util: Add general low-level random bytes helper

Currently secret_init() open codes getting good quality random bytes from
the OS, either via getrandom(2) or reading /dev/random.  We're going to
add at least one more place that needs random data in future, so make a
general helper for getting random bytes.  While we're there, fix a number
of minor bugs:
 - getrandom() can theoretically return a "short read", so handle that case
 - getrandom() as well as read can return a transient EINTR
 - We would attempt to read data from /dev/random if we failed to open it
   (open() returns -1), but not if we opened it as fd 0 (unlikely, but ok)
 - More specific error reporting

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

passt.c

@@ -36,9 +36,6 @@
 #include <sys/prctl.h>
 #include <netinet/if_ether.h>
 #include <libgen.h>
-#ifdef HAS_GETRANDOM
-#include <sys/random.h>
-#endif
 
 #include "util.h"
 #include "passt.h"
@@ -118,32 +115,7 @@ static void post_handler(struct ctx *c, const struct timespec *now)
  */
 static void secret_init(struct ctx *c)
 {
-#ifndef HAS_GETRANDOM
-	int dev_random = open("/dev/random", O_RDONLY);
-	unsigned int random_read = 0;
-
-	while (dev_random && random_read < sizeof(c->hash_secret)) {
-		int ret = read(dev_random,
-			       (uint8_t *)&c->hash_secret + random_read,
-			       sizeof(c->hash_secret) - random_read);
-
-		if (ret == -1 && errno == EINTR)
-			continue;
-
-		if (ret <= 0)
-			break;
-
-		random_read += ret;
-	}
-	if (dev_random >= 0)
-		close(dev_random);
-
-	if (random_read < sizeof(c->hash_secret))
-#else
-	if (getrandom(&c->hash_secret, sizeof(c->hash_secret),
-		      GRND_RANDOM) < 0)
-#endif /* !HAS_GETRANDOM */
-		die_perror("Failed to get random bytes for hash table and TCP");
+	raw_random(&c->hash_secret, sizeof(c->hash_secret));
 }
 
 /**

util.c

@@ -34,6 +34,9 @@
 #include "passt.h"
 #include "packet.h"
 #include "log.h"
+#ifdef HAS_GETRANDOM
+#include <sys/random.h>
+#endif
 
 /**
  * sock_l4_sa() - Create and bind socket to socket address, add to epoll list
@@ -783,3 +786,54 @@ bool snprintf_check(char *str, size_t size, const char *format, ...)
 
 	return false;
 }
+
+#define DEV_RANDOM	"/dev/random"
+
+/**
+ * raw_random() - Get high quality random bytes
+ * @buf:	Buffer to fill with random bytes
+ * @buflen:	Number of bytes of random data to put in @buf
+ *
+ * Assumes that the random data is essential, and will die() if unable to obtain
+ * it.
+ */
+void raw_random(void *buf, size_t buflen)
+{
+	size_t random_read = 0;
+#ifndef HAS_GETRANDOM
+	int fd = open(DEV_RANDOM, O_RDONLY);
+
+	if (fd < 0)
+		die_perror("Couldn't open %s", DEV_RANDOM);
+#endif
+
+	while (random_read < buflen) {
+		ssize_t ret;
+
+#ifdef HAS_GETRANDOM
+		ret = getrandom((char *)buf + random_read,
+				buflen - random_read, GRND_RANDOM);
+#else
+		ret = read(dev_random, (char *)buf + random_read,
+			   buflen - random_read);
+#endif
+
+		if (ret == -1 && errno == EINTR)
+			continue;
+
+		if (ret < 0)
+			die_perror("Error on random data source");
+
+		if (ret == 0)
+			break;
+
+		random_read += ret;
+	}
+
+#ifndef HAS_GETRANDOM
+	close(dev_random);
+#endif
+
+	if (random_read < buflen)
+		die("Unexpected EOF on random data source");
+}

util.h

@@ -263,6 +263,8 @@ static inline bool mod_between(unsigned x, unsigned i, unsigned j, unsigned m)
 /* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */
 #define FPRINTF(f, ...)	(void)fprintf(f, __VA_ARGS__)
 
+void raw_random(void *buf, size_t buflen);
+
 /*
  * Workarounds for https://github.com/llvm/llvm-project/issues/58992
  *