Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Oct 2012 15:50:15 -0400
From:      Eitan Adler <eadler@freebsd.org>
To:        Pawel Jakub Dawidek <pjd@freebsd.org>
Cc:        mdf@freebsd.org, src-committers@freebsd.org, Andrey Chernov <ache@freebsd.org>, svn-src-all@freebsd.org, David Chisnall <theraven@freebsd.org>, svn-src-head@freebsd.org
Subject:   Re: svn commit: r241373 - head/lib/libc/stdlib
Message-ID:  <CAF6rxg=tbeSPq1LX8C373ggd90TmRowhoSjB2Vy468sSvKbfSA@mail.gmail.com>
In-Reply-To: <20121011114425.GA1562@garage.freebsd.pl>
References:  <201210091425.q99EPFS6020787@svn.freebsd.org> <507451DE.9060909@freebsd.org> <977E1107-46D4-476F-A04D-AEFD87D1DE53@FreeBSD.org> <CAMBSHm8GCDvJCHYcrPBQ6awKWnmNpnS-9YgX1uAoOePjZhf9QA@mail.gmail.com> <CAF6rxgkaoQKdrKBUj1GFcEDtoZ8gM0w68zxn-S2bgJdntp88Kg@mail.gmail.com> <20121011114425.GA1562@garage.freebsd.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
On 11 October 2012 07:44, Pawel Jakub Dawidek <pjd@freebsd.org> wrote:
> On Tue, Oct 09, 2012 at 01:51:05PM -0400, Eitan Adler wrote:
>> On 9 October 2012 13:27,  <mdf@freebsd.org> wrote:
>> > The original behavior can be recovered by using inline assembly to
>> > fetch the value from a register into a local C variable; this would at
>> > least not rely on undefined behavior.  But I agree it's of dubious
>> > value anyways.
>>
>> I proposed this (with a patch). We want to move to not using
>> /dev/random and instead make a kernel system call directly. The patch
>> for this is not finished yet though.
>
> You should do something similar to:
>
>         http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch

Yes, this is exactly the proposed "correct" fix. I haven't had time to
properly write and test such a patch though, so I opted for this one
in the meantime.

FWIW, the man page *used* to contain the text

     The srandomdev() routine initializes a state array using the random(4)
     random number device which returns good random numbers, suitable for
     cryptographic use.

which made this problem 'worse' as it mislead people into believing
rand/random could be used for crpyto.

des@ fixed this problem already



-- 
Eitan Adler
Source & Ports committer
X11, Bugbusting teams



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=tbeSPq1LX8C373ggd90TmRowhoSjB2Vy468sSvKbfSA>