[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: [PATCH v8] seedrng: import SeedRNG utility for kernel RNG seed files
From: Steffen Nurpmeso <steffen () sdaoden ! eu>
Date: 2022-04-20 21:16:18
Message-ID: 20220420211618.k5O91%steffen () sdaoden ! eu
[Download RAW message or body]
Hello Jason.
Jason A. Donenfeld wrote in
<CAHmME9qRdSLG-73C7DL8xTQ0jdBjsxorFbwQ9GWsHSnsjtAO0w@mail.gmail.com>:
|On Tue, Apr 19, 2022 at 7:29 PM Steffen Nurpmeso <steffen@sdaoden.eu> \
|wrote:
|> In my entropy_saver.c i did
|>
|> /* For at least statistics query entropy count once */
|> rv = ioctl(randfd, (int)RNDGETENTCNT, &iocarg);
|>
|> regardless of the operation. This should succeed only for an
|> according device.
|
|Your assumption isn't true; this isn't a great idea in general. Ioctls
|_can_ be used between different fds and have different semantics. It
I have the overall impression this thread drifted to nitpicking.
Like i said in private i am absolutely fine with pointing people
to your implementation instead, my one just "sucks so long on the
device until the pool says it has no more entropy", and with newer
kernels that condition will never become true, so we just stop
after some maximum (512 bytes is the value i think).
And the unpleasant surprise when after reporting "%d bytes / %d
bits of entropy read from %s" the Linux kernel subsystem reported
that massive mutilation for "%d bits of entropy are at " ...
So yes, just get me going when the kernel starts up, without
blocking, and let me easily add some entropy via sh(1)ell script
when i want it. (I am only hoping my Linux distribution changes
from the "/bin/cat /var/lib/urandom/seed > /dev/urandom" now and
finally, 512 bytes for nothing!)
And now it is even in busybox. Thank you.
|would be easy for me to make a driver that responds to RNDGETENTCNT.
Sure you can. Thanks for WireGuard Jason, i really love it.
|The "right" way of verifying that a given fd is the [u]random device
|is by calling fstat and checking for chardev and 1,8 or 1,9. But I'm
|not even convinced that such verification is really sensible in the
|first place. It makes it harder to swap out with a CUSE device, if
|desired for policy reasons, and in general if /dev is writable or
|misconfigured, all bets are off for everything.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic