[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: getrandom vs. crypto/gc-random
From: |
Bruno Haible |
Subject: |
Re: getrandom vs. crypto/gc-random |
Date: |
Sun, 31 May 2020 13:47:01 +0200 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-177-generic; KDE/5.18.0; x86_64; ; ) |
> 1) The list of random devices, determined through gc-random.m4.
>
> > To fix that, I
> > am thinking that getrandom should remove its dependency on
> > crypto/gc-random, and
> > should simply use "/dev/urandom" for the nonce device without worrying about
> > whether crypto/gc-random would define NAME_OF_NONCE_DEVICE to
> > "/dev/urandom".
> > This should work on all current porting targets and should simplify
> > maintenance
> > by lessening dependencies on the crypto/gc-random module, which pulls in
> > several
> > other modules that some packages won't want to bother with.
>
> I agree. In my testing yesterday, I found that /dev/random and /dev/urandom
> are
> present in all modern versions of operating systems, except native Windows.
> I tested:
> Linux Fedora 1 OK
> Linux Ubuntu 16.04 OK
> Linux Ubuntu 18.04 OK
> Linux Ubuntu 20.04 OK
> Linux Alpine 3.9 OK
> Hurd 2019 OK
> GNU/kFreeBSD OK
> Mac OS X 10.5 OK
> Mac OS X 10.13 OK
> FreeBSD 11 OK
> FreeBSD 12 OK
> NetBSD 7.0 OK
> NetBSD 9.0 OK
> OpenBSD 6.5 OK
> AIX 7.1 OK
> Solaris 10 OK
> Solaris 11.0 OK
> Solaris 11.3 OK
> Solaris 11.4 OK
> Solaris OpenIndiana OK
> Haiku OK
> Cygwin OK
> Minix 3.3 OK
>
> Seeing this, the configure options --enable-random-device,
> --enable-pseudo-random-device, --enable-nonce-device are not needed any more
> - neither for gc-gnulib nor for getrandom. I won't remove them from
> gc-random.m4
> (since that is Simon's responsibility), but I agree with you that for
> getrandom
> we can use the two de-facto standard device names.
Done as follows.
2020-05-31 Bruno Haible <bruno@clisp.org>
getrandom: Simplify the determination of the random number devices.
Suggested by Paul Eggert in
<https://lists.gnu.org/archive/html/bug-gnulib/2020-05/msg00383.html>.
* lib/getrandom.c (NAME_OF_RANDOM_DEVICE, NAME_OF_NONCE_DEVICE): New
macros.
* modules/getrandom (Depends-on): Remove crypto/gc-random.
diff --git a/lib/getrandom.c b/lib/getrandom.c
index f20ffe0..0cc3dc3 100644
--- a/lib/getrandom.c
+++ b/lib/getrandom.c
@@ -27,6 +27,25 @@
#include "minmax.h"
+/* These devices exist on all platforms except native Windows. */
+#if !(defined _WIN32 && ! defined __CYGWIN__)
+
+/* Name of a device through which the kernel returns high quality random
+ numbers, from an entropy pool. When the pool is empty, the call blocks
+ until entropy sources have added enough bits of entropy. */
+# ifndef NAME_OF_RANDOM_DEVICE
+# define NAME_OF_RANDOM_DEVICE "/dev/random"
+# endif
+
+/* Name of a device through which the kernel returns random or pseudo-random
+ numbers. It uses an entropy pool, but, in order to avoid blocking, adds
+ bits generated by a pseudo-random number generator, as needed. */
+# ifndef NAME_OF_NONCE_DEVICE
+# define NAME_OF_NONCE_DEVICE "/dev/urandom"
+# endif
+
+#endif
+
/* Set BUFFER (of size LENGTH) to random bytes under the control of FLAGS.
Return the number of bytes written, or -1 on error. */
ssize_t
diff --git a/modules/getrandom b/modules/getrandom
index e94686d..8aa4be2 100644
--- a/modules/getrandom
+++ b/modules/getrandom
@@ -7,7 +7,6 @@ m4/getrandom.m4
Depends-on:
sys_random
-crypto/gc-random [test $HAVE_GETRANDOM = 0]
fcntl-h [test $HAVE_GETRANDOM = 0 || test $REPLACE_GETRANDOM = 1]
minmax [test $HAVE_GETRANDOM = 0 || test $REPLACE_GETRANDOM = 1]
open [test $HAVE_GETRANDOM = 0 || test $REPLACE_GETRANDOM = 1]
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
Re: [PATCH] getentropy, getrandom: new modules, Bruno Haible, 2020/05/30
fix list of crypto devices for NetBSD, OpenBSD, Bruno Haible, 2020/05/30