Make unpredictableSeed use getrandom (syscall) on Linux
#10623
Conversation
|
Thanks for your pull request, @0xEAB! Bugzilla referencesYour PR doesn't reference any Bugzilla issue. If your PR contains non-trivial changes, please reference a Bugzilla issue or create a manual changelog. Testing this PR locallyIf you don't have a local development environment setup, you can use Digger to test this PR: dub run digger -- build "master + phobos#10623" |
|
That function needs a warning. It is possible that the kernel may not have enough entropy stored to give a value. You want to call it sparingly and only after the system has been booted fully. |
I don’t think this is accurate.
And also:
|
|
Yes, during booting it may be empty. Once initialized the chance of it to be empty depends upon if it has been misused. In any case, a warning is needed ;) |
0xEAB
force-pushed
the
unpredictable-seed
branch
from
6fc083d to
e1ace22
Compare
0xEAB
force-pushed
the
unpredictable-seed
branch
from
e1ace22 to
20b2d00
Compare
|
@rikkimax
|
0xEAB
force-pushed
the
unpredictable-seed
branch
from
20b2d00 to
83cb01f
Compare
You have gone above and beyond what I was wanting! Good job. |
std/random.d
Outdated
| /** | ||
| A "good" seed for initializing random number engines. Initializing | ||
| with $(D_PARAM unpredictableSeed) makes engines generate different | ||
| random number sequences every run. | ||
|
|
||
| This function utilizes the system (CS-)PRNG where available and implemented |
There was a problem hiding this comment.
Use "(cryptographically secure) pseudo-random number generator" and introduce the acronym, and then use it throughout (rather than using the acronym first, and then spelling it out later).
There was a problem hiding this comment.
Updated to:
This function utilizes the system cryptographically-secure pseudo-random
number generator (CSPRNG) or pseudo-random number generator (PRNG)
where available and implemented (currentlyarc4randomon applicable BSD
systems orgetrandomon Linux) to generate “high quality” pseudo-random
numbers – if possible.
0xEAB
force-pushed
the
unpredictable-seed
branch
from
83cb01f to
d7c61f3
Compare
|
You know what, I’ll take this chance that this hasn’t been merged yet to ask a question or propose a change here. |
| static assert(buffer.sizeof <= 256); | ||
|
|
||
| const status = (() @trusted => getrandom(&buffer, buffer.sizeof, 0))(); | ||
| assert(status == buffer.sizeof); |
There was a problem hiding this comment.
- Are we fine that this assert might not make it into user code because of
-release? - Should we rather do
if (status != buffer.sizeof) { assert(false); }? - Should we rather do
if (status != buffer.sizeof) { return fallbackSeed(); }?
There was a problem hiding this comment.
Don't worry about it.
You get what you get when you use it.
There was a problem hiding this comment.
there is enforce for that. Is this optional by the way? so I can set it by a flag , 0, this, 1 getrandom, 2, something else kinda thing?
There was a problem hiding this comment.
Calling enforce() would make this nothrow @nogc function, well, throw and @gc.
There was a problem hiding this comment.
This function is just a way to generate a "good" seed for initializing random number engines – not a CSPRNG. (And if it were one, we definitely shouldn’t overengineer it. It could probably return an “optional”-type result then – but make it configurable – with options not applicable to all operating system –, rather nope. Also keep in mind, this thing has already been utilizing arc4random on applicable targets.)
This patch changes
unpredictableSeedto use thegetrandomsyscall on Linux.Currently,
unpredictableSeedcallsarc4random()on applicable BSD systems;for everything else it executes
RDRANDonInlineAsm_X86_Any-compatible targets or falls back to a homebrew solution.