Date: Wed, 03 Apr 2013 22:24:00 -0700 From: Xin Li <delphij@delphij.net> To: Andrey Chernov <ache@freebsd.org> Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, src-committers@FreeBSD.org, Xin LI <delphij@FreeBSD.org>, Bruce Evans <brde@optusnet.com.au> Subject: Re: svn commit: r249035 - head/lib/libc/stdlib Message-ID: <515D0E70.8050701@delphij.net> In-Reply-To: <515BDADF.8060303@freebsd.org> References: <201304022341.r32NfL8L096954@svn.freebsd.org> <20130403165736.F819@besplex.bde.org> <515BDADF.8060303@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 4/3/13 12:31 AM, Andrey Chernov wrote: > On 03.04.2013 11:04, Bruce Evans wrote: >>> + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + >>> sysctl(mib, 2, (void *)&next, &len, NULL, 0); } >> >> The sysctl() is certain to fail on old kernels (like open of >> /dev/random on even older kernels), but there is no longer any >> error checking or handling. The contents of `next' on error is >> indeterminate (not documented in the man page), but is probably >> unchanged. Applications can actually detect this error although >> though the API doesn't support this, by using the documented >> implementation details and assuming that errno is properly left >> changed if the syscall fails (set errno to 0 before the call here >> and check it after). > > Even in case sysctl is not fail, kernel's arc4 is very poorly > initialized right after the boot. See the comment in the > libkern/arc4random.c arc4_randomstir(), it is about device not > loaded case, but it is the same even if device is loaded but not > harvest enough. NetBSD implementation of kernel's arc4 is different > from ours. True, but keep mind that neither random(3) nor rand(3) is intended to satisfy cryptographically secure needs, and I don't see a reason why kernel arc4 can not be improved. By the way, /dev/random won't even block about 5 weeks and was broken in 2006. > Really I am _very_ tired to tell people about the problem, to > write patches for the problem, etc., so anybody who are interested > can search more details and patches in the mail archives. To be honest, I don't personally have access to the archive (nor I'm aware there was one, the arc4 change you are talking about may predate my membership on secteam@ by the way). How about sending the patch again and let's see how we can work it out? Cheers, -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJRXQ5wAAoJEG80Jeu8UPuzsO0IALeYwGvIVG7xhyTEihKublqg 2B/6TdfklfRtR3wnY6xtnHxSjRYB/S1HLsATCB9SVgiq8NMgaEB5KdDFFbgPYUcv i4+BB30x6O3GvUQxAGZTbPm0mhTfpFmbhBb5hPM9CNbHzKoAYQqA/01rxf9DJJIj /Ob7lN287IfGDibWSX4iw867PrLSwlVJR/9bXigzQ6Zm21i/5rvXAqHhAwf1wQ3S frQ19XvadjipPe0+iBngJL2yclmHeyHw3NmocI+X7gZr2gAlKCNcabeDtzSs6UUm fUcQii0Onk7XnFRJnvXMmMlHAzVLTosR9HlFysPUbbytZvyHXeRPmnDcDP/3PlU= =/MFC -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?515D0E70.8050701>