Page MenuHomeFreeBSD
Differential D8077

libc arc4_stir: use only kern.arandom sysctl
ClosedPublic
Actions

Authored by emaste on Sep 29 2016, 5:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 16 2024, 4:09 PM
Unknown Object (File)
Jan 9 2024, 8:52 AM
Unknown Object (File)
Dec 20 2023, 8:07 PM
Unknown Object (File)
Dec 20 2023, 12:58 AM
Unknown Object (File)
Nov 13 2023, 10:20 AM
Unknown Object (File)
Oct 24 2023, 7:40 PM
Unknown Object (File)
Oct 21 2023, 6:58 PM
Unknown Object (File)
Oct 10 2023, 9:57 AM
View All 26 Files
Subscribers
allanjude
delphij
ed
glebius
jonathan
oshogbo

Details

Reviewers
jmg
markm
cperciva
ed
jonathan
Commits
rS306708: abort in srandomdev if kern.arandom sysctl fails
rS306636: libc arc4_stir: use only kern.arandom sysctl
Summary

The sysctl cannot fail. If it does fail on some FreeBSD derivative or after some future change, just abort() so that the problem will be found and fixed.

It's preferable to provide an arc4random() function that cannot fail and cannot return poor quality random data. While abort() is not normally suitable for a library, it makes sense here.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

emaste updated this revision to Diff 20820.Sep 29 2016, 5:39 PM
emaste retitled this revision from to libc arc4_stir: use only kern.arandom sysctl.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added reviewers: markm, cperciva, jmg.
markm accepted this revision.Oct 2 2016, 3:32 PM
markm edited edge metadata.

I really like the direction. One minor nit which is more of a question than an objection.

lib/libc/gen/arc4random.c
141

Simpler. Good.

148

Shouldn't this be a KASSERT()?

149

Nice to see this kind of yucky code go.

150

Tidier!

This revision is now accepted and ready to land.Oct 2 2016, 3:32 PM
emaste added inline comments.Oct 2 2016, 6:27 PM
lib/libc/gen/arc4random.c
148

This is the libc userland side

markm added inline comments.Oct 2 2016, 7:42 PM
lib/libc/gen/arc4random.c
148

I meant ASSERT() :-)

emaste added inline comments.Oct 2 2016, 7:52 PM
lib/libc/gen/arc4random.c
148

Ah. I'm worried about the case where it's compiled without assertions enabled though, leading back to a possible silent failure.

emaste added subscribers: oshogbo, allanjude, delphij, glebius.Oct 3 2016, 12:06 AM
emaste mentioned this in D1345: Capsicum support for jot(1).Oct 3 2016, 12:05 PM
ed accepted this revision.Oct 3 2016, 12:55 PM
ed added a reviewer: ed.
ed added a subscriber: ed.
ed added inline comments.
lib/libc/gen/arc4random.c
148

Letting this use abort() is good. Because this is crossing the user-kernel boundary, it's not an internal invariant of the C library that's failing. Only in those cases we should use assert().

oshogbo added inline comments.Oct 3 2016, 12:57 PM
lib/libc/gen/arc4random.c
148

Can't we just do
ret = arc4_sysctl(...)
assert(ret == KEYSIZE) ?

jonathan accepted this revision.Oct 3 2016, 1:05 PM
jonathan added a reviewer: jonathan.
jonathan added a subscriber: jonathan.

Very nice.

emaste added inline comments.Oct 3 2016, 1:08 PM
lib/libc/gen/arc4random.c
148

As @ed said, assert() is for internal invariants of the code in question, and it may be compiled out (if built with -NDEBUG). A failure here would be due to a change external to libc (e.g., someone changes the kernel).

Closed by commit rS306636: libc arc4_stir: use only kern.arandom sysctl (authored by emaste). · Explain WhyOct 3 2016, 1:13 PM
This revision was automatically updated to reflect the committed changes.
emaste mentioned this in D8133: abort in srandomdev if kern.arandom sysctl fails.Oct 3 2016, 1:44 PM

Revision Contents
Changeset List

PathSize
lib/
libc/
gen/
28 lines

Diff 20820

View Options

lib/libc/gen/arc4random.c

Loading...