Re: porting arc4random (was Re: boringssl and such)
>having just this evening updated Android to the current arc4random
>(https://android-review.googlesource.com/#/c/99052/), i was confused
>by the single use of explicit_bzero amongst the many calls to memset
>in the same file. as for portability, Linux requires MAP_PRIVATE
>anywhere you use MAP_ANON, and needs something along the following
>lines instead of the BSD sysctl:
>
> int fd = open("/dev/urandom", O_RDONLY);
> if (fd == -1) {
>__libc_fatal("failed to open \"/dev/urandom\": %s", strerror(errno));
> }
> ssize_t bytes_read = TEMP_FAILURE_RETRY(read(fd, rnd, sizeof(rnd)));
> if (bytes_read != sizeof(rnd)) {
>__libc_fatal("couldn't read %zu bytes from \"/dev/urandom\": %s",
>sizeof(rnd), strerror(errno));
> }
> close(fd);
The base arc4random() now relies on MAP_INHERIT_ZERO support in the
minherit() system call, this it can avoid the getpid() check.
-portable arc4random will not follow this lineage. -portable will
require a tweaked arc4random, based on 1.33
boringssl and such
Few things to note... I suspect everyone working on LibReSSL is happy to hear the news about BoringSSL. Choice is good!! Their priority is on safety, not on ABI compatibility. Just like us. Over time, I suspect google's version will also become 'reduced API', since they require less legacy application support. That may give LibReSSL the opportunity to head in the same direction, if the applications are willing... Secondly, a lot of misinformation is being spread about the effort required to get LibReSSL-portable out the door. We've stripped the code so that it is POSIX-only. Therefore "Linux" compat is really not hard. We basically just need the following parts to be finished: - A clean build framework - and the finetunings of portable versions of our safetybelts: arc4randomstrlcpy strlcat explicit_bzero reallocarray timingsafe_bcmp timingsafe_memcmp So please stop believing rumours that we've made it hard to port! The entire world went to POSIX, and that's all this code needs to support. It is a small step. I don't think it will take much longer. patience...
