Project

General

Profile

Bug #11614

libzfs_crypto.c doesn't need to use pkcs11_getrandom

Added by Jason King about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
lib - userland libraries
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

While investigating #11613, it was also noticed that libzfs_crypto is using pkcs11_get_random(). There is no reason to do this when we have getrandom(2). Note we still need to use PKCS#11 for the PBKDF2 support (though perhaps it would be useful to move that to libsoftcrypto, but that should be a separate ticket).

#1

Updated by Jason King about 1 year ago

  • Subject changed from libzfs_crypto.c should use getrandom(2) to libzfs_crypto.c doesn't need to use pkcs11_getrandom
#2

Updated by Jason King about 1 year ago

We can also use arc4random_buf (which is a bit simpler since we don't have to worry about return values while still providing cryptographically suitable randomness).

#3

Updated by Electric Monk about 1 year ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 4a3c0cdaf405cda95f1af235054ff0d94cd926c9

commit  4a3c0cdaf405cda95f1af235054ff0d94cd926c9
Author: Jason King <jason.king@joyent.com>
Date:   2019-08-27T00:15:43.000Z

    11613 libzfs_crypto doesn't need to use kmfapi.h
    11614 libzfs_crypto.c doesn't need to use pkcs11_getrandom
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
    Approved by: Gordon Ross <gwr@nexenta.com>

Also available in: Atom PDF