Date: Fri, 12 Oct 2012 11:24:37 +0800 From: Kevin Lo <kevlo@FreeBSD.org> To: Eitan Adler <eadler@FreeBSD.org> Cc: mdf@FreeBSD.org, src-committers@FreeBSD.org, Andrey Chernov <ache@FreeBSD.org>, svn-src-all@FreeBSD.org, David Chisnall <theraven@FreeBSD.org>, svn-src-head@FreeBSD.org, Pawel Jakub Dawidek <pjd@FreeBSD.org> Subject: Re: Re: svn commit: r241373 - head/lib/libc/stdlib Message-ID: <50778D75.7060009@FreeBSD.org> In-Reply-To: <CAF6rxg=tbeSPq1LX8C373ggd90TmRowhoSjB2Vy468sSvKbfSA@mail.gmail.com> References: <201210091425.q99EPFS6020787@svn.freebsd.org> <507451DE.9060909@freebsd.org> <977E1107-46D4-476F-A04D-AEFD87D1DE53@FreeBSD.org> <CAMBSHm8GCDvJCHYcrPBQ6awKWnmNpnS-9YgX1uAoOePjZhf9QA@mail.gmail.com> <CAF6rxgkaoQKdrKBUj1GFcEDtoZ8gM0w68zxn-S2bgJdntp88Kg@mail.gmail.com> <20121011114425.GA1562@garage.freebsd.pl> <CAF6rxg=tbeSPq1LX8C373ggd90TmRowhoSjB2Vy468sSvKbfSA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2012/10/12 03:50, Eitan Adler wrote: > On 11 October 2012 07:44, Pawel Jakub Dawidek <pjd@freebsd.org> wrote: >> On Tue, Oct 09, 2012 at 01:51:05PM -0400, Eitan Adler wrote: >>> On 9 October 2012 13:27, <mdf@freebsd.org> wrote: >>>> The original behavior can be recovered by using inline assembly to >>>> fetch the value from a register into a local C variable; this would at >>>> least not rely on undefined behavior. But I agree it's of dubious >>>> value anyways. >>> I proposed this (with a patch). We want to move to not using >>> /dev/random and instead make a kernel system call directly. The patch >>> for this is not finished yet though. >> You should do something similar to: >> >> http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch > Yes, this is exactly the proposed "correct" fix. I haven't had time to > properly write and test such a patch though, so I opted for this one > in the meantime. > > FWIW, the man page *used* to contain the text > > The srandomdev() routine initializes a state array using the random(4) > random number device which returns good random numbers, suitable for > cryptographic use. > > which made this problem 'worse' as it mislead people into believing > rand/random could be used for crpyto. > > des@ fixed this problem already As you may already know, this issue was pointed out by Xi Wang in his paper "Undefined Behavior: Who Moved My Code?" at APSYS 2012 conference: http://apsys2012.kaist.ac.kr/media/papers/apsys2012-final42.pdf The bottom line is don't use uninitialized memory as a source of entropy :-) Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50778D75.7060009>