From: Yann Droneaud <ydroneaud@opteya.com>
To: Fernando Gont <fernando@gont.com.ar>,
Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: Libc-help <libc-help@sourceware.org>
Subject: Re: getentropy() vs. getrandom() vs. arc4random()
Date: Thu, 16 Jun 2022 19:27:12 +0200 [thread overview]
Message-ID: <0b0b2cfc-2a9c-86fa-3c61-920dd259cf28@opteya.com> (raw)
In-Reply-To: <04aecb69-30db-f20b-e392-bff8b3fddc67@gont.com.ar>
Hi,
Le 16/06/2022 à 19:12, Fernando Gont a écrit :
>
> On 15/6/22 15:00, Adhemerval Zanella wrote:
> [....]
>>> Is this actually the case?
>>
>> On glibc, getentropy and getrandom both end calling getrandom syscall
>> although with different flags. The getentropy calls getrandom without
>> any flag which in turn get entropy from /dev/urandom. The getrandom
>> function allows us to specify which source you use through
>> GRND_RANDOM flag.
>>
>> Also, getentropy current has a hard limit of maximum of 256 bytes and
>> it is not defined a cancelation entrypoint (so pthread_cancel does
>> not act upon it).
>>
>> So both functions drawn entropy direct from the kernel and with
>> recent Linux random number development to unify both random and
>> urandom the difference might ended up with just getentropy being a
>> cancellation entrypoint.
>
> One question here:
> If getentropy() ends up calling getrandom() to read from /dev/urandom,
> my understanding is that it would never block. Is that correct?
>
getrandom() syscall will block until the kernel CSPRNG is fully
initialized (gathered enough entropy) after system boot.
After that, it will never block and behave like /dev/urandom. The
blocking behavior is mostly a problem for PID 1.
> However, the manpage for getentropy(3) says:
> A call to getentropy() may block if the system has just booted
> and the kernel has not yet collected enough randomness to
> initialize the entropy pool. In this case, getentropy() will
> keep blocking even if a signal is handled, and will return only
> once the entropy pool has been initialized.
>
> Am I missing something?
>
>
> Aside, from what I read in the manual pages, getrandom()/getentropy()
> e.g. does not result in a uniform distribution. So, in other words,
> one can not really use them to comply with the requirements in RFC4086
> (i.e., as a cryptographically secure PRNG), but rather only use it as
> a building block to build such a CSPRNG?
>
Could you provide the part that state the output is not uniformly
distributed ?
Regards.
--
Yann Droneaud
OPTEYA
next prev parent reply other threads:[~2022-06-16 17:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-15 14:24 Fernando Gont
2022-06-15 18:00 ` Adhemerval Zanella
2022-06-15 18:03 ` Noah Goldstein
2022-06-15 20:29 ` Adhemerval Zanella
2022-06-16 17:12 ` Fernando Gont
2022-06-16 17:27 ` Yann Droneaud [this message]
2022-06-16 17:46 ` Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0b0b2cfc-2a9c-86fa-3c61-920dd259cf28@opteya.com \
--to=ydroneaud@opteya.com \
--cc=adhemerval.zanella@linaro.org \
--cc=fernando@gont.com.ar \
--cc=libc-help@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).