Re: getrandom syscall

["Daniel Cegiełka" <daniel.cegielka@gmail.com>]

2015-01-28 18:43 GMT+01:00 Brent Cook <busterb@gmail.com>:
> Here is the wrapper in LibreSSL for getrandom, to hopefully lend to
> the discussion:
>
> https://github.com/libressl-portable/openbsd/blob/master/src/lib/libcrypto/crypto/getentropy_linux.c#L194
>
> It tries to avoid a couple of possible issues. FIrst, while <= 256
> byte getrandom should not interrupt, it appears that if the kernel
> entropy pool has not been initialized yet, it would still return EINTR
> if called early enough in the boot process. How likely this is in
> practice, I don't know.
>
> Then, to avoid modifying errno even though there was an actual
> success, the wrapper restores the previous errno value when it
> succeeds.
>
> I just realized that the length check in getentropy_getrandom() is
> redundant, since it is checked earlier in getentropy() as well, but
> hopefully this is helpful.
>
> If a getentropy() were added to musl libc, but in such a way that it
> might fail on older kernels, that would cause some problems with
> LibreSSL, and now OpenNTPD. They will both try to use getentropy()
> with arc4random() if it is found in a system, and arc4random() will
> treat a getentropy() failure as fatal.

Thank you for your feedback. That's right, arc4random() sometimes
ended with an abort() and this is a huge problem. I used  /dev/urandom
as a source of entropy for arc4random(), but it can fail (eg. in a
chroot), so if arc4random() calls abort(), then the whole process
ends.

btw. thanks for your work on OpenNTPD. I was planning to send an
adjtimex() patch, but I see that you already did:

https://github.com/openntpd-portable/openntpd-portable/commit/eeb97529cd5a332a69a312687e41939eb17f7a81

Daniel

> Thanks, and good discussion.