Mbedtls_entropy_gather blocks

getrandom() syscall blocks when there’s not enough entropy in the pool(refer to man 2 getrandom). As a result, mbedtls_entropy_gather() can block in certain conditions eg: right after boot.

The fallback code involves opening /dev/urandom. This method never results in blocking of the calling thread. Refer to man 7 random for more info.

Blocking the caller is never an option. Call the syscall with GRND_NONBLOCK.

Decide whether the function should fail in the event of low entropy. Many applications like dropbear does not really care about entropy when reading /dev/urandom so I don’t think it should.

The safe bet is not using getrandom() at all if you want pre 3.17.x kernel support.