[PATCH v9] seedrng: import SeedRNG utility for kernel RNG seed files

Bernhard Reutner-Fischer rep.dot.nop at gmail.com
Wed Apr 20 13:55:45 UTC 2022 

Hi Jason!

On Tue, 19 Apr 2022 12:50:05 +0200
"Jason A. Donenfeld" <Jason at zx2c4.com> wrote:

> The RNG can't actually be seeded from a shell script, due to the
> reliance on ioctls and the fact that entropy written into the
> unprivileged /dev/urandom device is not immediately mixed in, making
> subsequent seed reads dangerous. For this reason, the seedrng project
> provides a basic "C script" meant to be copy and pasted into projects
> like Busybox and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>.
> 
> The SeedRNG construction has been part of systemd's seeder since
> January, and recently was added to Android, OpenRC, and Void's Runit,
> with more integrations on their way depending on context. Virtually
> every single Busybox-based distro I have seen seeds things in wrong,
> incomplete, or otherwise dangerous way. For example, fixing this issue
> in Buildroot requires first for Busybox to have this fix.
> 
> This commit imports it into Busybox and wires up the basic config. The
> utility itself is tiny, and unlike the example code from the SeedRNG
> project, we can re-use libbb's existing hash functions, rather than
> having to ship a standalone BLAKE2s, which makes this even smaller.
> 
> This adds only about 2k to a defconfig binary:
> 
> function                                             old     new   delta
> seedrng_main                                           -    1061   +1061
> seed_from_file_if_exists                               -     468    +468
> .rodata                                           100243  100610    +367
> packed_usage                                       34414   34480     +66
> static.longopts                                        -      26     +26
> applet_names                                        2747    2755      +8
> applet_main                                         3192    3200      +8
> ------------------------------------------------------------------------------
> (add/remove: 4/0 grow/shrink: 4/0 up/down: 2004/0)           Total: 2004 bytes
>    text    data     bss     dec     hex filename
> 1050657   16499    1816 1068972  104fac busybox_old
> 1052780   16515    1816 1071111  105807 busybox_unstripped

I've applied this v9 now, thanks for the patch and thanks a lot for your
patience!

PS: make bloatometer gives for me on x86_64 for this v9:
function                                             old     new   delta
seedrng_main                                           -     958    +958
seed_from_file_if_exists                               -     417    +417
.rodata                                           107858  108206    +348
packed_usage                                       34414   34480     +66
static.longopts                                        -      26     +26
applet_names                                        2747    2755      +8
applet_main                                         3192    3200      +8
------------------------------------------------------------------------------
(add/remove: 4/0 grow/shrink: 4/0 up/down: 1831/0)           Total: 1831 bytes
   text	   data	    bss	    dec	    hex	filename
 973776	   4219	   1816	 979811	  ef363	busybox_old
 975714	   4227	   1816	 981757	  efafd	busybox_unstripped

and the size of the applet is
   text	   data	    bss	    dec	    hex	filename
   1805	      0	      0	   1805	    70d	util-linux/seedrng.o

As said, there's room for at least another 150b savings, but let's defer
that to another round of code-golf ;)

thanks,

More information about the busybox mailing list