From owner-freebsd-audit Mon Nov 29 7:54:52 1999 Delivered-To: freebsd-audit@freebsd.org Received: from spirit.jaded.net (spirit.jaded.net [216.94.113.12]) by hub.freebsd.org (Postfix) with ESMTP id 5D37C14C35; Mon, 29 Nov 1999 07:54:49 -0800 (PST) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.9.3/8.9.3) id KAA01154; Mon, 29 Nov 1999 10:57:03 -0500 (EST) Date: Mon, 29 Nov 1999 10:57:03 -0500 From: Dan Moschuk To: Kris Kennaway Cc: Bruce Evans , Mike Smith , audit@FreeBSD.ORG, Warner Losh Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <19991129105703.C277@spirit.jaded.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from kris@hub.freebsd.org on Sun, Nov 28, 1999 at 11:42:02PM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG | Good point. Again, OpenBSD have presumably got working code we can pull | over. I'll check that tomorrow, time permitting. Hmm, given this it may be | more productive to simply bring across the entire OpenBSD /dev/random as | Dan suggested, Mark's plans to implement Yarrow notwithstanding. Thoughts, | Mark? After closer examination, it seems that we do have a part OpenBSD /dev/random implementation hiding in sys/i386/isa/random_machdep.c (although it is a few revisions out of date). As I've noted in private mail, I'm a little iffy on bringing Yarrow in as a direct replacement at this time. The algorithm is still quite virgin, and I think the matter will have to be researched more than "Bruce designed it, it must be good" before a final decision is made. | > This does the same thing as the i386 implementation on a bad day. The | > caller must be prepared for a limited amount of entropy being available. | > All callers except the ones for userland get this wrong by calling | > read_random() on alphas and always ignoring the result of read_random(). | | Can you suggest a decent fix? Simply polling until we fill our desired | buffer? Using read_random_unlimited() may well be "good enough" in many | cases. I think the code already has a decent fix around this. r = read_random(key, sizeof(key)); for (n = r; n < sizeof(key); n++) key[n] = key[n % r]; If we can't fill 256 bytes, then we repeat until we do. Of course, this code doesn't really handle r == 0 very well. -- Dan Moschuk (TFreak!dan@freebsd.org) "Cure for global warming: One giant heatsink and dual fans!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message