Re: Random seed and possible blocking of /dev/random

Sat, 06 Jan 2001 08:22:15 -0800 

On Fri, Jan 05, 2001 at 09:49:56PM +0100, Richard Levitte - VMS Whacker wrote:
> I got to wonder a little about our seeding mechanism and the
> possibility of /dev/random blocking when getting overwhelmed.
> The thought trailed on to reads with a timeout, and the question if
> and how a select() with a file descriptor pointing at a file or a
> random device does actually react.

I don't know how select() would act on a regular file. /dev/random
(and/or /dev/urandom) are no regular files, so we could first call
stat() and only continue when S_ISCHR() is true (character device).

> If select() is useable before read() for a standard file, then it
> would perhaps be possible to use possibly blocking devices like
> /dev/random and still not get impatient developpers on our throats
> :-).
Hmm, I would consider using non-blocking reads. Select() does not know
how many bytes you intend to read, so it will return "available" if
just one byte is there and the second byte will block. Of course we could
read byte-per-byte...
So we can stay with non-blocking reads, try to take the minimum defined
(20bytes as of now) and just take what's there.

> An extension to this could also be to check for more than one random
> device...

This brings me to related point. Would it make sense to define a "default"
place to look for an egd-socket? I had several contacts with people using
my prngd (egd replacement) that installed prngd and did expect openssl to
magically find it. This location would need to be in a "safe" place, so 
that no normal user can fake one just handing back prepared information
(ruling out /tmp as proposed in the egd-documentation). The only place
would probably in /etc. I know that /var would be better (I have my sockets
/under /var/run), but the directory structure is not portable enough.
-> /etc/egd-socket?
(I would not use /dev as this is for device files only (and might lead
to trouble on Linux-2.4 not even having a real /dev directory).)

> Comments?  Booohs?  Hoorays?
Hooray, that may reduce the unnecessary traffic on openssl-* :-)

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to