Hello agl@chromium.org (cc: golang-codereviews@googlegroups.com, iant@golang.org, rsc@golang.org), I'd like you to review this change to https://go.googlecode.com/hg/
9 years, 8 months ago
(2014-08-12 19:42:50 UTC)
#1
https://codereview.appspot.com/123260044/diff/40001/src/pkg/crypto/rand/rand_linux.go File src/pkg/crypto/rand/rand_linux.go (right): https://codereview.appspot.com/123260044/diff/40001/src/pkg/crypto/rand/rand_linux.go#newcode16 src/pkg/crypto/rand/rand_linux.go:16: n, err := syscall.GetRandom(p, 0) The new system call ...
9 years, 8 months ago
(2014-08-12 20:32:35 UTC)
#2
https://codereview.appspot.com/123260044/diff/40001/src/pkg/crypto/rand/rand_...
File src/pkg/crypto/rand/rand_linux.go (right):
https://codereview.appspot.com/123260044/diff/40001/src/pkg/crypto/rand/rand_...
src/pkg/crypto/rand/rand_linux.go:16: n, err := syscall.GetRandom(p, 0)
The new system call isn't actually like /dev/urandom in one important respect:
there's no "do the best that you can" mode.
While /dev/urandom doesn't block and always returns data, the new system call
will refuse to return anything until the pool is ready. This stops attackers
from climbing up the pool(*), but might be a big surprise to Go programs.
I think that GRND_NONBLOCK should be passed here so that, if the pool isn't
ready, we'll fall back on /dev/urandom until the syscall will work.
(* The attack is this: imagine that the pool is currently empty and receives one
bit of entropy per millisecond, like clockwork. If I, as a userspace process,
can read from it immediately then I can figure out what the bit is every
millisecond by reading repeatedly and thus know the full state of the pool -
which is bad. If the pool waits until it has, say, 128 bits before disclosing
anything then I'll never be able to get over that step.)
LGTM for internal/syscall https://codereview.appspot.com/123260044/diff/60001/src/pkg/internal/syscall/getrandom_linux.go File src/pkg/internal/syscall/getrandom_linux.go (right): https://codereview.appspot.com/123260044/diff/60001/src/pkg/internal/syscall/getrandom_linux.go#newcode28 src/pkg/internal/syscall/getrandom_linux.go:28: // GRND_RANDOM means the use the ...
9 years, 8 months ago
(2014-08-12 20:55:06 UTC)
#6
https://codereview.appspot.com/123260044/diff/60001/src/pkg/internal/syscall/getrandom_linux.go File src/pkg/internal/syscall/getrandom_linux.go (right): https://codereview.appspot.com/123260044/diff/60001/src/pkg/internal/syscall/getrandom_linux.go#newcode28 src/pkg/internal/syscall/getrandom_linux.go:28: // GRND_RANDOM means the use the /dev/random pool instead ...
9 years, 8 months ago
(2014-08-12 20:56:38 UTC)
#9
https://codereview.appspot.com/123260044/diff/80001/src/pkg/internal/syscall/getrandom_linux.go File src/pkg/internal/syscall/getrandom_linux.go (right): https://codereview.appspot.com/123260044/diff/80001/src/pkg/internal/syscall/getrandom_linux.go#newcode28 src/pkg/internal/syscall/getrandom_linux.go:28: // GRND_RANDOM means to use the /dev/random pool instead ...
9 years, 8 months ago
(2014-08-12 20:58:53 UTC)
#11
*** Submitted as https://code.google.com/p/go/source/detail?r=a70c897599c4 *** crypto/rand: use getrandom system call on Linux Adds internal/syscall package. ...
9 years, 8 months ago
(2014-08-12 21:35:30 UTC)
#15
Issue 123260044: code review 123260044: crypto/rand: use getrandom system call on Linux
(Closed)
Created 9 years, 8 months ago by bradfitz
Modified 9 years, 8 months ago
Reviewers:
Base URL:
Comments: 10