere.
- *
- * There's also the issue that this is only one possible
- * implementation of a random number source; others may not rely
- * on reading from a file descriptor, and may not produce
- * appropriate settings of errno.
+ /* This is totally crap error checking, but callers of
+ * this function do not check the return value and dealing
+ * with failure of this everywhere would be very inconvenient.
*/
-
- return True;
}
static list_t *random_apply(closure_t *self, struct cloc loc,
/* RANDOMSRC interface */
-/* Return some random data. Returns TRUE for success. */
-typedef bool_t random_fn(void *st, int32_t bytes, uint8_t *buff);
+/* Return some random data. Cannot fail. */
+typedef void random_fn(void *st, int32_t bytes, uint8_t *buff);
struct random_if {
void *st;
~mdw / secnet / commitdiff