crypto/rand: cap getrandom reads to ~32 MB per call on Linux #20877
Labels
FrozenDueToAge
NeedsFix
The path to resolution is known, but the work has not been done.
release-blocker
Milestone
What version of Go are you using (
go version
)?The problem is obvious from inspection of the source code and the documented Linux getrandom semantics, I looked at master.
What operating system and processor architecture are you using (
go env
)?This affects all Linux platforms with support for the getrandom() system call.
What did you do?
Looked at the code to see if
crypto/rand
was correct or not.What did you expect to see?
getrandom() used correctly.
What did you see instead?
From the getrandom documentation:
From the system call implementation in drivers/char/random.c:
src/crypto/rand/rand_linux.go:getRandomLinux() will return false due to the truncated getrandom() output, and the caller will fall back to servicing the request by opening and reading from
/dev/urandom
.While I would be inclined to agree that a Read that is 32 MiB - 1 bytes or larger is excessive and out of the ordinary, this still should be handled correctly or documented.
The text was updated successfully, but these errors were encountered: