* [PATCH] [RFC] initial getrandom wrapper to provide getentropy for LibreSSL
@ 2014-07-18 6:49 Brent Cook
2014-07-18 13:09 ` Brent Cook
0 siblings, 1 reply; 4+ messages in thread
From: Brent Cook @ 2014-07-18 6:49 UTC (permalink / raw)
To: linux-kernel; +Cc: Brent Cook
From: Brent Cook <bcook@openbsd.org>
This is not a kernel patch, but rather an initial test of the API to see
how it might mesh LibreSSL's expectations for how getentropy works.
It is a bit more code to carefully handle the extra return values, as
not reading enough bytes, because there is an unhandled EINTR, might
lead to an unseeded CSPRNG.
The syscall may return EAGAIN depending on the version of getrandom(2)
(this will go away later), but this should give a good example of what
its use would look like in practice.
---
src/lib/libcrypto/crypto/getentropy_linux.c | 42 ++++++++++++++++++++++++++++-
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/src/lib/libcrypto/crypto/getentropy_linux.c b/src/lib/libcrypto/crypto/getentropy_linux.c
index c16b289..b717d91 100644
--- a/src/lib/libcrypto/crypto/getentropy_linux.c
+++ b/src/lib/libcrypto/crypto/getentropy_linux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: getentropy_linux.c,v 1.24 2014/07/13 13:37:38 deraadt Exp $ */
+/* $OpenBSD: getentropy_linux.c,v 1.25 2014/07/16 14:26:47 kettenis Exp $ */
/*
* Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
@@ -73,10 +73,21 @@
int getentropy(void *buf, size_t len);
+#ifndef SYS__getrandom
+#ifdef __LP64__
+#define SYS__getrandom 317
+#else
+#define SYS__getrandom 354
+#endif
+#endif
+
#if 0
extern int main(int, char *argv[]);
#endif
static int gotdata(char *buf, size_t len);
+#ifdef SYS__getrandom
+static int getentropy_getrandom(void *buf, size_t len);
+#endif
static int getentropy_urandom(void *buf, size_t len);
#ifdef CTL_MAXNAME
static int getentropy_sysctl(void *buf, size_t len);
@@ -95,6 +106,13 @@ getentropy(void *buf, size_t len)
}
/*
+ * Brand new system call in Linux. Interface not yet settled.
+ */
+ ret = getentropy_getrandom(buf, len);
+ if (ret != -1)
+ return (ret);
+
+ /*
* Try to get entropy with /dev/urandom
*
* This can fail if the process is inside a chroot or if file
@@ -180,6 +198,28 @@ gotdata(char *buf, size_t len)
}
static int
+getentropy_getrandom(void *buf, size_t len)
+{
+ size_t i = 0;
+
+#ifdef SYS__getrandom
+ ssize_t ret;
+
+ for (i = 0; i < len; ) {
+ size_t wanted = len - i;
+ ret = syscall(SYS__getrandom, (char *)buf + i, wanted, 0);
+ if (ret == -1) {
+ if (errno == EAGAIN || errno == EINTR)
+ continue;
+ return (-1);
+ }
+ i += ret;
+ }
+#endif
+ return (i == len ? 0 : -1);
+}
+
+static int
getentropy_urandom(void *buf, size_t len)
{
struct stat st;
--
2.0.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] [RFC] initial getrandom wrapper to provide getentropy for LibreSSL
2014-07-18 6:49 [PATCH] [RFC] initial getrandom wrapper to provide getentropy for LibreSSL Brent Cook
@ 2014-07-18 13:09 ` Brent Cook
2014-07-18 16:19 ` Theodore Ts'o
0 siblings, 1 reply; 4+ messages in thread
From: Brent Cook @ 2014-07-18 13:09 UTC (permalink / raw)
To: linux-kernel; +Cc: tytso
On Jul 18, 2014, at 1:49 AM, Brent Cook <busterb@gmail.com> wrote:
> From: Brent Cook <bcook@openbsd.org>
>
> This is not a kernel patch, but rather an initial test of the API to see
> how it might mesh LibreSSL's expectations for how getentropy works.
>
> It is a bit more code to carefully handle the extra return values, as
> not reading enough bytes, because there is an unhandled EINTR, might
> lead to an unseeded CSPRNG.
>
> The syscall may return EAGAIN depending on the version of getrandom(2)
> (this will go away later), but this should give a good example of what
> its use would look like in practice.
While I think we can wrap the currently-proposed getrandom() interface to provide a safe emulation of getentropy()’s semantics, I would not be surprised to eventually find software that gets it wrong.
I am a little concerned that the interface is evolving into a Bradley Fighting Vehicle :)
https://www.youtube.com/watch?v=aXQ2lO3ieBA
> ---
> src/lib/libcrypto/crypto/getentropy_linux.c | 42 ++++++++++++++++++++++++++++-
> 1 file changed, 41 insertions(+), 1 deletion(-)
>
> diff --git a/src/lib/libcrypto/crypto/getentropy_linux.c b/src/lib/libcrypto/crypto/getentropy_linux.c
> index c16b289..b717d91 100644
> --- a/src/lib/libcrypto/crypto/getentropy_linux.c
> +++ b/src/lib/libcrypto/crypto/getentropy_linux.c
> @@ -1,4 +1,4 @@
> -/* $OpenBSD: getentropy_linux.c,v 1.24 2014/07/13 13:37:38 deraadt Exp $ */
> +/* $OpenBSD: getentropy_linux.c,v 1.25 2014/07/16 14:26:47 kettenis Exp $ */
>
> /*
> * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
> @@ -73,10 +73,21 @@
>
> int getentropy(void *buf, size_t len);
>
> +#ifndef SYS__getrandom
> +#ifdef __LP64__
> +#define SYS__getrandom 317
> +#else
> +#define SYS__getrandom 354
> +#endif
> +#endif
> +
> #if 0
> extern int main(int, char *argv[]);
> #endif
> static int gotdata(char *buf, size_t len);
> +#ifdef SYS__getrandom
> +static int getentropy_getrandom(void *buf, size_t len);
> +#endif
> static int getentropy_urandom(void *buf, size_t len);
> #ifdef CTL_MAXNAME
> static int getentropy_sysctl(void *buf, size_t len);
> @@ -95,6 +106,13 @@ getentropy(void *buf, size_t len)
> }
>
> /*
> + * Brand new system call in Linux. Interface not yet settled.
