-
Notifications
You must be signed in to change notification settings - Fork 710
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use something better than /dev/urandom on FreeBSD #326
Comments
LibreSSL just uses arc4random. The rationale was, basically, "deal with it". But they have added locking and fork detection using They also have an emulation of getentropy using KERN_ARND. |
Thanks!
This looks the most promising to me. Probably we should check what libsodium does too. |
They have a complicated file full of #ifdefs, but this seems like the part we're interested in:
It's interesting that CloudABI's arc4random is considered safe, but not FreeBSD's. CloudABI runs on FreeBSD using, I think, the same arc4random as FreeBSD ABI programs. But on CloudABI you can't just open /dev/random, so it's not like they have a choice :D |
https://svnweb.freebsd.org/base?view=revision&revision=317015
|
Somehow I only just discovered this: the rand crate uses KERN_ARND sysctl! |
FreeBSD 12 (current dev branch) now has all the interfaces: getentropy(3), getrandom(2). The getentropy implementation uses the getrandom syscall, but falls back to The getrandom syscall is faster than So I think dynamically probing for |
I think it would be good to try to use getentropy if it is available (using weak linkage) and fallback to the Remember:
IMO, it is OK if we only get these benefits on newer versions of BSD. |
Oops, I forgot that we already use |
FreeBSD now has |
Yep, I mentioned that above :)
Now that 12 is RELEASE, more people have it, but some places are still on 11.x, so some fallback would be good |
I would like to eliminate the fallback as much as possible. It seems OK to me to treat OpenBSD and FreeBSD the same and use |
A customer asked for FreeBSD support and we don't know what versions of FreeBSD we need to support, so PR #874 restores the |
https://github.com/rust-random/getrandom currently uses |
@myfreeweb The first step to doing something better is getting CI set up so we can test FreeBSD. Any tips for getting FreeBSD running in an emulator that would work reasonably in CI? |
I think Rust itself uses qemu on travis, but it's much easier to set up native CI with https://builds.sr.ht or https://cirrus-ci.org/guide/FreeBSD/ |
I can maybe add some context. I added The The userspace So, I'm not sure what the goals of this crate's SystemRandom are. It would be extremely straightforward, and correct, to just use the existing Linux code on FreeBSD. IMO, it's slightly preferable to the status quo of just using the /dev/urandom device. (FreeBSD's urandom doesn't have Linux's problem of yielding weak entropy before initial seeding.) I'd consider 11.x more or less obsolete, even if it's still ostensibly supported by the FreeBSD project, so it's probably fine to just require FreeBSD to have Using As far as DEV_RANDOM concerns mentioned somewhere upthread, it is no longer optional to have a system entropy device (and was never the default configuration anyone downloading an image and installing it would get). Please let me know if I can answer any other questions! |
FreeBSD added the Linux-compatible getrandom(2) API in 12.0. Like Linux, prefer it to the /dev/urandom device, but fallback to the earlier method if the syscall is not available.
See the draft PR #1531 where I propose we delegate all this to the |
The main drivers here are performance and the ability to work correctly and automatically in a chroot/jail.
This was split off from #316, which is now OpenBSD-only. Note that iOS and MacOS are issue #149.
See:
/dev/urandom
usage on OpenBSD #316 (comment)/dev/urandom
usage on OpenBSD #316 (comment), which among other things references https://paragonie.com/blog/2016/05/how-generate-secure-random-numbers-in-various-programming-languages.From reading various FreeBSD mailing list messages, it seems like FreeBSD doesn't have a good way to guarantee fork-safety, which is the same problem that Linux has. Therefore, it seems like we should always be getting random values from the OS. That means, AFAICT, either reading from
/dev/[u]random
or theKERN_ARND
sysctl
. Note the potential problems withKERN_ARND
mentioned in the linked-to comments above.I don't understand this issue fully, but it seems that FreeBSD has a RANDOM kernel module that can be disabled, and in that disabled state it may be problematic to do anything better than reading from
/dev/[u]random
: "RW mentioned kernels without RANDOM, being an awkward situation for which it seems necessary to fall back to the PRNG in userland." - https://lists.freebsd.org/pipermail/freebsd-security/2014-July/007869.html.The text was updated successfully, but these errors were encountered: