From owner-svn-src-all@FreeBSD.ORG Fri Oct 12 03:24:40 2012 Return-Path: Delivered-To: svn-src-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5CC52659; Fri, 12 Oct 2012 03:24:40 +0000 (UTC) (envelope-from kevlo@FreeBSD.org) Received: from ns.kevlo.org (kevlo.org [220.128.136.52]) by mx1.freebsd.org (Postfix) with ESMTP id 3006D8FC0A; Fri, 12 Oct 2012 03:24:39 +0000 (UTC) Received: from srg.kevlo.org (git.kevlo.org [220.128.136.52]) by ns.kevlo.org (8.14.5/8.14.5) with ESMTP id q9C3Oa36004846; Fri, 12 Oct 2012 11:24:36 +0800 (CST) (envelope-from kevlo@FreeBSD.org) Message-ID: <50778D75.7060009@FreeBSD.org> Date: Fri, 12 Oct 2012 11:24:37 +0800 From: Kevin Lo User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:15.0) Gecko/20121009 Thunderbird/15.0.1 MIME-Version: 1.0 To: Eitan Adler Subject: Re: Re: svn commit: r241373 - head/lib/libc/stdlib References: <201210091425.q99EPFS6020787@svn.freebsd.org> <507451DE.9060909@freebsd.org> <977E1107-46D4-476F-A04D-AEFD87D1DE53@FreeBSD.org> <20121011114425.GA1562@garage.freebsd.pl> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: mdf@FreeBSD.org, src-committers@FreeBSD.org, Andrey Chernov , svn-src-all@FreeBSD.org, David Chisnall , svn-src-head@FreeBSD.org, Pawel Jakub Dawidek X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2012 03:24:40 -0000 On 2012/10/12 03:50, Eitan Adler wrote: > On 11 October 2012 07:44, Pawel Jakub Dawidek wrote: >> On Tue, Oct 09, 2012 at 01:51:05PM -0400, Eitan Adler wrote: >>> On 9 October 2012 13:27, wrote: >>>> The original behavior can be recovered by using inline assembly to >>>> fetch the value from a register into a local C variable; this would at >>>> least not rely on undefined behavior. But I agree it's of dubious >>>> value anyways. >>> I proposed this (with a patch). We want to move to not using >>> /dev/random and instead make a kernel system call directly. The patch >>> for this is not finished yet though. >> You should do something similar to: >> >> http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch > Yes, this is exactly the proposed "correct" fix. I haven't had time to > properly write and test such a patch though, so I opted for this one > in the meantime. > > FWIW, the man page *used* to contain the text > > The srandomdev() routine initializes a state array using the random(4) > random number device which returns good random numbers, suitable for > cryptographic use. > > which made this problem 'worse' as it mislead people into believing > rand/random could be used for crpyto. > > des@ fixed this problem already As you may already know, this issue was pointed out by Xi Wang in his paper "Undefined Behavior: Who Moved My Code?" at APSYS 2012 conference: http://apsys2012.kaist.ac.kr/media/papers/apsys2012-final42.pdf The bottom line is don't use uninitialized memory as a source of entropy :-) Kevin