> > That is false. Please read the actual code. The new variation uses
> > srandomdev() as an indicator that random() gets hooked direct to
> > arc4random. The guts of the algorithm are never used again.
> I did, that's why "fwiw" and "needed", as in "look, you fixed a bug
> without noticing".
On 07/16/2014 04:28 PM, Theo de Raadt wrote:
On 07/13/2014 06:31 PM, Jean-Philippe Ouellet wrote:
On Sun, Jul 13, 2014 at 04:03:53PM +0200, Brent Cook wrote:
On Jul 13, 2014, at 3:58 PM, Ted Unangst wrote:
@@ -411,6 +404,9 @@ static long
random_l(void)
{
int32_t i;
+
+ if (use_a
> On 07/13/2014 06:31 PM, Jean-Philippe Ouellet wrote:
> > On Sun, Jul 13, 2014 at 04:03:53PM +0200, Brent Cook wrote:
> >> On Jul 13, 2014, at 3:58 PM, Ted Unangst wrote:
> >>> @@ -411,6 +404,9 @@ static long
> >>> random_l(void)
> >>> {
> >>> int32_t i;
> >>> +
> >>> + if (use_arc4random)
> >>
On 07/13/2014 06:31 PM, Jean-Philippe Ouellet wrote:
On Sun, Jul 13, 2014 at 04:03:53PM +0200, Brent Cook wrote:
On Jul 13, 2014, at 3:58 PM, Ted Unangst wrote:
@@ -411,6 +404,9 @@ static long
random_l(void)
{
int32_t i;
+
+ if (use_arc4random)
+ return arc4random()
On Sun, Jul 13, 2014 at 04:03:53PM +0200, Brent Cook wrote:
> On Jul 13, 2014, at 3:58 PM, Ted Unangst wrote:
> > @@ -411,6 +404,9 @@ static long
> > random_l(void)
> > {
> > int32_t i;
> > +
> > + if (use_arc4random)
> > + return arc4random() & 0x7fff;
>
> return arc4random()
On Jul 13, 2014, at 3:58 PM, Ted Unangst wrote:
> If the user calls srandomdev(), they are asking for an unpredictable
> sequence, even one that could not normally be produced. So give them
> one. Use arc4random in that case.
>
>
> Index: stdlib/random.c
> =
If the user calls srandomdev(), they are asking for an unpredictable
sequence, even one that could not normally be produced. So give them
one. Use arc4random in that case.
Index: stdlib/random.c
===
RCS file: /cvs/src/lib/libc/stdlib
