GNU bug report logs -
#29725
[PATCH 2/2] services: urandom-seed: Try using a HWRNG to seed the Linux CRNG at boot.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Fri, 15 Dec 2017 20:19:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
Full log
Message #11 received at 29725 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sun, Dec 17, 2017 at 04:31:27PM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> If we fail to read from /dev/hwrng we may end up writing zeros to
> /dev/urandom (because ‘buf’ is left uninitialized).
Right, the patch I sent wrote the buffer to urandom unconditionally.
It's sloppy when the buffer is uninitialized but does no harm to the
CRNG.
> To address that, perhaps this could be formulated like this:
>
> (let ((buf (catch 'system-error
> (lambda ()
> (call-with-input-file "/dev/hwrng"
> (lambda (port)
> (get-bytevector-n port 512))))
> (const #f))))
> (when buf
> (call-with-output-file "/dev/urandom"
> (lambda (urandom)
> (put-bytevector urandom buf)))))
Overall I like this better.
I tested it and catching system-error seems to work for the case when
/dev/hwrng exists but there is nothing actually there.
I noticed you used get-bytevector-n instead of get-bytevector-n!. The
documentation says that the former reads "octets" while the latter reads
"bytes" [0]. I guess there is no difference in practice in 2017, right?
> This also removes the need for the ‘file-exists?’ call.
I don't know what creates /dev/hwrng or under what conditions. I didn't
see it in (gnu build linux-boot). Can we rely on it to exist for all the
versions of Linux we support?
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 215 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.