OpenSSL change for review.
--S1BNGpv0yoYahz37
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
As learned on someone else's mistakes, I'd like to ask for a review of
those changes related to random data handling:
http://people.freebsd.org/~pjd/patches/libc_arc4random.c.patch
http://people.freebsd.org/~pjd/patches/openssl_rand_unix.c.patch
The first patch changes arc4random() to use sysctl to obtain random data
instead of opening /dev/random. The main reason here is to make it more
sandbox-friendly. Once closed in sandbox, a process can no longer open
files, so it has no access to proper random data. As a side-effect it
should be a bit faster as instead of three system calls (open, read and
close) we use only one (__sysctl).
The second patch enables the use of libc's arc4random(3) in OpenSSL.
After implementing the first one I found that OpenBSD's arc4random(3)
also uses sysctl, but without fall back to /dev/random.
--=20
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
--S1BNGpv0yoYahz37
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAk/HywkACgkQForvXbEpPzRcZwCguqnhwuk92bUzZ1MJbMzsmqTV
vckAoNAVukmnA14Q5r7+ZQGX+JqL69n/
=xy5c
-----END PGP SIGNATURE-----
--S1BNGpv0yoYahz37--
討論串 (同標題文章)
完整討論串 (本文為第 1 之 4 篇):