Saw a mention somewhere a while back that the gotdata() function in
here could creates non-uniformity since very short fetches of 0 would
be excluded.  blocks of 0 are just as random as any other data, including
blocks of 4 4 4..  This is a misguided attempt to identify errors from the
entropy churn/gather code doesn't make sense, errors don't happen.
ok bcook

Based on discussion here https://github.com/libressl-portable/openbsd/pull/82
Suggested fix from jsing@

use fallback mechanims if unsuccessful.
The design of Linux getrandom is broken.  It has an
uninitialized phase coupled with blocking behaviour, which
is unacceptable from within a library at boot time without
possible recovery.
ok deraadt@ jsing@

ok deraadt@

This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github.

Include it if we have the sysctl syscall.

not all versions of <linux/random.h> include <linux/types.h> by default

If getrandom returns a temporary failure, make sure errno is not polluted when
it succeeds. Thanks to deraadt@ for pointing it out.

like the sysctl path

This enables support for the new getrandom(2) syscall in Linux 3.17.
If the call exists and fails, return a failure in getentropy(2) emulation as
well. This adds a EINTR check in case the urandom pool is not initialized.
Tested on Fedora Rawhide with 3.17rc0 and Ubuntu 14.04
ok deraadt@

Also, zero the SHA256 context.
suggested by "eric" in a comment on an opensslrampage.org post
ok miod@ deraadt@

it shows up in libraries.  Even the system call is probably not finalized.
Bit dissapointed it has turned out to be a descriptor-less read() with
EINVAL and EINTR error conditions, but we can work with it.

Linux (such as Ubuntu 12.04LTS) that don't have it yet.  Seems the AT_XXX
defines are pulled in by <link.h> now.
ok beck@

into the hash; hoping the system has some ASLR or PIE.  This replaces and
substantially improves upon &main which proved problematic with some picky
linkers.
Work with kettenis, testing by beck

ok beck

distractions to people testing and seeing link errors in some setups.
This will come back in another form
ok deraadt@

add a function to use function pointers that does not take sizeof(fptr).
OK beck@

keep linux distros happy that don't have it.
ok bcook@

Since we assume the PRNG above is doing "something old, something new"
folding, shortcut and do fewer repeats through the timing loop.
ok beck

use the address, not what it points to (which is always the same)
ok deraadt@

ok deraadt@

by getauxval if we have it.
ok deraadt@

we are running supports it.
from enh@google.com

RANDOM_UUID is an enum member.

names to shorten line lengths
ok beck

ok deraadt@ beck@

/dev/urandom. Does well in the fallback case. Get it in tree so
it can be worked on.
ok otto@ deraadt@