Remove OpenBSD getentropy(2) support for now #30691
Conversation
It turns out that Rust's CSPRNG isn't used in as many places as I thought. We can't treat getentropy(2) quite like Linux's getrandom(2), and running an entire C-implemented CSPRNG (arc4random) underneath Rust probably isn't an acceptable option, so let's be safe and back out until we're more confident.
|
I am in (private) discussion with @mmcco about that. First, some background:
The direct use of But I think just removing this code isn't the good solution. For me, the short term should be replacing the @alexcrichton do you have some opinion about that ? or could you cc someone in rust-devs that could help us here ? @mmcco said also that using Thanks for your comments. |
|
for reference the PR that introduce |
|
@semarie I'm concerned about how much runtime logic and state IIUC, Rust should transition to using a userspace CSPRNG for performance and reliability regardless of which randomness sources the OS offers. I suspect that it may be easier to work on this rather than adding |
|
The more I think about it, though, adding |
|
It looks like @semarie and I had some needless paranoia. I submitted the same change to Golang, and we are also discussing the issue of userland CSPRNGs. What I failed to notice is that the reviewer is Matthew Dempsky, the co-creator of getentropy. :-) He assured me that it's safe, so I think we're fine leaving getentropy support in Rust. I'll ask Matthew for confirmation first, but I plan on closing this patch. I will likely try to work on Rust's CSPRNG so that we can use it by default for the sake of performance and stability. |
|
I'm not at all familiar with Rust, but I'll offer this input:
|
Thanks for addressing this. It was a concern someone raised on IRC and I forgot to relay it here. |
…ichton Use arc4rand(9) on FreeBSD From rust-random/rand#112: >After reading through rust-lang#30691 it seems that there's general agreement that using OS-provided facilities for seeding rust userland processes is fine as long as it doesn't use too much from libc. FreeBSD's `arc4random_buf(3)` is not only a whole lot of libc code, but also not even currently exposed in the libc crate. Fortunately, the mechanism `arc4random_buf(3)` et al. use for getting entropy from the kernel ([`arc4rand(9)`](https://www.freebsd.org/cgi/man.cgi?query=arc4random&apropos=0&sektion=9&manpath=FreeBSD+10.3-RELEASE&arch=default&format=html)) is exposed via `sysctl(3)` with constants that are already in the libc crate. >I haven't found too much documentation on `KERN_ARND`—it's missing or only briefly described in most of the places that cover sysctl mibs. But, from digging through the kernel source, it appears that the sysctl used in this PR is very close to just calling `arc4rand(9)` directly (with `reseed` set to 0 and no way to change it). I expected [rand](/rust-lang-nursery/rand) to reply quicker, so I tried submitting it there first. It's been a few weeks with no comment, so I don't know the state of it, but maybe someone will see it here and have an opinion. This is basically the same patch. It pains me to duplicate the code but I guess it hasn't been factored out into just one place yet.
…ichton Use arc4rand(9) on FreeBSD From rust-random/rand#112: >After reading through rust-lang#30691 it seems that there's general agreement that using OS-provided facilities for seeding rust userland processes is fine as long as it doesn't use too much from libc. FreeBSD's `arc4random_buf(3)` is not only a whole lot of libc code, but also not even currently exposed in the libc crate. Fortunately, the mechanism `arc4random_buf(3)` et al. use for getting entropy from the kernel ([`arc4rand(9)`](https://www.freebsd.org/cgi/man.cgi?query=arc4random&apropos=0&sektion=9&manpath=FreeBSD+10.3-RELEASE&arch=default&format=html)) is exposed via `sysctl(3)` with constants that are already in the libc crate. >I haven't found too much documentation on `KERN_ARND`—it's missing or only briefly described in most of the places that cover sysctl mibs. But, from digging through the kernel source, it appears that the sysctl used in this PR is very close to just calling `arc4rand(9)` directly (with `reseed` set to 0 and no way to change it). I expected [rand](/rust-lang-nursery/rand) to reply quicker, so I tried submitting it there first. It's been a few weeks with no comment, so I don't know the state of it, but maybe someone will see it here and have an opinion. This is basically the same patch. It pains me to duplicate the code but I guess it hasn't been factored out into just one place yet.
Use arc4rand(9) on FreeBSD From rust-random/rand#112: >After reading through #30691 it seems that there's general agreement that using OS-provided facilities for seeding rust userland processes is fine as long as it doesn't use too much from libc. FreeBSD's `arc4random_buf(3)` is not only a whole lot of libc code, but also not even currently exposed in the libc crate. Fortunately, the mechanism `arc4random_buf(3)` et al. use for getting entropy from the kernel ([`arc4rand(9)`](https://www.freebsd.org/cgi/man.cgi?query=arc4random&apropos=0&sektion=9&manpath=FreeBSD+10.3-RELEASE&arch=default&format=html)) is exposed via `sysctl(3)` with constants that are already in the libc crate. >I haven't found too much documentation on `KERN_ARND`—it's missing or only briefly described in most of the places that cover sysctl mibs. But, from digging through the kernel source, it appears that the sysctl used in this PR is very close to just calling `arc4rand(9)` directly (with `reseed` set to 0 and no way to change it). I expected [rand](/rust-lang-nursery/rand) to reply quicker, so I tried submitting it there first. It's been a few weeks with no comment, so I don't know the state of it, but maybe someone will see it here and have an opinion. This is basically the same patch. It pains me to duplicate the code but I guess it hasn't been factored out into just one place yet.
It turns out that Rust's CSPRNG isn't used in as many places as I
thought. We can't treat getentropy(2) quite like Linux's getrandom(2),
and running an entire C-implemented CSPRNG (arc4random) underneath Rust
probably isn't an acceptable option, so let's be safe and back out until
we're more confident.