From owner-svn-src-head@FreeBSD.ORG Thu Apr 4 05:24:01 2013 Return-Path: Delivered-To: svn-src-head@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 28046F17; Thu, 4 Apr 2013 05:24:01 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) by mx1.freebsd.org (Postfix) with ESMTP id 0BCD16D9; Thu, 4 Apr 2013 05:24:01 +0000 (UTC) Received: from delphij-macbook.local (c-67-188-85-47.hsd1.ca.comcast.net [67.188.85.47]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 9D595608A; Wed, 3 Apr 2013 22:24:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1365053040; bh=zDShSr4eMqOuWJUNmGQHTDOS0Yl8A/JSDDn7wpRfIE4=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=d/gNuZWZUWs+FNfQhIcEiHIbuYrvvDZS83XLoG8nH+cjxUQWpDEbF2LKzboMCGPyY fZlecb4KOei+swlLwFC/M/RPcD/cK1YWYsjLFsrmIIn4U5/UcQogHdxFd+XJPjQ1yA ninwxTj2pw1B+yJcqQJ1eGUOIPhmp8WXXB/nmacM= Message-ID: <515D0E70.8050701@delphij.net> Date: Wed, 03 Apr 2013 22:24:00 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Andrey Chernov Subject: Re: svn commit: r249035 - head/lib/libc/stdlib References: <201304022341.r32NfL8L096954@svn.freebsd.org> <20130403165736.F819@besplex.bde.org> <515BDADF.8060303@freebsd.org> In-Reply-To: <515BDADF.8060303@freebsd.org> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org, Xin LI , Bruce Evans X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: d@delphij.net List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Apr 2013 05:24:01 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 4/3/13 12:31 AM, Andrey Chernov wrote: > On 03.04.2013 11:04, Bruce Evans wrote: >>> + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + >>> sysctl(mib, 2, (void *)&next, &len, NULL, 0); } >> >> The sysctl() is certain to fail on old kernels (like open of >> /dev/random on even older kernels), but there is no longer any >> error checking or handling. The contents of `next' on error is >> indeterminate (not documented in the man page), but is probably >> unchanged. Applications can actually detect this error although >> though the API doesn't support this, by using the documented >> implementation details and assuming that errno is properly left >> changed if the syscall fails (set errno to 0 before the call here >> and check it after). > > Even in case sysctl is not fail, kernel's arc4 is very poorly > initialized right after the boot. See the comment in the > libkern/arc4random.c arc4_randomstir(), it is about device not > loaded case, but it is the same even if device is loaded but not > harvest enough. NetBSD implementation of kernel's arc4 is different > from ours. True, but keep mind that neither random(3) nor rand(3) is intended to satisfy cryptographically secure needs, and I don't see a reason why kernel arc4 can not be improved. By the way, /dev/random won't even block about 5 weeks and was broken in 2006. > Really I am _very_ tired to tell people about the problem, to > write patches for the problem, etc., so anybody who are interested > can search more details and patches in the mail archives. To be honest, I don't personally have access to the archive (nor I'm aware there was one, the arc4 change you are talking about may predate my membership on secteam@ by the way). How about sending the patch again and let's see how we can work it out? Cheers, -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJRXQ5wAAoJEG80Jeu8UPuzsO0IALeYwGvIVG7xhyTEihKublqg 2B/6TdfklfRtR3wnY6xtnHxSjRYB/S1HLsATCB9SVgiq8NMgaEB5KdDFFbgPYUcv i4+BB30x6O3GvUQxAGZTbPm0mhTfpFmbhBb5hPM9CNbHzKoAYQqA/01rxf9DJJIj /Ob7lN287IfGDibWSX4iw867PrLSwlVJR/9bXigzQ6Zm21i/5rvXAqHhAwf1wQ3S frQ19XvadjipPe0+iBngJL2yclmHeyHw3NmocI+X7gZr2gAlKCNcabeDtzSs6UUm fUcQii0Onk7XnFRJnvXMmMlHAzVLTosR9HlFysPUbbytZvyHXeRPmnDcDP/3PlU= =/MFC -----END PGP SIGNATURE-----