svn commit: r241373 - head/lib/libc/stdlib
Eitan Adler
eadler at freebsd.org
Thu Oct 11 19:50:47 UTC 2012
On 11 October 2012 07:44, Pawel Jakub Dawidek <pjd at freebsd.org> wrote:
> On Tue, Oct 09, 2012 at 01:51:05PM -0400, Eitan Adler wrote:
>> On 9 October 2012 13:27, <mdf at freebsd.org> wrote:
>> > The original behavior can be recovered by using inline assembly to
>> > fetch the value from a register into a local C variable; this would at
>> > least not rely on undefined behavior. But I agree it's of dubious
>> > value anyways.
>>
>> I proposed this (with a patch). We want to move to not using
>> /dev/random and instead make a kernel system call directly. The patch
>> for this is not finished yet though.
>
> You should do something similar to:
>
> http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch
Yes, this is exactly the proposed "correct" fix. I haven't had time to
properly write and test such a patch though, so I opted for this one
in the meantime.
FWIW, the man page *used* to contain the text
The srandomdev() routine initializes a state array using the random(4)
random number device which returns good random numbers, suitable for
cryptographic use.
which made this problem 'worse' as it mislead people into believing
rand/random could be used for crpyto.
des@ fixed this problem already
--
Eitan Adler
Source & Ports committer
X11, Bugbusting teams
More information about the svn-src-head
mailing list