Make `unpredictableSeed` use `getrandom` (syscall) on Linux by 0xEAB · Pull Request #10623 · dlang/phobos

0xEAB · 2025-01-19T00:55:47Z

This patch changes unpredictableSeed to use the getrandom syscall on Linux.

Currently, unpredictableSeed calls arc4random() on applicable BSD systems;
for everything else it executes RDRAND on InlineAsm_X86_Any-compatible targets or falls back to a homebrew solution.

dlang-bot · 2025-01-19T00:55:50Z

Thanks for your pull request, @0xEAB!

Bugzilla references

Your PR doesn't reference any Bugzilla issue.

If your PR contains non-trivial changes, please reference a Bugzilla issue or create a manual changelog.

Testing this PR locally

If you don't have a local development environment setup, you can use Digger to test this PR:

dub run digger -- build "master + phobos#10623"

rikkimax · 2025-01-19T00:58:32Z

That function needs a warning.

It is possible that the kernel may not have enough entropy stored to give a value.

You want to call it sparingly and only after the system has been booted fully.

0xEAB · 2025-01-19T01:24:59Z

and only after the system has been booted fully.

I don’t think this is accurate.
Quoting random(4):

When read during early boot time, /dev/urandom may return data prior to the entropy pool being initialized.

And also:

If this is of concern in your application, use getrandom(2) […] instead.

rikkimax · 2025-01-19T01:28:41Z

Yes, during booting it may be empty. Once initialized the chance of it to be empty depends upon if it has been misused.

In any case, a warning is needed ;)

0xEAB · 2025-01-19T02:16:09Z

@rikkimax
I’ve added further notes and a randomnes-quality warning. Please check whether you consider those sufficient.

@everyone
Please spell/grammar check those new paragraphs of technobabble.

rikkimax · 2025-01-19T02:46:55Z

@rikkimax
I’ve added further notes and a randomnes-quality warning. Please check whether you consider those sufficient.

You have gone above and beyond what I was wanting!

Good job.

thewilsonator · 2025-01-19T03:41:01Z

std/random.d

 with $(D_PARAM unpredictableSeed) makes engines generate different
 random number sequences every run.

+This function utilizes the system (CS-)PRNG where available and implemented


Use "(cryptographically secure) pseudo-random number generator" and introduce the acronym, and then use it throughout (rather than using the acronym first, and then spelling it out later).

Updated to:

This function utilizes the system cryptographically-secure pseudo-random
number generator (CSPRNG) or pseudo-random number generator (PRNG)
where available and implemented (currently arc4random on applicable BSD
systems or getrandom on Linux) to generate “high quality” pseudo-random
numbers – if possible.

0xEAB · 2025-01-24T22:14:09Z

You know what, I’ll take this chance that this hasn’t been merged yet to ask a question or propose a change here.

0xEAB · 2025-01-24T22:15:44Z

std/random.d

+        static assert(buffer.sizeof <= 256);
+
+        const status = (() @trusted => getrandom(&buffer, buffer.sizeof, 0))();
+        assert(status == buffer.sizeof);


Are we fine that this assert might not make it into user code because of -release?

Should we rather do if (status != buffer.sizeof) { assert(false); }?

Should we rather do if (status != buffer.sizeof) { return fallbackSeed(); }?

Don't worry about it.

You get what you get when you use it.

there is enforce for that. Is this optional by the way? so I can set it by a flag , 0, this, 1 getrandom, 2, something else kinda thing?

Calling enforce() would make this nothrow @nogc function, well, throw and @gc.

This function is just a way to generate a "good" seed for initializing random number engines – not a CSPRNG. (And if it were one, we definitely shouldn’t overengineer it. It could probably return an “optional”-type result then – but make it configurable – with options not applicable to all operating system –, rather nope. Also keep in mind, this thing has already been utilizing arc4random on applicable targets.)

dkorpel · 2025-04-04T12:06:55Z

I think this caused a regression in 2.111: https://forum.dlang.org/post/dxgjgvfrlawgiajklzpm@forum.dlang.org

0xEAB · 2025-04-04T15:44:32Z

@dkorpel
Do we really aim to support glibc versions from almost a decade ago?

glibc 2.25 — that added getrandom() — was released 8 years ago in Feb 2017.
https://lists.gnu.org/archive/html/info-gnu/2017-02/msg00002.html

rikkimax · 2025-04-04T16:27:25Z

https://wiki.ubuntu.com/Releases

If it's still being used, it's reasonable to say that we support it.

