dlsym(RTLD_DEFAULT, "getentropy") return non-NULL on Mac

Wang Weijun weijun.wang at oracle.com
Mon Nov 9 03:35:33 UTC 2015


> On Nov 8, 2015, at 7:18 PM, Dmitry Samersoff <dmitry.samersoff at oracle.com> wrote:
> 
> Wang Weijun,
> 
>> The function is rather new in the latest Solaris beta [1] and it's
>> preferred to reading from /dev/random. There are already people
>> suggest adding it to Linux. If I use simply using dlsym then it will
>> automatically work on all current and future platforms. In fact, I
>> was planning to write
> 
> 1. Please, check libc only not entire process image.

dlopen("libc.so", RTLD_LAZY)?

This works on Solaris but on Linux seems I have to use "libc.so.6".

> 
> 
> 2. OS X random system is a different story: /dev/random never blocks and
> returns the output of Yarrow PRNG.  Also OS X uses SecurityServer
> process to feed entropy pool.
> 
> So IMHO, it's better to don't attempt to use other functions on OS X
> until it appears officially.

OK.

> 
> 3. Please notice that:
> 
>   /dev/random will block if you request more bits than entropy pool can
> provide.
> 
>   but (according to manual page) getentropy will return immediately
> with error if less that requested bytes of entropy is available and you
> can't request more than 256 bytes of entropy at once.
> 
>    it might require changes in uplevel logic.

Not much. I won't need much entropy.

Thanks
Max

> 
> -Dmitry




More information about the security-dev mailing list