[Cryptography] Is Ron right on randomness

Theodore Ts'o tytso at mit.edu
Tue Dec 6 22:24:08 EST 2016 

On Mon, Dec 05, 2016 at 05:26:12PM -0800, Bill Cox wrote:
> 
> There is still something wrong.  I've tried a more recent 4.4.0-51-generic
> kernel in Ubuntu 14.04, with no luck.  There is no SYS_getrandom syscall
> available through the syscall function, nor getrandom in libc.  I'm running
> x64.  I see this:

Yes, there is no getrandom in libc.  That's because glibc developers
are being.... glibc, as I said before.  There has been discussion
about maybe the kernel developers should support a libinux.a library
that would allow us to bypass glibc when they are being non-helpful.

In any case, your file compiles just fine for me:

% gcc -Wall -o /tmp/foo /tmp/foo.c
% /tmp/foo
bytes read = 32
% strace /tmp/foo 2>&1 | grep getrandom
getrandom("\310Ag\363\315\4\340\252\244\302\305\252\0319\230\3432\243\256\21\304\f\305\204\220\347\266e\324\243T\235", 32, 0) = 32
% find /usr/include  -type f | xargs grep _getrandom
...
/usr/include/x86_64-linux-gnu/bits/syscall.h:#define SYS_getrandom __NR_getrandom
/usr/include/x86_64-linux-gnu/bits/syscall.h:#define SYS_getrandom __NR_getrandom
/usr/include/x86_64-linux-gnu/bits/syscall.h:#define SYS_getrandom __NR_getrandom
/usr/include/x86_64-linux-gnu/asm/unistd_32.h:#define __NR_getrandom 355
/usr/include/x86_64-linux-gnu/asm/unistd_64.h:#define __NR_getrandom 318
/usr/include/x86_64-linux-gnu/asm/unistd_x32.h:#define __NR_getrandom (__X32_SYSCALL_BIT + 318)
/usr/include/asm-generic/unistd.h:#define __NR_getrandom 278
/usr/include/asm-generic/unistd.h:__SYSCALL(__NR_getrandom, sys_getrandom)
% gcc -E /tmp/foo.c | grep bits/syscall
# 1 "/usr/include/x86_64-linux-gnu/bits/syscall.h" 1 3 4
% gcc -E /tmp/foo.c | grep unistd_
# 1 "/usr/include/x86_64-linux-gnu/asm/unistd_64.h" 1 3 4
% dpkg -S /usr/include/x86_64-linux-gnu/asm/unistd_64.h
linux-libc-dev:amd64: /usr/include/x86_64-linux-gnu/asm/unistd_64.h

> How can I access getrandom?  Is this a Debian/Ubuntu bug?

% lsb_release -a
No LSB modules are available.
Distributor ID:	   Debian
Description:	   Debian GNU/Linux testing (stretch)
Release:	   testing
Codename:	   stretch

Maybe an Ubuntu bug; maybe Canonical was too lazy to update their
header files since Linux 3.17?   I dunno....

					- Ted

More information about the cryptography mailing list