From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: Yann Droneaud <ydroneaud@opteya.com>
Cc: Fernando Gont <fernando@gont.com.ar>,
Libc-help <libc-help@sourceware.org>
Subject: Re: getentropy() vs. getrandom() vs. arc4random()
Date: Thu, 16 Jun 2022 10:46:21 -0700 [thread overview]
Message-ID: <5958FDBD-9BE5-46A4-86FB-BDCBD2238CB6@linaro.org> (raw)
In-Reply-To: <0b0b2cfc-2a9c-86fa-3c61-920dd259cf28@opteya.com>
> On 16 Jun 2022, at 10:27, Yann Droneaud <ydroneaud@opteya.com> wrote:
>
> Hi,
>
> Le 16/06/2022 à 19:12, Fernando Gont a écrit :
>>
>> On 15/6/22 15:00, Adhemerval Zanella wrote:
>> [....]
>>>> Is this actually the case?
>>>
>>> On glibc, getentropy and getrandom both end calling getrandom syscall
>>> although with different flags. The getentropy calls getrandom without
>>> any flag which in turn get entropy from /dev/urandom. The getrandom
>>> function allows us to specify which source you use through
>>> GRND_RANDOM flag.
>>>
>>> Also, getentropy current has a hard limit of maximum of 256 bytes and
>>> it is not defined a cancelation entrypoint (so pthread_cancel does
>>> not act upon it).
>>>
>>> So both functions drawn entropy direct from the kernel and with
>>> recent Linux random number development to unify both random and
>>> urandom the difference might ended up with just getentropy being a
>>> cancellation entrypoint.
>>
>> One question here:
>> If getentropy() ends up calling getrandom() to read from /dev/urandom, my understanding is that it would never block. Is that correct?
>>
>
> getrandom() syscall will block until the kernel CSPRNG is fully initialized (gathered enough entropy) after system boot.
>
> After that, it will never block and behave like /dev/urandom. The blocking behavior is mostly a problem for PID 1.
Yes, and getrandom does not *read* /dev/urandom in the sense that it uses a file
descriptor to do so (I think it is worth to make it clear).
And I think kernel is trying to improve this on recent releases, although I do not
know the current status.
>
>
>> However, the manpage for getentropy(3) says:
>> A call to getentropy() may block if the system has just booted
>> and the kernel has not yet collected enough randomness to
>> initialize the entropy pool. In this case, getentropy() will
>> keep blocking even if a signal is handled, and will return only
>> once the entropy pool has been initialized.
>>
>> Am I missing something?
>>
>>
>> Aside, from what I read in the manual pages, getrandom()/getentropy() e.g. does not result in a uniform distribution. So, in other words, one can not really use them to comply with the requirements in RFC4086 (i.e., as a cryptographically secure PRNG), but rather only use it as a building block to build such a CSPRNG?
>>
>
> Could you provide the part that state the output is not uniformly distributed ?
Indeed it is also new to me.
prev parent reply other threads:[~2022-06-16 17:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-15 14:24 Fernando Gont
2022-06-15 18:00 ` Adhemerval Zanella
2022-06-15 18:03 ` Noah Goldstein
2022-06-15 20:29 ` Adhemerval Zanella
2022-06-16 17:12 ` Fernando Gont
2022-06-16 17:27 ` Yann Droneaud
2022-06-16 17:46 ` Adhemerval Zanella [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5958FDBD-9BE5-46A4-86FB-BDCBD2238CB6@linaro.org \
--to=adhemerval.zanella@linaro.org \
--cc=fernando@gont.com.ar \
--cc=libc-help@sourceware.org \
--cc=ydroneaud@opteya.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).