[prev in list] [next in list] [prev in thread] [next in thread] 

List:       botan-devel
Subject:    [Botan-devel] New code for reading /dev/*random
From:       lloyd () randombit ! net (Jack Lloyd)
Date:       2007-11-17 2:41:58
Message-ID: 20071117024158.GB32028 () randombit ! net
[Download RAW message or body]


I've checked in a new module named es_dev that handles reading from
/dev/*random. The current code (es_file) uses std::ifstream which
meant that in addition to potentially wasting entropy in stdio buffers
(in addition to causing those RNG inputs to be leaked, since there
isn't a portable way (that I know of) to zeroize or lock that memory),
the calls could block for potentially unbounded amounts of time.

The new version uses unbuffered read() calls and is careful to avoid
blocking (I could not find any way to make it block for more than the
designed 10 ms select() wait - if you can see some way this might
occur, let me know). One nice benefit of going to non-blocking IO is
that the priority list of devices to read is going to change from

  /dev/urandom
  /dev/random

to

  /dev/random
  /dev/srandom
  /dev/urandom

so potentially the quality of the RNG output will be better, though
it's pretty difficult to measure this in any meaningful way since the
output is going through a hash function regardless.

However, this does change some assumptions. Since effectively forever,
Botan has worked out of the box on Linux (or other systems with
/dev/*random), without any modules loaded, because it could always
read the PRNG device using iostreams. This will no longer work,
because all the entropy gathering code is now in the form of add-on
modules.

The new module code is in revision 72d7ffbf2868a4c27e48bd2fa23e5c002cf1ab75

-Jack


[prev in list] [next in list] [prev in thread] [next in thread]