Consider using getrandom() or getentropy() for NetBSD 10.0

[josephlr]

One of the things pointed out in #273 was that NetBSD 10.0 is set to introduce getrandom() and getentropy() compatibility functions in its libc. Similar to what we already do on DragonFly BSD, FreeBSD, and OpenBSD, we should consider if we want to use one of these functions as our randomness source.

As we still want to support NetBSD 9.2 and lower, we will need to check if this function exists, and only then call it. Otherwise, we should fall back to using the existing implementation. An example of this sort of functionality is our NetBSD implementation.

Note that we will not make any changes to our implementation until the NetBSD 10.0 API has been finalized.

Links

Mailing List discussion
Draft manpage

[alarixnia]

Please don't change the status quo at least until NetBSD 10.0 is finalized.

The NetBSD community is still divided over the API contracts we want to provide, and the behavior and availability of getrandom might change at a moment's notice.

[josephlr]

@alarixnia I would assume if FreeBSD provides a getrandom() function as part of it's libc, it would have the same properties as all the other OSes that have a getrandom() function, namely that with no flags it:

• returns cryptographically secure random bytes
• blocks if the kernel rng is not yet initialized

We don't really care about the semantics of the flags as we never use a non-zero flags value (except on Linux).

Am I mistaken about something here?

[josephlr]

Please don't change the status quo at least until NetBSD 10.0 is finalized.

Rest assured, we would not make this change until the API of 10.0 was finalized. However, it should be noted that OpenSSL already has code using the getrandom() function for NetBSD 10 and up.

EDIT: This was added in openssl/openssl@ef2a44e by @devnexen

[josephlr]

Also, it seems like the getrandom syscall is already listed on the "Significant changes from NetBSD 9.0 to 10.0" page. However, I do recognize that pre-release software is subject to change.

[alarixnia]

blocks if the kernel rng is not yet initialized

The devil is in the details, right? There isn't a way to check if the RNG is initialized from userspace (it will be initialized by the boot loader or init system). There is only a way to check the state of the entropy estimator... which has been removed in 10.0, so simply reports whether an HWRNG is present or not. Which results in the application hanging forever waiting for an estimation that will never arrive on systems without one.

Checking the state of the entropy estimator is something that's only reasonable to do during NetBSD setup, not during regular Rust application usage.

[riastradh]

The OpenSSL code to call getrandom under NetBSD is unreachable (an earlier #if branch will match, using sysctl kern.arandom) and is unlikely to have ever been tested.

[josephlr]

The OpenSSL code to call getrandom under NetBSD is unreachable (an earlier #if branch will match, using sysctl kern.arandom) and is unlikely to have ever been tested.

Thanks @riastradh, I missed that.

I've also updated this issue to make it clear this is about if we should call one of these methods once NetBSD 10.0 is out, rather than my ealier phrasing which made it sound like we would definitly call getrandom().

[josephlr]

Implemented in #331