This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2] Add getrandom implementation [BZ #17252]
- From: Nikos Mavrogiannopoulos <nmav at redhat dot com>
- To: libc-alpha at sourceware dot org
- Date: Wed, 13 Jul 2016 13:09:39 +0000 (UTC)
- Subject: Re: [PATCH v2] Add getrandom implementation [BZ #17252]
- Authentication-results: sourceware.org; auth=none
- References: <20160610210303.6CE3E40141175@oldenburg.str.redhat.com> <88371300-c533-9886-f1de-e34f17f7cbb4@redhat.com> <CAKCAbMj6u-BFFdRV-VN5=C2YTM5jWE=9nJnEB0BoPT+Nu0nNAw@mail.gmail.com>
Zack Weinberg <zackw <at> panix.com> writes:
>
> On Mon, Jun 27, 2016 at 11:07 AM, Florian Weimer <fweimer <at> redhat.com>
wrote:
> > The attached patch does not attempt to make it less likely that the
> > getrandom emulation will fail. The file descriptor is kept open only for
> > the duration of the call. I move the declaration to <sys/random.h> (a new
> > file) and added some documentation.
>
> I think it would be better to expose getrandom() as a completely
> unadorned syscall. No fallback and no attempt to paper over any of
> the infelicities of the kernel interface.
> This is because, what with the delay in adding this to libc, there's
> existing code now that makes the system call directly. We want people
> to be able to just swap in the libc wrapper without having to worry
> about behavior differences.
I like the patch, though I agree with the statement above. Most likely the
emulation layer will create more problems than it would solve.
> A reliable cryptographic RNG should _also_ be added, but under a
> different name. I'd vote for cloning the BSD arc4random() API.
The arc4random API is nice but it has a very unfortunate name. There is some
initial effort to standardize via POSIX a similar API:
http://austingroupbugs.net/view.php?id=859
regards,
Nikos