On Tue, May 12, 2020 at 12:37:57PM +0000, nia wrote: > These use arandom exclusively on NetBSD: > - gnutls (via nettle _rnd_get_system_entropy) > Prefers getentropy and only uses getrandom if there's no getentropy. > - openssl (syscall_random) > Prefers getentropy and only uses getrandom if there's no getentropy. > - libuv (uv__random) > Prefers getentropy on macOS and Android. > - rust (getrandom crate, standard library and compiler) > - FreeBSD libc (to implement getentropy)
This is missing the "full disclosure: I added all but one of those myself". Rust used to read a byte from /dev/random, then use /dev/urandom. This was bad in "entropy depletion" NetBSD<=9, it no longer is. I don't understand this entire argument, we are arguing that getrandom(0) is very important to provide since we want to offer a no-file version of "read byte from /dev/random then read from /dev/urandom". Then we go against this idea and add getentropy as /dev/urandom. linux implements getentropy as getrandom(0), so it's a valid implementation that people acknowledge.
