Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Jan 2015 19:12:42 +0100
From: Daniel Cegiełka <>
Subject: Re: getrandom syscall

2015-01-28 18:43 GMT+01:00 Brent Cook <>:
> Here is the wrapper in LibreSSL for getrandom, to hopefully lend to
> the discussion:
> It tries to avoid a couple of possible issues. FIrst, while <= 256
> byte getrandom should not interrupt, it appears that if the kernel
> entropy pool has not been initialized yet, it would still return EINTR
> if called early enough in the boot process. How likely this is in
> practice, I don't know.
> Then, to avoid modifying errno even though there was an actual
> success, the wrapper restores the previous errno value when it
> succeeds.
> I just realized that the length check in getentropy_getrandom() is
> redundant, since it is checked earlier in getentropy() as well, but
> hopefully this is helpful.
> If a getentropy() were added to musl libc, but in such a way that it
> might fail on older kernels, that would cause some problems with
> LibreSSL, and now OpenNTPD. They will both try to use getentropy()
> with arc4random() if it is found in a system, and arc4random() will
> treat a getentropy() failure as fatal.

Thank you for your feedback. That's right, arc4random() sometimes
ended with an abort() and this is a huge problem. I used  /dev/urandom
as a source of entropy for arc4random(), but it can fail (eg. in a
chroot), so if arc4random() calls abort(), then the whole process

btw. thanks for your work on OpenNTPD. I was planning to send an
adjtimex() patch, but I see that you already did:


> Thanks, and good discussion.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.