Press "Enter" to skip to content

Linux kernel 3.17 getrandom()

Linux Tux from Wikimedia
Linux Tux

Linus Torvalds has just released the Linux kernel version 3.17. Among other things, it comes with a new system call for random numbers named getrandom() introduced by Theodore Ts’o for the needs of applications such as LibreSSL. This new system call can be used to emulate the getentropy() of OpenBSD. Such random numbers are not algorithmic, and their unpredictability is useful for cryptographic and security applications. More information is available on Linux Weekly News.

Excerpt from the commit in the Git repository of the Linux kernel source:

The getrandom(2) system call was requested by the LibreSSL Portable
developers. It is analoguous to the getentropy(2) system call in
OpenBSD.

The rationale of this system call is to provide resiliance against
file descriptor exhaustion attacks, where the attacker consumes all
available file descriptors, forcing the use of the fallback code where
/dev/[u]random is not available. Since the fallback code is often not
well-tested, it is better to eliminate this potential failure mode
entirely.

The other feature provided by this new system call is the ability to
request randomness from the /dev/urandom entropy pool, but to block
until at least 128 bits of entropy has been accumulated in the
/dev/urandom entropy pool. Historically, the emphasis in the
/dev/urandom development has been to ensure that urandom pool is
initialized as quickly as possible after system boot, and preferably
before the init scripts start execution.

This is because changing /dev/urandom reads to block represents an
interface change that could potentially break userspace which is not
acceptable. In practice, on most x86 desktop and server systems, in
general the entropy pool can be initialized before it is needed (and
in modern kernels, we will printk a warning message if not). However,
on an embedded system, this may not be the case. And so with this new
interface, we can provide the functionality of blocking until the
urandom pool has been initialized. Any userspace program which uses
this new functionality must take care to assure that if it is used
during the boot process, that it will not cause the init scripts or
other portions of the system startup to hang indefinitely.

Notes. LibreSSL is a free version of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, forked from OpenSSL cryptographic software library in April 2014 by OpenBSD developers after the Heartbleed security vulnerability in OpenSSL.

One Comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Syntax · Style · .