From owner-svn-src-head@FreeBSD.ORG Thu Oct 11 19:50:47 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CE89E65 for ; Thu, 11 Oct 2012 19:50:47 +0000 (UTC) (envelope-from lists@eitanadler.com) Received: from mail-pa0-f54.google.com (mail-pa0-f54.google.com [209.85.220.54]) by mx1.freebsd.org (Postfix) with ESMTP id 269A98FC19 for ; Thu, 11 Oct 2012 19:50:46 +0000 (UTC) Received: by mail-pa0-f54.google.com with SMTP id bi1so2287784pad.13 for ; Thu, 11 Oct 2012 12:50:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eitanadler.com; s=0xdeadbeef; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=CQukY16j5Omfr5zDK8/M8gSqNx2SiZfu9Ohz1cMAL0U=; b=HcsHCF58BbHpwyMVAzimflwCy2gd3zj4gBBkwLf1CB2MsaJ+eRIhos2rmiRonm0AJj 135huQCBTQre+v/N1B3Cp6FARMGg3wyozWBM5oRluxtXvUuX+auQLGvmqD5z3g+5kQj0 S8jmzQOQ+oWxZTd9gLXy0E2j+buO+QlSMDnZ0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :x-gm-message-state; bh=CQukY16j5Omfr5zDK8/M8gSqNx2SiZfu9Ohz1cMAL0U=; b=fqQpe4zBJXw0CyapHBBRN8sOup8G65Sqin7h5VJ0YTZsLR88MyD5NGrWvFlHFCxMMA D2i20/s0WuP9apB36dMvQNhTIQ2mMSMTsGjX/sfmOIUo2QvA726vis/Z1WDmK+FYpO9u YJxk4XOOc2MqEZ2xB+WfYY/087Uyc7Q+D52j+e4IxfTnEQBKbDMwj9ZxUR1sIccmVW3n MeLgQkzCmXw1i5Bj0Vn4EqNvfGhZ6PJrdeLwBaobv/3q+7awdJgBd8y6zh6v/leVWF6N f9UaWTs6oT4+oEqfl/TqbRbC8wwDXcXh1coA570Gcp4YXsXUvRd97zECztyAp+zwX6sb HPyA== Received: by 10.66.90.65 with SMTP id bu1mr5070060pab.31.1349985046592; Thu, 11 Oct 2012 12:50:46 -0700 (PDT) MIME-Version: 1.0 Sender: lists@eitanadler.com Received: by 10.66.161.163 with HTTP; Thu, 11 Oct 2012 12:50:15 -0700 (PDT) In-Reply-To: <20121011114425.GA1562@garage.freebsd.pl> References: <201210091425.q99EPFS6020787@svn.freebsd.org> <507451DE.9060909@freebsd.org> <977E1107-46D4-476F-A04D-AEFD87D1DE53@FreeBSD.org> <20121011114425.GA1562@garage.freebsd.pl> From: Eitan Adler Date: Thu, 11 Oct 2012 15:50:15 -0400 X-Google-Sender-Auth: XsG1IbJ7nqzAkBU3iTqIeOVqixQ Message-ID: Subject: Re: svn commit: r241373 - head/lib/libc/stdlib To: Pawel Jakub Dawidek Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQkLpAoiB+I3sp2WOxsHHhdraa6g65YQnA1aVv3mOv52auUhHIM9K08FZKnfvVdiolwsL3si Cc: mdf@freebsd.org, src-committers@freebsd.org, Andrey Chernov , svn-src-all@freebsd.org, David Chisnall , svn-src-head@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Oct 2012 19:50:47 -0000 On 11 October 2012 07:44, Pawel Jakub Dawidek wrote: > On Tue, Oct 09, 2012 at 01:51:05PM -0400, Eitan Adler wrote: >> On 9 October 2012 13:27, wrote: >> > The original behavior can be recovered by using inline assembly to >> > fetch the value from a register into a local C variable; this would at >> > least not rely on undefined behavior. But I agree it's of dubious >> > value anyways. >> >> I proposed this (with a patch). We want to move to not using >> /dev/random and instead make a kernel system call directly. The patch >> for this is not finished yet though. > > You should do something similar to: > > http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch Yes, this is exactly the proposed "correct" fix. I haven't had time to properly write and test such a patch though, so I opted for this one in the meantime. FWIW, the man page *used* to contain the text The srandomdev() routine initializes a state array using the random(4) random number device which returns good random numbers, suitable for cryptographic use. which made this problem 'worse' as it mislead people into believing rand/random could be used for crpyto. des@ fixed this problem already -- Eitan Adler Source & Ports committer X11, Bugbusting teams