From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-alpha-return-71358-listarch-libc-alpha=sources.redhat.com@sourceware.org>
Received: (qmail 96568 invoked by alias); 30 Jun 2016 12:03:58 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Received: (qmail 96551 invoked by uid 89); 30 Jun 2016 12:03:57 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.8 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:937, paper
X-HELO: mailbackend.panix.com
X-Gm-Message-State: ALyK8tL3gDCLGtx6Wr0cuBTgAHo1V1BbUqlKwoTFPY1TmcDMyfmmN4FKizgygibtSwseD70MKUaOSDD4f872dQ==
X-Received: by 10.28.181.80 with SMTP id e77mr27632840wmf.24.1467288232773;
 Thu, 30 Jun 2016 05:03:52 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <88371300-c533-9886-f1de-e34f17f7cbb4@redhat.com>
References: <20160610210303.6CE3E40141175@oldenburg.str.redhat.com> <88371300-c533-9886-f1de-e34f17f7cbb4@redhat.com>
From: Zack Weinberg <zackw@panix.com>
Date: Thu, 30 Jun 2016 12:03:00 -0000
X-Gmail-Original-Message-ID: <CAKCAbMj6u-BFFdRV-VN5=C2YTM5jWE=9nJnEB0BoPT+Nu0nNAw@mail.gmail.com>
Message-ID: <CAKCAbMj6u-BFFdRV-VN5=C2YTM5jWE=9nJnEB0BoPT+Nu0nNAw@mail.gmail.com>
Subject: Re: [PATCH v2] Add getrandom implementation [BZ #17252]
To: Florian Weimer <fweimer@redhat.com>
Cc: GNU C Library <libc-alpha@sourceware.org>
Content-Type: text/plain; charset=UTF-8
X-SW-Source: 2016-06/txt/msg01279.txt.bz2

On Mon, Jun 27, 2016 at 11:07 AM, Florian Weimer <fweimer@redhat.com> wrote:
> The attached patch does not attempt to make it less likely that the
> getrandom emulation will fail.  The file descriptor is kept open only for
> the duration of the call.  I move the declaration to <sys/random.h> (a new
> file) and added some documentation.

I think it would be better to expose getrandom() as a completely
unadorned syscall.  No fallback and no attempt to paper over any of
the infelicities of the kernel interface.

This is because, what with the delay in adding this to libc, there's
existing code now that makes the system call directly.  We want people
to be able to just swap in the libc wrapper without having to worry
about behavior differences.

A reliable cryptographic RNG should _also_ be added, but under a
different name.  I'd vote for cloning the BSD arc4random() API.

zw