On Fri, Jul 29, 2016 at 7:40 AM, Stephan Mueller [off-list ref] wrote:

And finally, you have a coding error that is very very common but fatal when
reading from /dev/random: you do not account for short reads which implies
that your loop continues even in the case of short reads.

Fix your code with something like the following:
int read_random(char *buf, size_t buflen)
{
        int fd = 0;
        ssize_t ret = 0;
        size_t len = 0;

        fd = open("/dev/random", O_RDONLY|O_CLOEXEC);
        if(0 > fd)
                return fd;
        do {
                ret = read(fd, (buf + len), (buflen - len));
                if (0 < ret)
                        len += ret;
        } while ((0 < ret || EINTR == errno || ERESTART == errno)
                 && buflen > len);

Unless there is a documentation error, the same is required when using
getrandom(). It can also return short as well as to be interrupted.

regards,
Nikos