> + */
> + ret = getentropy_getrandom(buf, len);
> + if (ret != -1)
> + return (ret);
> +
> + /*
> * Try to get entropy with /dev/urandom
> *
> * This can fail if the process is inside a chroot or if file
> @@ -180,6 +198,28 @@ gotdata(char *buf, size_t len)
> }
>
> static int
> +getentropy_getrandom(void *buf, size_t len)
> +{
> + size_t i = 0;
> +
> +#ifdef SYS__getrandom
> + ssize_t ret;
> +
> + for (i = 0; i < len; ) {
> + size_t wanted = len - i;
> + ret = syscall(SYS__getrandom, (char *)buf + i, wanted, 0);
> + if (ret == -1) {
> + if (errno == EAGAIN || errno == EINTR)
> + continue;
> + return (-1);
> + }
> + i += ret;
> + }
> +#endif
> + return (i == len ? 0 : -1);
> +}
> +
> +static int
> getentropy_urandom(void *buf, size_t len)
> {
> struct stat st;
> --
> 2.0.1
>
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] [RFC] initial getrandom wrapper to provide getentropy for LibreSSL
2014-07-18 13:09 ` Brent Cook
@ 2014-07-18 16:19 ` Theodore Ts'o
2014-07-18 16:33 ` Brent Cook
0 siblings, 1 reply; 4+ messages in thread
From: Theodore Ts'o @ 2014-07-18 16:19 UTC (permalink / raw)
To: Brent Cook; +Cc: linux-kernel
On Fri, Jul 18, 2014 at 08:09:52AM -0500, Brent Cook wrote:
> On Jul 18, 2014, at 1:49 AM, Brent Cook <busterb@gmail.com> wrote:
>
> > From: Brent Cook <bcook@openbsd.org>
> >
> > This is not a kernel patch, but rather an initial test of the API to see
> > how it might mesh LibreSSL's expectations for how getentropy works.
> >
> > It is a bit more code to carefully handle the extra return values, as
> > not reading enough bytes, because there is an unhandled EINTR, might
> > lead to an unseeded CSPRNG.
Take a look at the latest patch for getrandom. It contains a
suggested wrapper which should be sufficient for emulation of
OpenBSD's getentropy(), and a lot of discussion of when you don't need
to worry about getting the EINTR.
http://lists.openwall.net/linux-kernel/2014/07/18/329
Again, please don't commit anything until the syscall number and
interface is finalized. What is out here is for review, and I already
have in the git commit a suggested wrapper to provide getentropy(2).
If you don't think it's good enough, please let me know what your
concerns might be. (And yes, I've fixed the obvious missing open
brace already. :-)
- Ted
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] [RFC] initial getrandom wrapper to provide getentropy for LibreSSL
2014-07-18 16:19 ` Theodore Ts'o
@ 2014-07-18 16:33 ` Brent Cook
0 siblings, 0 replies; 4+ messages in thread
From: Brent Cook @ 2014-07-18 16:33 UTC (permalink / raw)
To: Theodore Ts'o; +Cc: linux-kernel
On Jul 18, 2014, at 11:19 AM, Theodore Ts'o <tytso@mit.edu> wrote:
> On Fri, Jul 18, 2014 at 08:09:52AM -0500, Brent Cook wrote:
>> On Jul 18, 2014, at 1:49 AM, Brent Cook <busterb@gmail.com> wrote:
>>
>>> From: Brent Cook <bcook@openbsd.org>
>>>
>>> This is not a kernel patch, but rather an initial test of the API to see
>>> how it might mesh LibreSSL's expectations for how getentropy works.
>>>
>>> It is a bit more code to carefully handle the extra return values, as
>>> not reading enough bytes, because there is an unhandled EINTR, might
>>> lead to an unseeded CSPRNG.
>
> Take a look at the latest patch for getrandom. It contains a
> suggested wrapper which should be sufficient for emulation of
> OpenBSD's getentropy(), and a lot of discussion of when you don't need
> to worry about getting the EINTR.
>
> http://lists.openwall.net/linux-kernel/2014/07/18/329
>
> Again, please don't commit anything until the syscall number and
> interface is finalized. What is out here is for review, and I already
> have in the git commit a suggested wrapper to provide getentropy(2).
> If you don't think it's good enough, please let me know what your
> concerns might be. (And yes, I've fixed the obvious missing open
> brace already. :-)
>
> - Ted
Ah, that looks good to me.
I had just stubbed in the placeholder numbers for local testing purposes, no problem holding until it is finalized.
Thanks!
- Brent
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-07-18 16:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-18 6:49 [PATCH] [RFC] initial getrandom wrapper to provide getentropy for LibreSSL Brent Cook
2014-07-18 13:09 ` Brent Cook
2014-07-18 16:19 ` Theodore Ts'o
2014-07-18 16:33 ` Brent Cook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.