[chrony-dev] nts_ke_server calling UTI

[chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: "chrony-dev@xxxxxxxxxxxxxxxxxxxx" <chrony-dev@xxxxxxxxxxxxxxxxxxxx>
Subject: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom
From: "Elliott, Robert (Servers)" <elliott@xxxxxxx>
Date: Thu, 28 Jul 2022 14:46:38 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=hpe.com; dmarc=pass action=none header.from=hpe.com; dkim=pass header.d=hpe.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y/oveXlxQHbi+R7myv793TBADuEsrq29XgSPZ4JtwJI=; b=VWV4C6tydxGLIUIaaom3TE764ki16fJWD31bBQwLW3R+EGefS0Mki77px8ZJpBx0oj2heKdvBcckUNRaQ8E3Xz8HI/7Z45sUGLDHMdhZOxHNWWfQ0hoaN+5yYgtt109nYCUF8TBstGSY6s3VqpUpCDk/T4ThNiPJ75gKZrEvK10xj3OfVT7OC7ZAD2GDaSd+5bGUEqpCpFWY2uznhpuX+dcU4wqvAwRqcQGgSaBtSuaTvo5UeqxSyd7YivfViW8QiDvuzFJhqUJPybSEeu3m+00XyV9mHQh7YxEUrIj44PmQJWo48SrLkEcQKT8XpcFqxq/etGk8KrHdRXXwLEaGCA==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S962nDY8SNfZ8QULodqX0wWAd2SIBIbroWCd/kCpVw1/MoTxVDPevTbVE9zwrjB4NilhovNJcC+9f34vdqK0BDecpWB2dD/xVeHKAE9WurNucWAqC8mkOV2p+91a9ngQO8LYCI7YzeBJFdAF9SzJD4PPu5FNfbw6XAOfjFbx51Fj35KKVG1g4rcWr5QizW/unV3cbsuHCmlLfAU44b+NVvfqDJvdIGARuGYQaOGf9boNkb270bOnQ/xa0zngzMjZbNkLqWG4EYbMQY28nEKLRlRm3JsEot8P6CTAkMWrYed60kGTYkSDnyg8CWEbaPR6ddXxDbh+6OAZ3V7J/uZa2w==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hpe.com; h=from : to : subject : date : message-id : content-type : content-transfer-encoding : mime-version; s=pps0720; bh=Y/oveXlxQHbi+R7myv793TBADuEsrq29XgSPZ4JtwJI=; b=VkjcxQU3qaOjp1rW7QIJNQsMJVo0qz3kslBXbSl1RkoXo06CfXjgmj2iAJPNE/9LPIb1 yI7zE7D/jBJhNwOmVp0OMJvdLZzX1z+/9zzyB8IKjAO05Ws0H72UbuJbiTdG8OCcqvQQ iWnadBYENRQnsJtXUxeb9h6Dui+aGROjhyuXI674HU1NWbF6HFzTEEVjpET/nKXJy0yq vFddxGbS0J3++Ke3pWiZVb0x17hW+ZpxxBSy14q9/s0hOWo4pw7qkFTysrZf2FrXI22f kY3bcRxNDg6hxj/b1Wta+2+vUwRStxXNtH5vWGEhZrGoSvU2vx/G8nXxerNcT3fS5kJd mQ==
Thread-index: Adiij6DbFoP0/w+fTGiMAJgcedDN2w==
Thread-topic: nts_ke_server calling UTI_GetRandomBytesUrandom

Two places call UTI_GetRandomBytesUrandom rather than UTI_GetRandomBytes.

1. nts_ke_server.c generate_key (from patch a420ed57q):
+  UTI_GetRandomBytesUrandom(server_keys[index].key, key_length);
+  if (!SIV_SetKey(server_keys[index].siv, server_keys[index].key, key_length))
+    assert(0);
+
+  UTI_GetRandomBytes(&server_keys[index].id, sizeof (server_keys[index].id));

2. client.c process_cmd_keygen (from patch 7fcf69ce):
+  UTI_GetRandomBytesUrandom(key, length);

Is there any reason for them to call the Urandom version directly?

Everywhere else (including 4 lines later in the generate_key function) calls 
UTI_GetRandomBytes, which attempts to use getrandom system call, and falls
back to UTI_GetRandomBytesUrandom if that isn't available or working.


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom
  - From: Miroslav Lichvar

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] wolfSSL support
Next by Date: Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom
Previous by thread: Re: [chrony-dev] wolfSSL support
Next by thread: Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/