From owner-freebsd-audit  Mon Nov 29  7:54:52 1999
Delivered-To: freebsd-audit@freebsd.org
Received: from spirit.jaded.net (spirit.jaded.net [216.94.113.12])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5D37C14C35; Mon, 29 Nov 1999 07:54:49 -0800 (PST)
	(envelope-from dan@spirit.jaded.net)
Received: (from dan@localhost)
	by spirit.jaded.net (8.9.3/8.9.3) id KAA01154;
	Mon, 29 Nov 1999 10:57:03 -0500 (EST)
Date: Mon, 29 Nov 1999 10:57:03 -0500
From: Dan Moschuk <dan@FreeBSD.ORG>
To: Kris Kennaway <kris@hub.freebsd.org>
Cc: Bruce Evans <bde@zeta.org.au>, Mike Smith <msmith@FreeBSD.ORG>,
	audit@FreeBSD.ORG, Warner Losh <imp@village.org>
Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h
Message-ID: <19991129105703.C277@spirit.jaded.net>
References: <Pine.BSF.4.10.9911291736390.11459-100000@alphplex.bde.org> <Pine.BSF.4.21.9911282330220.21883-100000@hub.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.9911282330220.21883-100000@hub.freebsd.org>; from kris@hub.freebsd.org on Sun, Nov 28, 1999 at 11:42:02PM -0800
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


| Good point. Again, OpenBSD have presumably got working code we can pull
| over. I'll check that tomorrow, time permitting. Hmm, given this it may be
| more productive to simply bring across the entire OpenBSD /dev/random as
| Dan suggested, Mark's plans to implement Yarrow notwithstanding. Thoughts,
| Mark?

After closer examination, it seems that we do have a part OpenBSD /dev/random
implementation hiding in sys/i386/isa/random_machdep.c (although it is a
few revisions out of date).

As I've noted in private mail, I'm a little iffy on bringing Yarrow in as a
direct replacement at this time.  The algorithm is still quite virgin, and
I think the matter will have to be researched more than "Bruce designed it,
it must be good" before a final decision is made.

| > This does the same thing as the i386 implementation on a bad day.  The
| > caller must be prepared for a limited amount of entropy being available.
| > All callers except the ones for userland get this wrong by calling
| > read_random() on alphas and always ignoring the result of read_random().
| 
| Can you suggest a decent fix? Simply polling until we fill our desired
| buffer? Using read_random_unlimited() may well be "good enough" in many
| cases.

I think the code already has a decent fix around this.

        r = read_random(key, sizeof(key));
        for (n = r; n < sizeof(key); n++)
                key[n] = key[n % r];

If we can't fill 256 bytes, then we repeat until we do.  Of course, this 
code doesn't really handle r == 0 very well.  

-- 
Dan Moschuk (TFreak!dan@freebsd.org)
"Cure for global warming: One giant heatsink and dual fans!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message