From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236]) by sourceware.org (Postfix) with ESMTPS id 74DDA3858CDA for ; Tue, 26 Jul 2022 01:10:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 74DDA3858CDA Received: by mail-oi1-x236.google.com with SMTP id n206so15460337oia.6 for ; Mon, 25 Jul 2022 18:10:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=P//9YslxSg0bCM7OInCyxs68DQsmujiF20lhQqTd+fM=; b=iotov9nWO6M8GXcIBR+4Y4diGs2Yl7t5vi7RsGlmJqodrZ0WMwHec9CyFWVs0W6bb9 eicAHbfNhiMyMkFgmlxPqiWS2Fs6RxDj18n8AhbMSU4ZQGz7GjCbaOzLy5kDKAEcRq+m IAjYyJObkWsa0np2IW2/nQQ/3immfZ/n9WuJT5lBrG4af9AdzYt+0lbgRBP5HkABsNUa zUPoOV1OZ3ouiSy7RTpY05mNYUUVQrd0tjcAVQuf9KXiiLfySv+qYZhRmVX+Bg4N1gbh hdN8wC5B0xCre8IbR/S5QeqxubFYPhtD87tIkZwRGBRHBcKA9Vx7k68OBkev80Kcuxl8 mQEg== X-Gm-Message-State: AJIora/+t2+eY+tRc5yULdd6vAsxP9OgeCedSvhzjvQaW4sLqsgLUeBK /JUAZ/PDMrjwkC2cpC0U2YFdfUdBrcUJfRLV2IY= X-Google-Smtp-Source: AGRyM1sLAXqvTUzm/QUqgW1tI5ulvclyuwh658EK2d9nP+ocqw4QSNWkChDqNZXZLdFm3+Sa4ErBcN7cPJCSYZjEn8E= X-Received: by 2002:a05:6808:1313:b0:33a:b979:b2c6 with SMTP id y19-20020a056808131300b0033ab979b2c6mr8346963oiv.37.1658797816867; Mon, 25 Jul 2022 18:10:16 -0700 (PDT) MIME-Version: 1.0 References: <20220725225728.824128-1-Jason@zx2c4.com> <20220725232810.843433-1-Jason@zx2c4.com> In-Reply-To: <20220725232810.843433-1-Jason@zx2c4.com> From: Mark Harris Date: Mon, 25 Jul 2022 18:10:06 -0700 Message-ID: Subject: Re: [PATCH v2] arc4random: simplify design for better safety To: "Jason A. Donenfeld" Cc: libc-alpha@sourceware.org, Florian Weimer , linux-crypto@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Jul 2022 01:10:18 -0000 Jason A. Donenfeld wrote: > + l = __getrandom_nocancel (p, n, 0); > + if (l > 0) > + { > + if ((size_t) l == n) > + return; /* Done reading, success. */ > + p = (uint8_t *) p + l; > + n -= l; > + continue; /* Interrupted by a signal; keep going. */ > + } > + else if (l == 0) > + arc4random_getrandom_failure (); /* Weird, should never happen. */ > + else if (errno == ENOSYS) > + { > + have_getrandom = false; > + break; /* No syscall, so fallback to /dev/urandom. */ > + } > + arc4random_getrandom_failure (); /* Unknown error, should never happen. */ Isn't EINTR also possible? Aborting in that case does not seem reasonable. Also the __getrandom_nocancel function does not set errno on Linux; it just returns INTERNAL_SYSCALL_CALL (getrandom, buf, buflen, flags). So unless that is changed, it doesn't look like this ENOSYS check will detect old Linux kernels. > + struct pollfd pfd = { .events = POLLIN }; > + pfd.fd = TEMP_FAILURE_RETRY ( > + __open64_nocancel ("/dev/random", O_RDONLY | O_CLOEXEC | O_NOCTTY)); > + if (pfd.fd < 0) > + arc4random_getrandom_failure (); > + if (__poll (&pfd, 1, -1) < 0) > + arc4random_getrandom_failure (); > + if (__close_nocancel (pfd.fd) < 0) > + arc4random_getrandom_failure (); The TEMP_FAILURE_RETRY handles EINTR on open, but __poll can also result in EINTR. - Mark