On Sun, Dec 17, 2017 at 04:31:27PM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> If we fail to read from /dev/hwrng we may end up writing zeros to
> /dev/urandom (because ‘buf’ is left uninitialized).

Right, the patch I sent wrote the buffer to urandom unconditionally.
It's sloppy when the buffer is uninitialized but does no harm to the
CRNG.

> To address that, perhaps this could be formulated like this:
> 
>   (let ((buf (catch 'system-error
>                (lambda ()
>                  (call-with-input-file "/dev/hwrng"
>                    (lambda (port)
>                      (get-bytevector-n port 512))))
>                (const #f))))
>     (when buf
>       (call-with-output-file "/dev/urandom"
>         (lambda (urandom)
>           (put-bytevector urandom buf)))))

Overall I like this better.

I tested it and catching system-error seems to work for the case when
/dev/hwrng exists but there is nothing actually there.

I noticed you used get-bytevector-n instead of get-bytevector-n!. The
documentation says that the former reads "octets" while the latter reads
"bytes" [0]. I guess there is no difference in practice in 2017, right?

> This also removes the need for the ‘file-exists?’ call.

I don't know what creates /dev/hwrng or under what conditions. I didn't
see it in (gnu build linux-boot). Can we rely on it to exist for all the
versions of Linux we support?