-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 4/3/13 12:31 AM, Andrey Chernov wrote: > On 03.04.2013 11:04, Bruce Evans wrote: >>> + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + >>> sysctl(mib, 2, (void *)&next, &len, NULL, 0); } >> >> The sysctl() is certain to fail on old kernels (like open of >> /dev/random on even older kernels), but there is no longer any >> error checking or handling. The contents of `next' on error is >> indeterminate (not documented in the man page), but is probably >> unchanged. Applications can actually detect this error although >> though the API doesn't support this, by using the documented >> implementation details and assuming that errno is properly left >> changed if the syscall fails (set errno to 0 before the call here >> and check it after). > > Even in case sysctl is not fail, kernel's arc4 is very poorly > initialized right after the boot. See the comment in the > libkern/arc4random.c arc4_randomstir(), it is about device not > loaded case, but it is the same even if device is loaded but not > harvest enough. NetBSD implementation of kernel's arc4 is different > from ours.
True, but keep mind that neither random(3) nor rand(3) is intended to satisfy cryptographically secure needs, and I don't see a reason why kernel arc4 can not be improved. By the way, /dev/random won't even block about 5 weeks and was broken in 2006. > Really I am _very_ tired to tell people about the problem, to > write patches for the problem, etc., so anybody who are interested > can search more details and patches in the mail archives. To be honest, I don't personally have access to the archive (nor I'm aware there was one, the arc4 change you are talking about may predate my membership on secteam@ by the way). How about sending the patch again and let's see how we can work it out? Cheers, -----BEGIN PGP SIGNATURE----- iQEcBAEBCAAGBQJRXQ5wAAoJEG80Jeu8UPuzsO0IALeYwGvIVG7xhyTEihKublqg 2B/6TdfklfRtR3wnY6xtnHxSjRYB/S1HLsATCB9SVgiq8NMgaEB5KdDFFbgPYUcv i4+BB30x6O3GvUQxAGZTbPm0mhTfpFmbhBb5hPM9CNbHzKoAYQqA/01rxf9DJJIj /Ob7lN287IfGDibWSX4iw867PrLSwlVJR/9bXigzQ6Zm21i/5rvXAqHhAwf1wQ3S frQ19XvadjipPe0+iBngJL2yclmHeyHw3NmocI+X7gZr2gAlKCNcabeDtzSs6UUm fUcQii0Onk7XnFRJnvXMmMlHAzVLTosR9HlFysPUbbytZvyHXeRPmnDcDP/3PlU= =/MFC -----END PGP SIGNATURE----- _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
