From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6922 Path: news.gmane.org!not-for-mail From: Josiah Worcester Newsgroups: gmane.linux.lib.musl.general Subject: Re: getrandom syscall Date: Wed, 28 Jan 2015 16:59:13 -0600 Message-ID: References: <20150128154108.GH32318@port70.net> <20150128160352.GI32318@port70.net> <20150128162104.GJ4574@brightrain.aerifal.cx> <20150128191746.GK4574@brightrain.aerifal.cx> <3AC86046-063E-4437-9BF6-F411E7C8C6E9@gmail.com> <20150128220229.GL4574@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: ger.gmane.org 1422485969 25278 80.91.229.3 (28 Jan 2015 22:59:29 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 28 Jan 2015 22:59:29 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-6935-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jan 28 23:59:29 2015 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1YGba3-0002Wb-JO for gllmg-musl@m.gmane.org; Wed, 28 Jan 2015 23:59:27 +0100 Original-Received: (qmail 12198 invoked by uid 550); 28 Jan 2015 22:59:26 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 12188 invoked from network); 28 Jan 2015 22:59:25 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=+wfOw4ODYkZfB8FkY3VW58wac0Mayy37gg//IjIKTLI=; b=kCcowRSysAqn9VPdyqsvPIAcutg+cfZ2bE9cZTlQ1rKVEVYWndVyWoUmqRD7Vq0A2N A+y3PO7LAZgb284XLAyrDoQ7MKz0tru2fiMbHP4CoCMC/5vReoL4nURoXQNyPywZ0kIQ GFo0jp2+AY5qAnpNMmueJrYV1blq2VsA3pclJIJA++2bFUmdbKqod8dYNu4vIrb/6QEn HmgH/oi1yGerTZDRqxeSXfCXpRhgEAWeICE7s4945G1XqGV/h1M4PF8oHwBm0CMg6xRK 9vVqW3OktQ4KVJ43jK3Aq0pdyWUsMV6NT0zspWOkKkyUbP+hjK1XEpAWxoFEaa52SVu3 /HIQ== X-Received: by 10.202.73.141 with SMTP id w135mr3566212oia.37.1422485953758; Wed, 28 Jan 2015 14:59:13 -0800 (PST) In-Reply-To: <20150128220229.GL4574@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:6922 Archived-At: On Wed, Jan 28, 2015 at 4:02 PM, Rich Felker wrote: > > At this point I think what's clear is that we should provide the > syscall wrapper for getrandom. What to do with getentropy is less > clear, and it looks to be a fair bit of work/code-size to get a robust > getentropy suitable for application usage. > > I don't want to copy the idiotic stuff libressl is doing, but I think > the following fallback sequence would be reasonable: For what it's worth the libressl stuff is nowhere near as idiotic as what was there previously (though is still a bunch of stuff that is at least theoretically determinable) > 1. Try SYS_getrandom. Fails on even mildly-old kernels. > > 2. Try opening /dev/urandom. Fails under fd pressure or broken > chroots/containers/lsms/etc. > > 3. Try AT_RANDOM+CSPRNG. Fails on ancient (what version?) kernels. 2.6.29+ have AT_RANDOM. > I don't know what to after that, but I suspect/hope that any kernel > too old to have AT_RANDOM is full of so many gaping security holes > that lack of working entropy source is the least of anyone's problems. 2.6.12 and possibly earlier appears to have the RANDOM_UUID sysctl, if you wish to use that. > As for CSPRNG, what would be acceptably small and secure? CTR mode > using a block cipher and AT_RANDOM as the key? Could we reuse crypto > code out of crypt/*.c? Or just call crypt_r directly? > > Rich