Date: Mon, 29 Nov 1999 10:57:03 -0500 From: Dan Moschuk <dan@FreeBSD.ORG> To: Kris Kennaway <kris@hub.freebsd.org> Cc: Bruce Evans <bde@zeta.org.au>, Mike Smith <msmith@FreeBSD.ORG>, audit@FreeBSD.ORG, Warner Losh <imp@village.org> Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <19991129105703.C277@spirit.jaded.net> In-Reply-To: <Pine.BSF.4.21.9911282330220.21883-100000@hub.freebsd.org>; from kris@hub.freebsd.org on Sun, Nov 28, 1999 at 11:42:02PM -0800 References: <Pine.BSF.4.10.9911291736390.11459-100000@alphplex.bde.org> <Pine.BSF.4.21.9911282330220.21883-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
| Good point. Again, OpenBSD have presumably got working code we can pull
| over. I'll check that tomorrow, time permitting. Hmm, given this it may be
| more productive to simply bring across the entire OpenBSD /dev/random as
| Dan suggested, Mark's plans to implement Yarrow notwithstanding. Thoughts,
| Mark?
After closer examination, it seems that we do have a part OpenBSD /dev/random
implementation hiding in sys/i386/isa/random_machdep.c (although it is a
few revisions out of date).
As I've noted in private mail, I'm a little iffy on bringing Yarrow in as a
direct replacement at this time. The algorithm is still quite virgin, and
I think the matter will have to be researched more than "Bruce designed it,
it must be good" before a final decision is made.
| > This does the same thing as the i386 implementation on a bad day. The
| > caller must be prepared for a limited amount of entropy being available.
| > All callers except the ones for userland get this wrong by calling
| > read_random() on alphas and always ignoring the result of read_random().
|
| Can you suggest a decent fix? Simply polling until we fill our desired
| buffer? Using read_random_unlimited() may well be "good enough" in many
| cases.
I think the code already has a decent fix around this.
r = read_random(key, sizeof(key));
for (n = r; n < sizeof(key); n++)
key[n] = key[n % r];
If we can't fill 256 bytes, then we repeat until we do. Of course, this
code doesn't really handle r == 0 very well.
--
Dan Moschuk (TFreak!dan@freebsd.org)
"Cure for global warming: One giant heatsink and dual fans!"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991129105703.C277>