Patch Set 2: > Sure, that's why getrandom has GRND_NONBLOCK flag and return value > indicating actual number of random bits returned. The consensus (as > I recall it) was to use osmo_rand() for "small" things like tmsi > (with fallback to currently used insecure rand()). The "big" things > are only necessary for crypto-related primitives which can use smth > like gnutls directly. This got to be thoroughly documented of > course.
Okay but then at least seed rand with good crypto on start. But by using the kernel for every request you will get to the -EWOULDBLOCK situation a lot earlier. Something that OpenSSL/GNUtls with their KDF are less prone of. The time for a NONCE to repeat with the KDF is probably also higher (but I am out of my area of expertise here). >From an engineer point of view. My SIP code got stuck as I used /dev/urandom >to generate a unique call id. And everytime I remotely logged in through VSAT >I generated enough entropy to make it continue... Just keep it in mind. :) -- To view, visit https://gerrit.osmocom.org/1526 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I0241b814ea4c4ce1458f7ad76e31d390383c2048 Gerrit-PatchSet: 2 Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Owner: Max <[email protected]> Gerrit-Reviewer: Harald Welte <[email protected]> Gerrit-Reviewer: Holger Freyther <[email protected]> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: Max <[email protected]> Gerrit-Reviewer: Neels Hofmeyr <[email protected]> Gerrit-HasComments: No
