Re: getrandom and getentropy

[Kurt Roeckx <kurt%roeckx.be@localhost>]

On Fri, May 01, 2020 at 07:19:09PM +0000, Taylor R Campbell wrote:
> 
> The alias getentropy(p,n) := getrandom(p,n,GRND_INSECURE)

At several places in your document you imply this. But
getentropy(p,n) is more like getrandom(p,n,0). That is, it also
waits until it's seeded, it only blocks a single time.

I hink we've previously talked about it, and you said the OpenBSD
manpage doesn't mention anything related to it. But it's implied
behaviour for OpenBSD, they never had an interface where you can
get random numbers before it's properly seeded.

At least Linux's glibc wrapper for getentropy documents this
behaviour now:
> A  call  to getentropy() may block if the system has just
> booted and the kernel has not yet collected enough randomness to
> initialize the entropy pool.

It's the behaviour we see on all OSs that provide that interface.
It's also the interface OpenSSL currently prefers. If you make
getentropy() the insecure version, I will need to modify OpenSSL
to switch to getrandom() on NetBSD.

> slightly silly semantics of getrandom(p,n,GRND_RANDOM)

I'm not sure, but I think on Linux GRND_RANDOM very recently
started to behave exactly the same as passing 0, and /dev/random
behaves like /dev/urandom except that it waits until it's seeded.
/dev/random no longer has the weird concept that it can only return
as much data as entropy that's been feeded in it.



Kurt