From: Brent Cook <busterb@gmail.com>
To: musl@lists.openwall.com
Subject: Re: getrandom syscall
Date: Wed, 28 Jan 2015 11:43:17 -0600 [thread overview]
Message-ID: <CAPDERwrLPpg4acOM4tAv0xu3dAqSe3EnLUH36homn3mBHEkYrA@mail.gmail.com> (raw)
In-Reply-To: <CAPLrYESb1soQPteGHTUw9z85s=kf36mWLsoT+=+VgE6=WsdZKw@mail.gmail.com>
Here is the wrapper in LibreSSL for getrandom, to hopefully lend to
the discussion:
https://github.com/libressl-portable/openbsd/blob/master/src/lib/libcrypto/crypto/getentropy_linux.c#L194
It tries to avoid a couple of possible issues. FIrst, while <= 256
byte getrandom should not interrupt, it appears that if the kernel
entropy pool has not been initialized yet, it would still return EINTR
if called early enough in the boot process. How likely this is in
practice, I don't know.
Then, to avoid modifying errno even though there was an actual
success, the wrapper restores the previous errno value when it
succeeds.
I just realized that the length check in getentropy_getrandom() is
redundant, since it is checked earlier in getentropy() as well, but
hopefully this is helpful.
If a getentropy() were added to musl libc, but in such a way that it
might fail on older kernels, that would cause some problems with
LibreSSL, and now OpenNTPD. They will both try to use getentropy()
with arc4random() if it is found in a system, and arc4random() will
treat a getentropy() failure as fatal.
Thanks, and good discussion.
next prev parent reply other threads:[~2015-01-28 17:43 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-27 22:12 Daniel Cegiełka
2015-01-28 9:02 ` Szabolcs Nagy
2015-01-28 9:10 ` Daniel Cegiełka
2015-01-28 12:26 ` Szabolcs Nagy
2015-01-28 12:42 ` Daniel Cegiełka
2015-01-28 14:49 ` Rich Felker
2015-01-28 14:54 ` Rich Felker
2015-01-28 15:41 ` Szabolcs Nagy
2015-01-28 15:50 ` Daniel Cegiełka
2015-01-28 16:03 ` Szabolcs Nagy
2015-01-28 16:12 ` Daniel Cegiełka
2015-01-28 16:21 ` Rich Felker
2015-01-28 17:02 ` Daniel Cegiełka
2015-01-28 17:09 ` Daniel Cegiełka
2015-01-28 17:43 ` Brent Cook [this message]
2015-01-28 18:12 ` Daniel Cegiełka
2015-01-28 19:17 ` Rich Felker
2015-01-28 19:33 ` Daniel Cegiełka
2015-01-28 20:20 ` Brent Cook
2015-01-28 22:02 ` Rich Felker
2015-01-28 22:59 ` Josiah Worcester
2015-02-09 20:37 ` Andy Lutomirski
2015-01-28 16:25 ` Daniel Cegiełka
2015-01-28 16:01 ` Daniel Cegiełka
2015-01-28 15:41 ` Daniel Cegiełka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPDERwrLPpg4acOM4tAv0xu3dAqSe3EnLUH36homn3mBHEkYrA@mail.gmail.com \
--to=busterb@gmail.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).