Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp235536imn; Mon, 25 Jul 2022 15:00:52 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sosNVBXnUoyH2MKVroRtGLrXaiMU+K3gJlbf/KLDZF2WXaM0yeXvVlm5nJ/563t7w+3cS1 X-Received: by 2002:a17:906:794f:b0:72b:1346:85a3 with SMTP id l15-20020a170906794f00b0072b134685a3mr11436537ejo.259.1658786452092; Mon, 25 Jul 2022 15:00:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658786452; cv=none; d=google.com; s=arc-20160816; b=pFPA1VDIDdev+dNEMlIudYAz8LMZoWaxF2Sw6cOKVu5doVOyLhPrRSs0Dk0HHoAWOA ZLqtivcpmumVWjkMR03HocYIEfQ9J+oeMy3oEyB0ocPEP2WOLvVMbqjMBIrUQo6IN9bZ /mhlZfyo7FPm6fDmsL02yp/GXpnw8mTKtPurPsHLClOvSg+hVCyZRL5lMZhaOLioCsdB iFvWrBL1K65GBZS+uyH5KlWeXbxlM34SEfz4x9jNxJe+sCFscktVJhf3PdKkCX6Tliug E7VVggRJ7bNgvB8JrwNJSelrSSOkNpI96YEdrbV6RbWzu6Qzr8aaY5FYhAoIkMRv1Qcn Lovg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=cYfe2ZrAUJl0cv5K4oqcBrhs+2+NT2q9lAMJzQL8js0=; b=YghI6AXIUL2ClU5O7ZRm04S5X9wB+fd1e8SH8A6hHGFg8c5rhJfsVYyxiu7IYGmovy D0p17kDzzZbpLBih3Q5AH54Vkl4fqovf6E7YRtQscLXkG6Sg3KBTbyqOsefg2VkhKB// oeHKcRlpuv0pdq9aTCSYEch/JC3JWUeby8LVSp6aLN19q9Zn3RV0/pvK54hJN4ifnPRc eNN2jyQy494b18l2m91PkvdPLT4G8QRAnA3nJ96wJRVBxGVCKoYiCBowqIDy5fZ4NJjZ BDw+XblbHKrrIwmEwnypwaSzkJzPc4SkcO14DhZp5oihoBLENy/gxr3OhhjeU3Z67Xem Zu2w== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@libc.org header.s=20210105 header.b=Ylqdaavy; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v8-20020aa7d808000000b0043a6fd52d9dsi14267885edq.392.2022.07.25.15.00.10; Mon, 25 Jul 2022 15:00:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@libc.org header.s=20210105 header.b=Ylqdaavy; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237322AbiGYVuZ (ORCPT + 99 others); Mon, 25 Jul 2022 17:50:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237352AbiGYVuO (ORCPT ); Mon, 25 Jul 2022 17:50:14 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7003DDF3 for ; Mon, 25 Jul 2022 14:50:10 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id ACC5861303 for ; Mon, 25 Jul 2022 21:50:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C99D6C341C6 for ; Mon, 25 Jul 2022 21:50:08 +0000 (UTC) Authentication-Results: smtp.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=libc.org header.i=@libc.org header.b="Ylqdaavy" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=libc.org; s=20210105; t=1658785806; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cYfe2ZrAUJl0cv5K4oqcBrhs+2+NT2q9lAMJzQL8js0=; b=YlqdaavytysFI+bS7wVSZcW9PboI2sfL2bXh/d9nCPGzs6FeiwUvYlcWOTOHmyJXhMfj5i SqWeFx0wo7+J7KMUBgFD1uNI5X6ZoO3fPYSX6rQLW/6jCdKFRHlrc9dlW6ih7RL1I3bpUC AJPr0fpJ2SrcEVWIngNuw3LMqbsKZIw= Received: by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 64a2c416 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Mon, 25 Jul 2022 21:50:06 +0000 (UTC) Date: Mon, 25 Jul 2022 14:49:30 -0400 From: Rich Felker To: Cristian =?utf-8?Q?Rodr=C3=ADguez?= Cc: Florian Weimer , Yann Droneaud , "Jason A. Donenfeld" , libc-alpha@sourceware.org, Michael@phoronix.com, jann@thejh.net, linux-crypto@vger.kernel Subject: Re: arc4random - are you sure we want these? Message-ID: <20220725184929.GJ7074@brightrain.aerifal.cx> References: <6bf352e9-1312-40de-4733-3219721b343c@linaro.org> <20220725153303.GF7074@brightrain.aerifal.cx> <878rohp2ll.fsf@oldenburg.str.redhat.com> <20220725174430.GI7074@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06, DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_HI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jul 25, 2022 at 02:33:05PM -0400, Cristian Rodríguez via Libc-alpha wrote: > On Mon, Jul 25, 2022 at 1:44 PM Rich Felker wrote: > > > Then don't fallback to /dev/urandom. > > Those are my thoughts as well.. but __libc_fatal() if there is no > usable getrandom syscall with the needed semantics, in short making > this interface usable only when the kernel is. > > This is quite drastic, but probably the only sane way to go. You can at least try the sysctl and possibly also /dev approaches and only treat this as fatal as a last resort. If you can inspect entropy_avail or poll /dev/random to determine that the pool is initialized this is very safe, I think. And some research on distro practices might uncover whether this should be believed to be complete. (Note: I know some folks have raised seccomp sandboxing as an issue too, but unlike kernel which is sometimes locked in by legacy hardware, bad seccomp filters are in principle always fixable and are a form of user/admin error since it's not valid to make assumptions about what syscalls libc needs.) Rich