0xEAB · 2025-04-04T16:42:54Z

https://wiki.ubuntu.com/Releases

If it's still being used, it's reasonable to say that we support it.

The oldest freely available (i.e. non-ESM) version of Ubuntu is 20.04 which ships with glibc 2.31: https://packages.ubuntu.com/focal/libc-bin

0xEAB · 2025-04-04T16:46:46Z

The report on the newsgroup however was about OpenSUSE.

0xEAB · 2025-04-04T16:50:53Z

AFAICT both openSUSE Leap and Tumbleweed should come with new enough glibc versions 🤔

0xEAB added Severity:Enhancement OS:Linux Issues specific to Linux labels Jan 19, 2025

0xEAB requested a review from LightBender January 19, 2025 00:55

thewilsonator approved these changes Jan 19, 2025

View reviewed changes

0xEAB force-pushed the unpredictable-seed branch from 6fc083d to e1ace22 Compare January 19, 2025 02:10

0xEAB requested a review from rikkimax January 19, 2025 02:10

0xEAB force-pushed the unpredictable-seed branch from e1ace22 to 20b2d00 Compare January 19, 2025 02:12

rikkimax approved these changes Jan 19, 2025

View reviewed changes

0xEAB force-pushed the unpredictable-seed branch from 20b2d00 to 83cb01f Compare January 19, 2025 02:17

thewilsonator reviewed Jan 19, 2025

View reviewed changes

0xEAB mentioned this pull request Jan 19, 2025

Make unpredictableSeed use BCryptGenRandom (CNG) on Windows #10624

Merged

Make unpredictableSeed use getrandom (syscall) on Linux

d7c61f3

0xEAB force-pushed the unpredictable-seed branch from 83cb01f to d7c61f3 Compare January 19, 2025 04:12

thewilsonator added the Merge:auto-merge label Jan 19, 2025

0xEAB removed the Merge:auto-merge label Jan 24, 2025

0xEAB commented Jan 24, 2025

View reviewed changes

thewilsonator added the Merge:auto-merge label Jan 25, 2025

dlang-bot merged commit f2c49d3 into dlang:master Jan 25, 2025
9 checks passed

0xEAB mentioned this pull request Apr 6, 2025

getrandom() backwards compatibility shim #10741

Merged

Uh oh!

Comments

Conversation

0xEAB commented Jan 19, 2025

Uh oh!

dlang-bot commented Jan 19, 2025

Bugzilla references

Testing this PR locally

Uh oh!

rikkimax commented Jan 19, 2025

Uh oh!

0xEAB commented Jan 19, 2025

Uh oh!

rikkimax commented Jan 19, 2025

Uh oh!

0xEAB commented Jan 19, 2025

Uh oh!

rikkimax commented Jan 19, 2025

Uh oh!

thewilsonator Jan 19, 2025

Choose a reason for hiding this comment

Uh oh!

0xEAB Jan 19, 2025

Choose a reason for hiding this comment

Uh oh!

0xEAB commented Jan 24, 2025

Uh oh!

0xEAB Jan 24, 2025

Choose a reason for hiding this comment

Uh oh!

rikkimax Jan 24, 2025

Choose a reason for hiding this comment

Uh oh!

4dacowgirl Jan 25, 2025

Choose a reason for hiding this comment

Uh oh!

0xEAB Jan 25, 2025

Choose a reason for hiding this comment

Uh oh!

0xEAB Jan 25, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

dkorpel commented Apr 4, 2025

Uh oh!

0xEAB commented Apr 4, 2025

Uh oh!

rikkimax commented Apr 4, 2025

Uh oh!

0xEAB commented Apr 4, 2025

Uh oh!

0xEAB commented Apr 4, 2025

Uh oh!

0xEAB commented Apr 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

0xEAB commented Apr 4, 2025 •

edited

Loading