{"id":7966,"date":"2014-10-13T09:26:02","date_gmt":"2014-10-13T07:26:02","guid":{"rendered":"http:\/\/djalil.chafai.net\/blog\/?p=7966"},"modified":"2014-10-14T19:16:26","modified_gmt":"2014-10-14T17:16:26","slug":"linux-kernel-3-17","status":"publish","type":"post","link":"https:\/\/djalil.chafai.net\/blog\/2014\/10\/13\/linux-kernel-3-17\/","title":{"rendered":"Linux kernel 3.17 getrandom()"},"content":{"rendered":"<figure id=\"attachment_7967\" aria-describedby=\"caption-attachment-7967\" style=\"width: 300px\" class=\"wp-caption aligncenter\"><a href=\"http:\/\/djalil.chafai.net\/blog\/wp-content\/uploads\/2014\/10\/Linux_Tux_from_Wikimedia.png\"><img loading=\"lazy\" class=\"size-medium wp-image-7967\" src=\"http:\/\/djalil.chafai.net\/blog\/wp-content\/uploads\/2014\/10\/Linux_Tux_from_Wikimedia-300x290.png\" alt=\"Linux Tux from Wikimedia\" width=\"300\" height=\"290\" srcset=\"https:\/\/djalil.chafai.net\/blog\/wp-content\/uploads\/2014\/10\/Linux_Tux_from_Wikimedia-300x290.png 300w, https:\/\/djalil.chafai.net\/blog\/wp-content\/uploads\/2014\/10\/Linux_Tux_from_Wikimedia-1024x990.png 1024w, https:\/\/djalil.chafai.net\/blog\/wp-content\/uploads\/2014\/10\/Linux_Tux_from_Wikimedia-150x145.png 150w, https:\/\/djalil.chafai.net\/blog\/wp-content\/uploads\/2014\/10\/Linux_Tux_from_Wikimedia.png 1059w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><figcaption id=\"caption-attachment-7967\" class=\"wp-caption-text\">Linux Tux<\/figcaption><\/figure>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/en.wikipedia.org\/wiki\/Linus_Torvalds\">Linus Torvalds<\/a> has just <a href=\"https:\/\/lkml.org\/lkml\/2014\/10\/5\/126\">released<\/a> the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Linux_kernel\">Linux kernel<\/a>\u00a0version 3.17. Among other things, it comes with a new <a href=\"http:\/\/en.wikipedia.org\/wiki\/System_call\">system call<\/a> for <a href=\"http:\/\/en.wikipedia.org\/wiki\/Random_number_generation\">random numbers<\/a>\u00a0named\u00a0<strong>getrandom()<\/strong>\u00a0introduced by <a href=\"http:\/\/en.wikipedia.org\/wiki\/Theodore_Ts%27o\">Theodore Ts'o<\/a>\u00a0for the needs of applications such as <a href=\"http:\/\/en.wikipedia.org\/wiki\/LibreSSL\">LibreSSL<\/a>. This new system call can be used to emulate the <strong style=\"font-size: 13px;\"><tt>getentropy() <\/tt><\/strong>of <a href=\"http:\/\/en.wikipedia.org\/wiki\/OpenBSD\">OpenBSD<\/a>. Such random numbers are not algorithmic, and their unpredictability is useful for cryptographic and security applications.\u00a0More information is available on <a href=\"http:\/\/lwn.net\/Articles\/606141\/\">Linux Weekly News<\/a>.<\/p>\n<p style=\"text-align: justify;\">Excerpt from the\u00a0<a href=\"https:\/\/git.kernel.org\/cgit\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=c6e9d6f38894798696f23c8084ca7edbf16ee895\">commit<\/a>\u00a0in the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Git_(software)\">Git <\/a> repository of the Linux kernel source:<\/p>\n<blockquote>\n<p style=\"text-align: justify;\">The getrandom(2) system call was requested by the LibreSSL Portable<br \/>\ndevelopers. It is analoguous to the getentropy(2) system call in<br \/>\nOpenBSD.<\/p>\n<p style=\"text-align: justify;\">The rationale of this system call is to provide resiliance against<br \/>\nfile descriptor exhaustion attacks, where the attacker consumes all<br \/>\navailable file descriptors, forcing the use of the fallback code where<br \/>\n<a href=\"http:\/\/en.wikipedia.org\/?title=\/dev\/random\">\/dev\/[u]random<\/a> is not available. Since the fallback code is often not<br \/>\nwell-tested, it is better to eliminate this potential failure mode<br \/>\nentirely.<\/p>\n<p style=\"text-align: justify;\">The other feature provided by this new system call is the ability to<br \/>\nrequest randomness from the \/dev\/urandom entropy pool, but to block<br \/>\nuntil at least 128 bits of entropy has been accumulated in the<br \/>\n\/dev\/urandom entropy pool. Historically, the emphasis in the<br \/>\n\/dev\/urandom development has been to ensure that urandom pool is<br \/>\ninitialized as quickly as possible after system boot, and preferably<br \/>\nbefore the init scripts start execution.<\/p>\n<p style=\"text-align: justify;\">This is because changing \/dev\/urandom reads to block represents an<br \/>\ninterface change that could potentially break userspace which is not<br \/>\nacceptable. In practice, on most x86 desktop and server systems, in<br \/>\ngeneral the entropy pool can be initialized before it is needed (and<br \/>\nin modern kernels, we will printk a warning message if not). However,<br \/>\non an embedded system, this may not be the case. And so with this new<br \/>\ninterface, we can provide the functionality of blocking until the<br \/>\nurandom pool has been initialized. Any userspace program which uses<br \/>\nthis new functionality must take care to assure that if it is used<br \/>\nduring the boot process, that it will not cause the init scripts or<br \/>\nother portions of the system startup to hang indefinitely.<\/p>\n<\/blockquote>\n<p style=\"text-align: justify;\"><strong> Notes.<\/strong>\u00a0LibreSSL is a free\u00a0version of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, forked from OpenSSL\u00a0cryptographic software library in April 2014 by\u00a0OpenBSD developers after the <a href=\"http:\/\/en.wikipedia.org\/wiki\/Heartbleed\">Heartbleed security vulnerability in OpenSSL<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Linus Torvalds has just released the Linux kernel&nbsp;version 3.17. Among other things, it comes with a new system call for random numbers&nbsp;named&nbsp;getrandom()&nbsp;introduced by Theodore Ts'o&nbsp;for&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/djalil.chafai.net\/blog\/2014\/10\/13\/linux-kernel-3-17\/\">Continue reading<span class=\"screen-reader-text\">Linux kernel 3.17 getrandom()<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":133},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/posts\/7966"}],"collection":[{"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/comments?post=7966"}],"version-history":[{"count":19,"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/posts\/7966\/revisions"}],"predecessor-version":[{"id":7989,"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/posts\/7966\/revisions\/7989"}],"wp:attachment":[{"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/media?parent=7966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/categories?post=7966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/djalil.chafai.net\/blog\/wp-json\/wp\/v2\/tags?post=7966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}