[PATCH] Update to the Samba crypto requirements document

Wed Jan 3 14:23:09 UTC 2018

On Wednesday, 3 January 2018 12:58:50 CET Volker Lendecke wrote:
> On Wed, Jan 03, 2018 at 12:53:18PM +0100, Andreas Schneider via samba-
technical wrote:
> > > > We could also use gnutls_rnd() in generate_random_buffer() which would
> > > > be
> > > > much faster than opening /dev/urandom.
> > > 
> > > Do we depend on gnutls even for the plain simple file server?
> > 
> > We don't depend on gnutls for Samba FS (yet).
> 
> So gnutls_rnd() would have to be #ifdef'ed.
> 
> If you look at commit e73ccc06, when I changed to always use
> /dev/urandom, I did measure the speed, and it was not bad. How much
> better is gnutls_rnd(), and does it handle fork() well? We should not
> run into the situation where two smbds have the same random source in
> user space.

I think it is faster because on it calls getentropy(), if it is available. But 
we could do that too. See attached patch.


Cheers,


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
>From ed6bb09ec2755c32f3fd166ce362736ba0e5ce9e Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 3 Jan 2018 14:51:40 +0100
Subject: [PATCH] lib:util: Use getentropy() if available

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 lib/util/genrand.c         | 22 ++++++++++++++++++++++
 lib/util/wscript_configure |  2 ++
 2 files changed, 24 insertions(+)

diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index a775535c49e..f142e36659a 100644
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -25,6 +25,27 @@
 #include "sys_rw_data.h"
 #include "lib/util/blocking.h"
 
+#if defined(HAVE_GETENTROPY)
+#define ENTROPY_MAX 256
+
+_PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
+{
+	int read = 0;
+	int ret;
+
+	for (read = 0; (len - read) > ENTROPY_MAX; read += ENTROPY_MAX) {
+		ret = getentropy(out + read, ENTROPY_MAX);
+		if (ret != 0) {
+			abort();
+		}
+	}
+
+	ret = getentropy(out + read, len - read);
+	if (ret != 0) {
+		abort();
+	}
+}
+#else /* !defined(HAVE_GETENTROPY) */
 static int urand_fd = -1;
 
 static void open_urandom(void)
@@ -50,6 +71,7 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
 		abort();
 	}
 }
+#endif /* defined(HAVE_GETENTROPY) */
 
 /*
  * Keep generate_secret_buffer in case we ever want to do something
diff --git a/lib/util/wscript_configure b/lib/util/wscript_configure
index 8e5a59c8480..91693e2def5 100644
--- a/lib/util/wscript_configure
+++ b/lib/util/wscript_configure
@@ -7,6 +7,8 @@ if Options.options.disable_fault_handling:
 # backtrace could be in libexecinfo or in libc
 conf.CHECK_FUNCS_IN('backtrace backtrace_symbols', 'execinfo', checklibc=True, headers='execinfo.h')
 
+conf.CHECK_FUNCS('getentropy', headers='unistd.h')
+
 conf.CHECK_STRUCTURE_MEMBER('struct statvfs', 'f_frsize', define='HAVE_FRSIZE', headers='sys/statvfs.h')
 
 # all the different ways of doing statfs
-- 
2.15.1

