-
Notifications
You must be signed in to change notification settings - Fork 710
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace /dev/urandom
usage on OpenBSD
#316
Comments
There's two sets of Theo de Raadt's slides from 2014 about
Kernel entropy pool is seeded by bootloader: https://www.openbsd.org/papers/hackfest2014-arc4random/mgp00019.html and
I assume (since I can't find source) that kernel and libc have good entropy when userland programs can be executed so no blocking should happen.
Using word almost is direct copy from http://man.openbsd.org/arc4random.3 and the man page doesn't explain when it's inappropriate. But investigating further... From: https://www.openbsd.org/papers/hackfest2014-arc4random/mgp00015.html it seems it should be always safe to call
|
OK, I'm convinced Another question I have is whether the situation is different for other BSDs, in particular FreeBSD. |
@oherrala Thank you very much. Your research really helped me. On other day, I searched/read through man pages and blog articles on the Internet and got impression that
I think we need to check the implementation of I think we need to check at least the followings:
As for the latter, I found this patch; FreeBSD's I will continue my research, but any help from anybody would be appreciated. |
@tatsuya6502 It is also OK to write the patch and get it working on OpenBSD, and then expand its scope to other BSDs as we verify that |
Now OpenBSD and FreeBSD utilizes `arc4rand_buf()` function in their C stdlib. - Implement GFp_sysrand_chunk() in sysrand.c for OpenBSD and FreeBSD. - On OpenBSD and FreeBSD, mk/ring.mk now uses `-D_BSD_SOURCE` in `CPPFLAGS` instead of `-D_XOPEN_SOURCE=700`. TODOs: - Update docs. - Remove debug print. - Ensure FreeBSD's arc4rand_buf() is as safe as OpenBSD's. I agree to license my contributions to each file under the terms given at the top of each file I changed.
I have got OpenBSD 6.0 (amd64) installed on my machine and built Rust 1.12.1 and Cargo from source codes. I started to make changes and opened #319 for early code review. |
I checked FreeBSD's Here are some details: arc4random
I found above was not true. In the latest production FreeBSD release (11.0-RELEASE), EDIT: I think this mail discussion supports my finding. /dev/urandom
/dev/random
KERN_ARND sysctl The above man page for But I could not figure out if this is the same thing to reading from
So the latter is the same, but I think we should continue using |
I think this article gives a nice overview of the sources of entropy in different platforms. (See "General Requirements for Inclusion" section.)
The article also explains how to get secure randomness in Rust (rand, libsodium and ring crates). Also, this Wikipedia article about Yarrow algorithm says:
So it seems good to stay with |
/dev/urandom
usage on *BSD/dev/urandom
usage on OpenBSD
Thanks for doing all this research. I think we should split the FreeBSD work off into its own issue, which I've already created: #326. Now this issue can be just about OpenBSD. Then we can simplify the PR to just change the behavior on BSD. WDYT?
These platforms already have their own issue: #149. |
Thanks for creating #326. Also I was not aware of #149, so thank you for the pointer.
I like the idea and will simplify the PR. I first thought entire *BSD work would be just to use Sorry for making very slow progress. I am still willing to work on the PR because I am learning a lot. OpenBSD is a new platform to me to do some coding, and also I have to do all those things for my job and family, so it has been hard to find some spare time. I believe I just need a few more days to finish the OpenBSD PR. |
Thanks sounds great to me.
No worries! Family first! Let me know if there's anything I can do to help (that doesn't require me to set up an OpenBSD box). |
Here are some things that should be done, based on the similar change made for macOS/iOS: |
Thank you for the list! I will check the examples and update my code. |
PR #874 restores the /dev/urandom-based implementation for OpenBSD. |
If you are somebody that uses Rust on OpenBSD, could you please explain how you build Rust programs? How do you get libstd for OpenBSD? Are you using xargo? |
@briansmith OpenBSD has packaged Rust and Cargo in Ports. @semarie is the maintainer. https://github.com/openbsd/ports/tree/master/lang/rust So, the workflow is not much different from any other supported platform for Rust:
|
Thanks @oherrala
For every other target, including Windows, I can build on a Linux host (including Microsoft Linux on Windows) or macOS host. What's the easiest way to build targeting OpenBSD from Linux or macOS? |
AFAIK there's no cross compilation to target OpenBSD. |
@briansmith as nobody worked on crosscompilation from Linux to OpenBSD (complete C & C++ toolchain with linker), there is no simple solution currently to targeting OpenBSD from Linux (or macos). it could be tried with clang+lld as OpenBSD uses them for x86_64. but I dunno if there is still some parts in linker that aren't upstreamed. |
Thanks for the info. It would be very convenient if it were possible to build and link for OpenBSD targets from a Linux (or macOS) host. Even though we have to run tests on OpenBSD itself, that can easily be done in a small and limited VM. But, doing the build itself would require a large (in terms of CPU and memory capability, as well as installed binaries) VM. I would love to hear from anybody trying to upstream changes needed to the Rust toolchain (and LLVM itself?) to make this happen. |
For what it's worth, FreeBSD's userspace arc4random(3) is based on Chacha20 in FreeBSD 12.x and newer (but not 11.x and older). 11.x is still supported, as far as I know, but might be end-of-line very soon with the upcoming 13.0 release. The 2013 reference is to an email of a bug / proposed patch that was incomplete until 2017/2018. Here's a better link to the same bug, with more context: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182610 |
See the draft PR #1531 where I propose we delegate all this to the |
See #313 (comment), where @tatsuya6502 wrote:
That sounds good to me. The main questions I have are:
The text was updated successfully, but these errors were encountered: