Add support for Linux syscall "getrandom".#180
Add support for Linux syscall "getrandom".#180mark-kubacki wants to merge 3 commits intomasterfrom unknown repository
Conversation
|
See also:
|
| @@ -0,0 +1,150 @@ | |||
| #include <openssl/opensslconf.h> | |||
|
|
|||
There was a problem hiding this comment.
From here you should probably enclose the below in OPENSSL_SYS_LINUX guards as it is Linux specific.
There was a problem hiding this comment.
This is way cool and important, but seems like a new feature. The RNG in OpenSSL needs work -- heck, we created a special mailing list to talk about it -- but nothing was done in time for 1.1 :(
There was a problem hiding this comment.
Well, maybe because nobody knew about the new mailing list. Well, I didn't know about it anyway :P
In any case this seems the wrong way to add getrandom() support. It should be added to RAND_poll() instead
https://github.com/openssl/openssl/blob/master/crypto/rand/rand_unix.c#L242
which is in dire need of a refactoring btw like what I proposed in (and previously in that big mailing list discussion that didn't go anywhere) #898 (comment)
but yes, it's probably too late at this point for 1.1.0.
RNG-related is also #512 which is not a new feature.
There was a problem hiding this comment.
And there are some RT tickets too , mainly about windows RNG.
There was a problem hiding this comment.
@ghedo, so is it your view that we should close this PR as unsuitable?
There was a problem hiding this comment.
Not that my opinion matters all that much, but yes. Adding getrandom() through a new engine means that only the people who enable the engine are going to benefit from this, but it would also bypass md_rand impacting performance significantly.
On the other hand adding this to RAND_poll() means that getrandom() is only used to seed the user-space PRNG and that we don't need a syscall every time random data is needed (the RNG on Linux is also quite susceptible to lock contention).
(The fact that md_rand is not exactly optimal and needs to be rewritten is a different problem).
There was a problem hiding this comment.
On the contrary, I think your opinion is greatly respected here! @richsalz do you agree with closing this?
There was a problem hiding this comment.
I too resepect @ghedo's views and think that's a better approach; close this.
|
Dusting this one off after quite a long time. Sorry! In order for this PR to be acceptable it will need some significant update to bring it up to date with all of the changes in the codebase since this was written. Please rebase and update this PR if you are still interested in pursuing this. Unfortunately this cannot be integrated until after the 1.1.0 release though. |
|
Closing as per the discussion above. |
ff3986a removed hard paths (open-quantum-safe#193) f62bb02 Enabled and documented building on ARM32 (Raspberry Pi). (open-quantum-safe#179) 9dab6f6 Flags for configured algorithms generated in config.h (open-quantum-safe#177) 2d5eb13 Covscan defect fix (open-quantum-safe#189) a5b239d Updated README (open-quantum-safe#191) d7a72e2 Add checks to verify length of input data for McBits (open-quantum-safe#186) cbee5ef Vsoftco issue160 (open-quantum-safe#188) 581fbbb Initialize out-parameters to NULL (open-quantum-safe#183) 0d8a354 Properly separate SIDH CLN16 from SIDH CLN16 compressed (open-quantum-safe#181) 8bc8cd9 Added VisualStudio DLL build configurations (open-quantum-safe#182) fc522d6 Embed SIDH IQC REFERENCE parameters (open-quantum-safe#180) 40ffb4e Updated Windows build (added sig, fixed warnings, 2017 update) (open-quantum-safe#169) a329060 Update README.md (open-quantum-safe#178) fcbd0f3 KEX memory benchmarks (open-quantum-safe#171) b9854b4 Arm compilation (open-quantum-safe#170) f3e24e1 Link to algorithm data sheets. 28cc05a Added datasheets for SIDH and Picnic. (open-quantum-safe#166) git-subtree-dir: vendor/liboqs git-subtree-split: ff3986ab9585e521462fb28d24ed024328f609b9
Implements the syscall "getrandom", available in Linux 3.17, as new engine in a LIBC-agnostic way.
Please note that the engine is not available if the syscall is not implemented (ENOSYS returned).