From owner-cvs-all Sun Nov 28 23: 1:17 1999 Delivered-To: cvs-all@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 46E0615343; Sun, 28 Nov 1999 23:01:10 -0800 (PST) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (beefcake.zeta.org.au [203.26.10.12]) by mailman.zeta.org.au (8.8.7/8.8.7) with ESMTP id SAA00976; Mon, 29 Nov 1999 18:09:20 +1100 Date: Mon, 29 Nov 1999 18:00:55 +1100 (EST) From: Bruce Evans X-Sender: bde@alphplex.bde.org To: Mike Smith Cc: Warner Losh , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h In-Reply-To: <199911282015.MAA00314@mass.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk On Sun, 28 Nov 1999, Mike Smith wrote: > > In message <199911281751.JAA40710@freefall.freebsd.org> Dan Moschuk writes: > > : Reviewed and Approved by: bde, imp > > > > Reviewed, but not completely approved by imp.... The main problem > > with this, like I said in other mail, is it not using the /dev/random > > entropy pool for this. > > I actually effectively vetoed this commit (on IRC) for it's failure to do > just that. I expect Dan to pay close attention to the feedback and DTRT > (which should include using the libc arcfour code as well, if he's not > already). It's unreasonable to ask a new committer to use /dev/random when more important things like netinet don't use it. To use it in machine-independent code, you first have to implement it for alpha. Here is a toy implementation: #define read_random(buf, nbytes) 0 This does the same thing as the i386 implementation on a bad day. The caller must be prepared for a limited amount of entropy being available. All callers except the ones for userland get this wrong by calling read_random() on alphas and always ignoring the result of read_random(). if_spppsubr.c, i4b_tel.c, i4b_l4mgmt.c: Has a verbose ifdef for __FreeBSD__ >= 3 but no ifdef for __i386__. Uses stack garbage if read_random() returns a short read. ipx_input.c: No ifdefs at all. Uses \0's if read_random() returns a short read. The userland arc4random() avoids some of these problems by using /dev/urandom instead of /dev/random. It ignores the result returned by read() of course. The kernel equivalent is read_random_unlimited(). This may give lower quality randomness. It is not used in the kernel except to implement /dev/urandom. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message