Use getrandom API - Githubissues

dsprenkels / randombytes

A portable C library for generating cypto-secure random bytes

MIT License

96 stars 37 forks source link

Use getrandom API #30

Closed mariaschopp closed 3 years ago

mariaschopp commented 3 years ago

In 2017, glibc added an API call for getrandom. This update checks the glibc version and uses the getrandom API call if available instead of making a syscall.

dsprenkels commented 3 years ago

@mariaschopp Thanks for the contribution! I remember that I also wanted to implement it in this way a couple of years ago. Back then however, most systems did not have a recent glibc version. I am mildly concerned this may still be the case.

I am thinking, can we implement this in a backwards-compatible manner?

I.e., we use the getrandom function if it is available, and if it is not, we fall back to the current implementation?

mariaschopp commented 3 years ago

Happy to contribute. I think it should be backwards compatible now.

dsprenkels commented 3 years ago

@mariaschopp thanks for the fix. I am currently updating the tests s.t. they also work with your patch. I'm currently hitting cases where the getrandom function returns a -1, with errno == EFAULT. I have no clue when or why this could occur. Do you have any ideas?

dsprenkels commented 3 years ago

Update: I will later investigate what the glib function does internally on my pc.

mariaschopp commented 3 years ago

According to the man page for getrandom, EFAULT means that the address referred to by buf is outside the accessible address space. In the cases where it is failing, how are you creating the buffer? Did you check to ensure that the memory allocation for the buffer didn't fail?

For those same cases, does it succeed if you make the syscall instead of calling the getrandom API?

dsprenkels commented 3 years ago

Closing in favor of #36.