From owner-svn-src-all@FreeBSD.ORG Thu May 30 07:13:29 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 5063170F; Thu, 30 May 2013 07:13:29 +0000 (UTC) (envelope-from das@FreeBSD.ORG) Received: from zim.MIT.EDU (50-196-151-174-static.hfc.comcastbusiness.net [50.196.151.174]) by mx1.freebsd.org (Postfix) with ESMTP id 2D30E632; Thu, 30 May 2013 07:13:29 +0000 (UTC) Received: from zim.MIT.EDU (localhost [127.0.0.1]) by zim.MIT.EDU (8.14.7/8.14.2) with ESMTP id r4U7DSCu091803; Thu, 30 May 2013 00:13:28 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by zim.MIT.EDU (8.14.7/8.14.2/Submit) id r4U7DST8091802; Thu, 30 May 2013 00:13:28 -0700 (PDT) (envelope-from das@FreeBSD.ORG) Date: Thu, 30 May 2013 00:13:28 -0700 From: David Schultz To: Xin LI Subject: Re: svn commit: r249035 - head/lib/libc/stdlib Message-ID: <20130530071328.GA91730@zim.MIT.EDU> References: <201304022341.r32NfL8L096954@svn.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201304022341.r32NfL8L096954@svn.freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 May 2013 07:13:29 -0000 On Tue, Apr 02, 2013, Xin LI wrote: > Author: delphij > Date: Tue Apr 2 23:41:20 2013 > New Revision: 249035 > URL: http://svnweb.freebsd.org/changeset/base/249035 > > Log: > Replace access to /dev/random with the kernel pseudo-random number > source sysctl(KERN_ARND) and remove the fallback code. Thanks. I wanted to do this several years ago. Incidentally, the reason I didn't is that I had some concerns about sysctl(KERN_ARND) not being sufficiently fail-safe. There were a couple of issues, but the main one was that if something in the kernel asked for a random number before the random device was loaded, the result was not-so-random numbers. Furthermore, since the generator was seeded at that point, it continued to give out not-so-random numbers for some time. I added the following log message in the problematic case: "random device not loaded; using insecure entropy" According to a Google search, I'm not the only person to have triggered it. (I hit it because I dynamically link most drivers, including random.ko. I'm not sure about the others.) I think your patch is good, but the kernel-side issues probably bear some investigation.