From owner-svn-src-head@freebsd.org Mon Oct 3 13:12:45 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55302AC632D; Mon, 3 Oct 2016 13:12:45 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E2FC1C9; Mon, 3 Oct 2016 13:12:44 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u93DCifu024252; Mon, 3 Oct 2016 13:12:44 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u93DCikZ024251; Mon, 3 Oct 2016 13:12:44 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201610031312.u93DCikZ024251@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Mon, 3 Oct 2016 13:12:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r306636 - head/lib/libc/gen X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Oct 2016 13:12:45 -0000 Author: emaste Date: Mon Oct 3 13:12:44 2016 New Revision: 306636 URL: https://svnweb.freebsd.org/changeset/base/306636 Log: libc arc4_stir: use only kern.arandom sysctl The sysctl cannot fail. If it does fail on some FreeBSD derivative or after some future change, just abort() so that the problem will be found and fixed. It's preferable to provide an arc4random() function that cannot fail and cannot return poor quality random data. While abort() is not normally suitable for a library, it makes sense here. Reviewed by: ed, jonathan, markm MFC after: 1 month Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D8077 Modified: head/lib/libc/gen/arc4random.c Modified: head/lib/libc/gen/arc4random.c ============================================================================== --- head/lib/libc/gen/arc4random.c Mon Oct 3 12:58:08 2016 (r306635) +++ head/lib/libc/gen/arc4random.c Mon Oct 3 13:12:44 2016 (r306636) @@ -137,35 +137,17 @@ arc4_sysctl(u_char *buf, size_t size) static void arc4_stir(void) { - int done, fd, i; - struct { - struct timeval tv; - pid_t pid; - u_char rnd[KEYSIZE]; - } rdat; + u_char rdat[KEYSIZE]; + int i; if (!rs_initialized) { arc4_init(); rs_initialized = 1; } - done = 0; - if (arc4_sysctl((u_char *)&rdat, KEYSIZE) == KEYSIZE) - done = 1; - if (!done) { - fd = _open(RANDOMDEV, O_RDONLY | O_CLOEXEC, 0); - if (fd >= 0) { - if (_read(fd, &rdat, KEYSIZE) == KEYSIZE) - done = 1; - (void)_close(fd); - } - } - if (!done) { - (void)gettimeofday(&rdat.tv, NULL); - rdat.pid = getpid(); - /* We'll just take whatever was on the stack too... */ - } + if (arc4_sysctl(rdat, KEYSIZE) != KEYSIZE) + abort(); /* Random sysctl cannot fail. */ - arc4_addrandom((u_char *)&rdat, KEYSIZE); + arc4_addrandom(rdat, KEYSIZE); /* * Discard early keystream, as per recommendations in: