From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by sourceware.org (Postfix) with ESMTPS id 4DD1D3858CDA for ; Mon, 25 Jul 2022 23:11:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4DD1D3858CDA Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 675C4B81017; Mon, 25 Jul 2022 23:11:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 79A57C341C6; Mon, 25 Jul 2022 23:11:28 +0000 (UTC) Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 0756cbc2 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Mon, 25 Jul 2022 23:11:26 +0000 (UTC) Date: Tue, 26 Jul 2022 01:11:24 +0200 From: "Jason A. Donenfeld" To: libc-alpha@sourceware.org Cc: Adhemerval Zanella Netto , Florian Weimer , Cristian =?utf-8?Q?Rodr=C3=ADguez?= , Paul Eggert , linux-crypto@vger.kernel.org Subject: Re: [PATCH] arc4random: simplify design for better safety Message-ID: References: <20220725225728.824128-1-Jason@zx2c4.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220725225728.824128-1-Jason@zx2c4.com> X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Jul 2022 23:11:33 -0000 If you're just following along on the mailing list, without actively trying to apply this to a glibc tree, that diff might be hard to read. The meat of it is the below function implementation. Notably this is basically the same as systemd's crypto_random_bytes() (which I recently rewrote there). void __arc4random_buf (void *p, size_t n) { static bool have_getrandom = true, seen_initialized = false; int fd; if (n == 0) return; for (;;) { ssize_t l; if (!have_getrandom) break; l = __getrandom_nocancel (p, n, 0); if (l > 0) { if ((size_t) l == n) return; /* Done reading, success. */ p = (uint8_t *) p + l; n -= l; continue; /* Interrupted by a signal; keep going. */ } else if (l == 0) arc4random_getrandom_failure (); /* Weird, should never happen. */ else if (errno == ENOSYS) { have_getrandom = false; break; /* No syscall, so fallback to /dev/urandom. */ } arc4random_getrandom_failure (); /* Unknown other error, should never happen. */ } if (!seen_initialized) { struct pollfd pfd = { .events = POLLIN }; pfd.fd = TEMP_FAILURE_RETRY (__open64_nocancel ("/dev/random", O_RDONLY | O_CLOEXEC | O_NOCTTY)); if (pfd.fd < 0) arc4random_getrandom_failure (); if (__poll(&pfd, 1, -1) < 0) arc4random_getrandom_failure (); if (__close_nocancel(pfd.fd) < 0) arc4random_getrandom_failure (); seen_initialized = true; } fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC | O_NOCTTY); if (fd < 0) arc4random_getrandom_failure (); while (n) { ssize_t l = TEMP_FAILURE_RETRY (__read_nocancel (fd, p, n)); if (l <= 0) arc4random_getrandom_failure (); p = (uint8_t *) p + l; n -= l; } if (__close_nocancel (fd) < 0) arc4random_getrandom_failure (); } libc_hidden_def (__arc4random_buf) weak_alias (__arc4random_buf, arc4random_buf)