Date: Thu, 11 Oct 2012 15:50:15 -0400 From: Eitan Adler <eadler@freebsd.org> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: mdf@freebsd.org, src-committers@freebsd.org, Andrey Chernov <ache@freebsd.org>, svn-src-all@freebsd.org, David Chisnall <theraven@freebsd.org>, svn-src-head@freebsd.org Subject: Re: svn commit: r241373 - head/lib/libc/stdlib Message-ID: <CAF6rxg=tbeSPq1LX8C373ggd90TmRowhoSjB2Vy468sSvKbfSA@mail.gmail.com> In-Reply-To: <20121011114425.GA1562@garage.freebsd.pl> References: <201210091425.q99EPFS6020787@svn.freebsd.org> <507451DE.9060909@freebsd.org> <977E1107-46D4-476F-A04D-AEFD87D1DE53@FreeBSD.org> <CAMBSHm8GCDvJCHYcrPBQ6awKWnmNpnS-9YgX1uAoOePjZhf9QA@mail.gmail.com> <CAF6rxgkaoQKdrKBUj1GFcEDtoZ8gM0w68zxn-S2bgJdntp88Kg@mail.gmail.com> <20121011114425.GA1562@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 October 2012 07:44, Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > On Tue, Oct 09, 2012 at 01:51:05PM -0400, Eitan Adler wrote: >> On 9 October 2012 13:27, <mdf@freebsd.org> wrote: >> > The original behavior can be recovered by using inline assembly to >> > fetch the value from a register into a local C variable; this would at >> > least not rely on undefined behavior. But I agree it's of dubious >> > value anyways. >> >> I proposed this (with a patch). We want to move to not using >> /dev/random and instead make a kernel system call directly. The patch >> for this is not finished yet though. > > You should do something similar to: > > http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch Yes, this is exactly the proposed "correct" fix. I haven't had time to properly write and test such a patch though, so I opted for this one in the meantime. FWIW, the man page *used* to contain the text The srandomdev() routine initializes a state array using the random(4) random number device which returns good random numbers, suitable for cryptographic use. which made this problem 'worse' as it mislead people into believing rand/random could be used for crpyto. des@ fixed this problem already -- Eitan Adler Source & Ports committer X11, Bugbusting teams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=tbeSPq1LX8C373ggd90TmRowhoSjB2Vy468sSvKbfSA>