From owner-cvs-all  Sun Nov 28 23: 1:17 1999
Delivered-To: cvs-all@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP
	id 46E0615343; Sun, 28 Nov 1999 23:01:10 -0800 (PST)
	(envelope-from bde@zeta.org.au)
Received: from bde.zeta.org.au (beefcake.zeta.org.au [203.26.10.12])
	by mailman.zeta.org.au (8.8.7/8.8.7) with ESMTP id SAA00976;
	Mon, 29 Nov 1999 18:09:20 +1100
Date: Mon, 29 Nov 1999 18:00:55 +1100 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-Sender: bde@alphplex.bde.org
To: Mike Smith <msmith@FreeBSD.org>
Cc: Warner Losh <imp@village.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c
 src/sys/libkern arc4random.c src/sys/sys libkern.h 
In-Reply-To: <199911282015.MAA00314@mass.cdrom.com>
Message-ID: <Pine.BSF.4.10.9911291736390.11459-100000@alphplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

On Sun, 28 Nov 1999, Mike Smith wrote:

> > In message <199911281751.JAA40710@freefall.freebsd.org> Dan Moschuk writes:
> > :   Reviewed and Approved by: bde, imp
> > 
> > Reviewed, but not completely approved by imp....  The main problem
> > with this, like I said in other mail, is it not using the /dev/random
> > entropy pool for this.
> 
> I actually effectively vetoed this commit (on IRC) for it's failure to do 
> just that.  I expect Dan to pay close attention to the feedback and DTRT 
> (which should include using the libc arcfour code as well, if he's not 
> already).

It's unreasonable to ask a new committer to use /dev/random when more
important things like netinet don't use it.  To use it in
machine-independent code, you first have to implement it for alpha.  Here
is a toy implementation:

#define	read_random(buf, nbytes)	0

This does the same thing as the i386 implementation on a bad day.  The
caller must be prepared for a limited amount of entropy being available.
All callers except the ones for userland get this wrong by calling
read_random() on alphas and always ignoring the result of read_random().

if_spppsubr.c, i4b_tel.c, i4b_l4mgmt.c:
Has a verbose ifdef for __FreeBSD__ >= 3 but no ifdef for __i386__.  Uses
stack garbage if read_random() returns a short read.

ipx_input.c:
No ifdefs at all.  Uses \0's if read_random() returns a short read.

The userland arc4random() avoids some of these problems by using
/dev/urandom instead of /dev/random.  It ignores the result returned
by read() of course.  The kernel equivalent is read_random_unlimited().
This may give lower quality randomness.  It is not used in the kernel
except to implement /dev/urandom.

Bruce



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message