Avoid accessing errno on unexpected return values.

We expect that these system calls will never return anything other
than 0 or -1 but if they do for some reason, then we shouldn't
access `errno`.

Author: briansmith

src/backends/getentropy.rs

@@ -1,5 +1,9 @@
 //! Implementation using getentropy(2)
 //!
+//! When porting to a new target, ensure that its implementation follows the
+//! POSIX conventions from
+//! <https://pubs.opengroup.org/onlinepubs/9799919799/functions/getentropy.html>.
+//!
 //! Available since:
 //!   - macOS 10.12
 //!   - OpenBSD 5.6
@@ -17,11 +21,19 @@ mod utils;
 
 #[inline]
 pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
-    for chunk in dest.chunks_mut(256) {
+    // https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/limits.h.html
+    // says `GETENTROPY_MAX` is at least 256.
+    const GETENTROPY_MAX: usize = 256;
+
+    for chunk in dest.chunks_mut(GETENTROPY_MAX) {
         let ret = unsafe { libc::getentropy(chunk.as_mut_ptr().cast::<c_void>(), chunk.len()) };
         if ret != 0 {
-            let errno = utils::get_errno();
-            return Err(Error::from_errno(errno));
+            let err = if ret == -1 {
+                Error::from_errno(utils::get_errno())
+            } else {
+                Error::from_errno(errno)
+            };
+            return Err(err);
         }
     }
     Ok(())

src/backends/vxworks.rs

@@ -39,8 +39,13 @@ pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
         let p: *mut libc::c_uchar = chunk.as_mut_ptr().cast();
         let ret = unsafe { libc::randABytes(p, chunk_len) };
         if ret != 0 {
-            let errno = unsafe { libc::errnoGet() };
-            return Err(Error::from_errno(errno));
+            let err = if ret == -1 {
+                let errno = unsafe { libc::errnoGet() };
+                Error::from_errno(errno)
+            } else {
+                Error::UNEXPECTED
+            };
+            return Err(err);
         }
     }
     Ok(())