[gnutls-devel] GnuTLS | Do not keep fd open for /dev/urandom (#1188)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Mar 4 09:38:24 CET 2021
Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1188
On Unix, if `getrandom` syscall is not available, `/dev/urandom` is used as a random seed. For some reason, we keep the file descriptor open during the process lifetime and that caused [issues](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760476) in the past.
In the first place, however, `read` from that device is rare: only for the initial seeding and reseeding after the limit of DRBG. We probably should make the device access one-shot (i.e., do `open`/`close` every time), like other libraries do.
See https://gitlab.com/gnutls/gnutls/-/merge_requests/1383#note_519494090 for the discussion.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1188
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel