Am 01.08.2018 um 16:28 schrieb Gedare Bloom: > Is this relied on for IPSec? How secure is it?
Hello Gedare, the IPSec implementation in FreeBSD and therefore in RTEMS too uses that function. So you are right that it is a critical one for security. `read_random` is a low-level FreeBSD random number function. From the man page (see https://www.freebsd.org/cgi/man.cgi?query=read_random&manpath=FreeBSD+11.2-RELEASE+and+Ports): The read_random() function is used to return entropy directly from the entropy device if it has been loaded. If the entropy device is not loaded, then the buffer is ignored and zero is returned. The buffer is filled with no more than count bytes. It is strongly advised that read_random() is not used; instead use arc4rand() unless it is necessary to know that no entropy has been returned. That's basically the same what our `getentropy` does. Returning entropy directly from the entropy device if it is available. So it is as close to the original behavior as we can get. Of course `getentropy` only returns a good entropy if there is a real entropy source in the BSP. Currently that is only true for the atsam BSP. I think there should be a patch for BBB somewhere on the mailing list. We have a chapter in the BSP guide regarding that: https://docs.rtems.org/branches/master/bsp-howto/getentropy.html There is also a hint that a good entropy source is necessary for cryptographic applications. It would be great if you have a good idea how to make a user aware of the security problem if he doesn't use a good crypto source. Best regards Christian > > On Wed, Aug 1, 2018 at 4:04 AM, Christian Mauderer > <christian.maude...@embedded-brains.de> wrote: >> --- >> freebsd/sys/sys/random.h | 10 ++++++++++ >> 1 file changed, 10 insertions(+) >> >> diff --git a/freebsd/sys/sys/random.h b/freebsd/sys/sys/random.h >> index 396ec2b1..996ca5c1 100644 >> --- a/freebsd/sys/sys/random.h >> +++ b/freebsd/sys/sys/random.h >> @@ -50,11 +50,21 @@ read_random_uio(void *a __unused, u_int b __unused) >> { >> return (0); >> } >> +#ifndef __rtems__ >> static __inline u_int >> read_random(void *a __unused, u_int b __unused) >> { >> return (0); >> } >> +#else /* __rtems__ */ >> +#include <unistd.h> >> +static __inline u_int >> +read_random(void *ptr, u_int n) >> +{ >> + getentropy(ptr, n); >> + return (n); >> +} >> +#endif /* __rtems__ */ >> #endif >> >> /* >> -- >> 2.13.7 >> >> _______________________________________________ >> devel mailing list >> devel@rtems.org >> http://lists.rtems.org/mailman/listinfo/devel -- -------------------------------------------- embedded brains GmbH Herr Christian Mauderer Dornierstr. 4 D-82178 Puchheim Germany email: christian.maude...@embedded-brains.de Phone: +49-89-18 94 741 - 18 Fax: +49-89-18 94 741 - 08 PGP: Public key available on request. Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG. _______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel