[gnutls-devel] GnuTLS | Do not keep fd open for /dev/urandom (#1188)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Mar 4 09:38:24 CET 2021

Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1188

On Unix, if `getrandom` syscall is not available, `/dev/urandom` is used as a random seed. For some reason, we keep the file descriptor open during the process lifetime and that caused [issues](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760476) in the past.

In the first place, however, `read` from that device is rare: only for the initial seeding and reseeding after the limit of DRBG. We probably should make the device access one-shot (i.e., do `open`/`close` every time), like other libraries do.

See https://gitlab.com/gnutls/gnutls/-/merge_requests/1383#note_519494090 for the discussion.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1188
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210304/8ba036e8/attachment.html>

More information about the Gnutls-devel mailing list