Re: [PATCH] DOC: install: enable WOLFSSL_GETRANDOM

Thu, 01 Feb 2024 08:53:36 -0800 

On 2024-02-01 15:52, Lukas Tribus wrote:

On Thu, 1 Feb 2024 at 12:08, William Lallemand <wlallem...@haproxy.com> wrote:
>
> That's interesting, however I'm surprised the init does not work before the 
chroot,
> we are doing a RAND_bytes() with OpenSSL before the chroot to achieve this.

This approach can actually hide chroot issues leading to nasty
operational issues like "Haproxy 1.8 with OpenSSL 1.1.1-pre4 stops
working after 1 hour" (see [1]  and [2]). It's also not unrealistic to
cause issue with process management, like FD leaks [3].
Sure, these were fixable bugs due to changes in HAProxy or in OpenSSL. But once a FD is kept and the library deinit correctly that shouldn't be a major problem.I agree we should be attentive to these points. 


Stable OpenSSL on stable OS release branches today use getrandom() and
not /dev/urandom.

I think using the filesystems for CRNG is a footgun. At least let us
fail fast and immediately if there is an issue with CRNG seeding from
chroot.

I consider getrandom() a modern and simple solution to all those problems.
Unfortunately this is still a fallback solution if getrandom() is not accessible or if the support is not built, as this is a fallback in openssl too.I don't want HAProxy to require getrandom() to work, even if this is not an ideal solution, there is no reason it shouldn't work without it, at least for the sake of portability. 


> I'll check if we can do something like this instead of needing a explicit 
option, but
> if that's not possible we will require GETRANDOM in the --enable-haproxy 
build option.

Actually I think wolfssl should add feature detection just like it
does with other optional syscalls. But that is not what the suggested
wolfssl 5.6.6 release does.
It does not seem to be the wolfSSL philosophy :/ Everything needs to be compiled manually and there is a lot of options, it's quite complicated to obtain an optimized built... We recently saw that they've done something like this for AES-NI, so maybe we could try to push them to a more dynamic build system.
I opened a wolfSSL issue https://github.com/wolfSSL/wolfssl/issues/7197 feel free to participate, we could try to push them to the detection of getrandom() during the build of their library, and fix their urandom Implementation.
We could also try a call to RAND_bytes() after the chroot and exit with an error saying that the library is not compatible with chroot. 

Regards,


William Lallemand

Reply via email to