[Toybox] You've seen the /dev/random shenanigans, right?

Eric Biggers ebiggers at google.com
Tue Sep 19 15:44:23 PDT 2023 

On Tue, Sep 19, 2023 at 03:23:54PM -0700, enh wrote:
> On Tue, Sep 19, 2023 at 2:48 PM Eric Biggers <ebiggers at google.com> wrote:
> >
> > On Tue, Sep 19, 2023 at 12:44:17PM -0700, enh wrote:
> > > > now writing to /dev/random not only doesn't credit entropy (so it
> > > > still blocks)
> >
> > It's always been like that, at least back to the earliest git commit in Linux
> > history (dated 2005).  The only way for userspace programs to credit entropy has
> > always been the RNDADDENTROPY and RNDADDTOENTCNT ioctls.
> >
> > > > but has an arbitrary delay about even mixing the data in.
> >
> > This has been the case since Linux v4.8, released in 2016.  v5.18 (released in
> > 2022) stopped pretending to care about the "premature next" security model and
> > therefore reseeds the CRNG more frequently, and even makes writes to
> > /dev/{u,}random take effect immediately in some (but not all) cases.  This
> > improved on the behavior you're complaining about, which again was introduced in
> > 2016.  IIRC there are still reasons for not making writes to /dev/{u,}random
> > *always* take effect immediately, but I can bring it up on the list again.
> 
> in the meantime, should EntropyMixer be using the ioctl? or does it
> not actually matter in this case?
> 

Android's EntropyMixer.java
(https://android.googlesource.com/platform/frameworks/base/+/main/services/core/java/com/android/server/EntropyMixer.java)
has never credited entropy, and it has never claimed to.  It just makes it so
that some entropy gets carried across reboots, without getting credited.

We could change it to (carefully) credit entropy, like what SeedRNG
(https://git.zx2c4.com/seedrng/tree/seedrng.c) does.  It's not clear how helpful
this would be, since it would not help for the first boot.

I suppose that in theory there could be devices where things block on the RNG
for a while in the first boot but ultimately are able to proceed.  We could
prevent that on subsequent boots, so maybe it would be worthwhile.

- Eric

More information about the Toybox mailing list