Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#17789 closed defect (wontfix)

Add syscall-based crypto seeding for OS X

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version: Tor: unspecified
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Add SecRandomCopyBytes and perhaps CCRandomGenerateBytes to crypto_strongest_rand_syscall, appropriately guarded by header/library availability.

See #13696 for details, particularly:
https://trac.torproject.org/projects/tor/ticket/13696#comment:13

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by nickm

I am okay with these so long as they actually extract random bytes directly from the kernel.

comment:2 Changed 5 years ago by nickm

(Which is to say, if they include an internal PRNG I'm not too excited about them, and if they just wrap open("/dev/random") I'm not too excited about them.)

comment:3 in reply to:  2 Changed 5 years ago by teor

Resolution: wontfix
Status: newclosed

Replying to nickm:

(Which is to say, if they include an internal PRNG I'm not too excited about them, and if they just wrap open("/dev/random") I'm not too excited about them.)

In fact, those are the exact two options the Apple APIs support!

They're also not fork()-safe, and they express this by abort()ing on the first call in a child after a fork() but before an exec(). This causes issues with (misbehaved) tor unit tests that initialise global random state, but don't TT_FORK.

There are ways to work around this, and the commit comment in my branch feature17789-v2 describes them. But they're complex, and pointless since we're not getting random bytes from the kernel itself.

Closing as wontfix, until a better Apple API comes along. At that time, the code in feature17789-v2 could be useful as a starting point.

comment:4 Changed 5 years ago by teor

Split off #17800 as a low-priority easy task to fix those tests that really should be forking before they irreversibly modify global state.

Note: See TracTickets for help on using tickets.