Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/rand: nacl support is broken on both 1.4 and tip #9261

Closed
minux opened this issue Dec 11, 2014 · 7 comments
Closed

crypto/rand: nacl support is broken on both 1.4 and tip #9261

minux opened this issue Dec 11, 2014 · 7 comments
Milestone

Comments

@minux
Copy link
Member

minux commented Dec 11, 2014

This program (http://play.golang.org/p/0DMMipySJX) runs on playground (Go 1.3)
But fails to run on latest master branch (it tries to open /dev/urandom)

@minux
Copy link
Member Author

minux commented Dec 11, 2014

OK. I found out that it's because in my trunk version of sel_ldr, SecureRandom
named service has been removed. see https://codereview.chromium.org/550523002.

@rsc What should we do here? Should we switch to use NaClSysGetRandomBytes
(syscall 150)? It's introduced in https://codereview.chromium.org/537543003
3 months ago.

I think the best way for 1.5 is to migrate to the syscall, since we can remove the SRPC
implementation in syscall, and our random also needs random bytes now.

However, migrating means we lose the ability to use older sel_ldrs.

What do you think?

@minux
Copy link
Member Author

minux commented Dec 11, 2014

I confirm that after I updated native_client to svn revision 13696, nacltest.bash
passes for both amd64 and 386.

@davecheney
Copy link
Contributor

I think it is fine to require a newer version of sel_ldr.
On 11 Dec 2014 19:52, "Minux Ma" notifications@github.com wrote:

OK. I found out that it's because in my trunk version of sel_ldr,
SecureRandom
named service has been removed. see
https://codereview.chromium.org/550523002.

@rsc https://github.com/rsc What should we do here? Should we switch to
use NaClSysGetRandomBytes
(syscall 150)? It's introduced in
https://codereview.chromium.org/537543003
3 months ago.

I think the best way for 1.5 is to migrate to the syscall, since we can
remove the SRPC
implementation in syscall, and our random also needs random bytes now.

However, migrating means we lose the ability to use older sel_ldrs.

What do you think?


Reply to this email directly or view it on GitHub
#9261 (comment).

@minux
Copy link
Member Author

minux commented Dec 11, 2014

Or switch to IRT, which has a stable ABI and API. But that's a lot work.

@minux
Copy link
Member Author

minux commented Dec 12, 2014

Patch is ready. It also fixes #9256 for real.

The patch is at https://gist.github.com/minux/c7c997669fec1cf391f9,
I've tested on amd64p32 and 386, but I'd prefer test result for nacl/arm.

You can use the sel_ldrs in the pepper_canary or pepper_40 version
of the sdk to test this.

I haven't updated misc/nacl/README yet. WIll do that when sending
the CL.

@jamesr
Copy link

jamesr commented Feb 13, 2015

Is this patch waiting for anything?

@minux
Copy link
Member Author

minux commented Feb 13, 2015 via email

@minux minux closed this as completed in 003dccf Mar 25, 2015
@mikioh mikioh added this to the Go1.5 milestone Mar 25, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

5 participants