| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Jul 2014 08:09:52 -0500
From: Brent Cook <busterb@...il.com>
To: linux-kernel@...r.kernel.org
Cc: tytso@....edu
Subject: Re: [PATCH] [RFC] initial getrandom wrapper to provide getentropy for LibreSSL
On Jul 18, 2014, at 1:49 AM, Brent Cook <busterb@...il.com> wrote:
> From: Brent Cook <bcook@...nbsd.org>
>
> This is not a kernel patch, but rather an initial test of the API to see
> how it might mesh LibreSSL's expectations for how getentropy works.
>
> It is a bit more code to carefully handle the extra return values, as
> not reading enough bytes, because there is an unhandled EINTR, might
> lead to an unseeded CSPRNG.
>
> The syscall may return EAGAIN depending on the version of getrandom(2)
> (this will go away later), but this should give a good example of what
> its use would look like in practice.
While I think we can wrap the currently-proposed getrandom() interface to provide a safe emulation of getentropy()’s semantics, I would not be surprised to eventually find software that gets it wrong.
I am a little concerned that the interface is evolving into a Bradley Fighting Vehicle :)
https://www.youtube.com/watch?v=aXQ2lO3ieBA
> ---
> src/lib/libcrypto/crypto/getentropy_linux.c | 42 ++++++++++++++++++++++++++++-
> 1 file changed, 41 insertions(+), 1 deletion(-)
>
> diff --git a/src/lib/libcrypto/crypto/getentropy_linux.c b/src/lib/libcrypto/crypto/getentropy_linux.c
> index c16b289..b717d91 100644
> --- a/src/lib/libcrypto/crypto/getentropy_linux.c
> +++ b/src/lib/libcrypto/crypto/getentropy_linux.c
> @@ -1,4 +1,4 @@
> -/* $OpenBSD: getentropy_linux.c,v 1.24 2014/07/13 13:37:38 deraadt Exp $ */
> +/* $OpenBSD: getentropy_linux.c,v 1.25 2014/07/16 14:26:47 kettenis Exp $ */
>
> /*
> * Copyright (c) 2014 Theo de Raadt <deraadt@...nbsd.org>
> @@ -73,10 +73,21 @@
>
> int getentropy(void *buf, size_t len);
>
> +#ifndef SYS__getrandom
> +#ifdef __LP64__
> +#define SYS__getrandom 317
> +#else
> +#define SYS__getrandom 354
> +#endif
> +#endif
> +
> #if 0
> extern int main(int, char *argv[]);
> #endif
> static int gotdata(char *buf, size_t len);
> +#ifdef SYS__getrandom
> +static int getentropy_getrandom(void *buf, size_t len);
> +#endif
> static int getentropy_urandom(void *buf, size_t len);
> #ifdef CTL_MAXNAME
> static int getentropy_sysctl(void *buf, size_t len);
> @@ -95,6 +106,13 @@ getentropy(void *buf, size_t len)
> }
>
> /*
> + * Brand new system call in Linux. Interface not yet settled.
> + */
> + ret = getentropy_getrandom(buf, len);
> + if (ret != -1)
> + return (ret);
> +
> + /*
> * Try to get entropy with /dev/urandom
> *
> * This can fail if the process is inside a chroot or if file
> @@ -180,6 +198,28 @@ gotdata(char *buf, size_t len)
> }
>
> static int
> +getentropy_getrandom(void *buf, size_t len)
> +{
> + size_t i = 0;
> +
> +#ifdef SYS__getrandom
> + ssize_t ret;
> +
> + for (i = 0; i < len; ) {
> + size_t wanted = len - i;
> + ret = syscall(SYS__getrandom, (char *)buf + i, wanted, 0);
> + if (ret == -1) {
> + if (errno == EAGAIN || errno == EINTR)
> + continue;
> + return (-1);
> + }
> + i += ret;
> + }
> +#endif
> + return (i == len ? 0 : -1);
> +}
> +
> +static int
> getentropy_urandom(void *buf, size_t len)
> {
> struct stat st;
> --
> 2.0.1
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists