Bug 54279 - Use /dev/urandom as the OSRandomSource on OS(DARWIN)
Summary: Use /dev/urandom as the OSRandomSource on OS(DARWIN)
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other OS X 10.5
: P2 Normal
Assignee: Adam Barth
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-11 01:44 PST by Adam Barth
Modified: 2011-02-12 15:05 PST (History)
4 users (show)

See Also:


Attachments
Patch (3.03 KB, patch)
2011-02-11 01:47 PST, Adam Barth
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2011-02-11 01:44:41 PST
Use /dev/urandom as the OSRandomSource on OS(DARWIN)
Comment 1 Adam Barth 2011-02-11 01:47:26 PST
Created attachment 82115 [details]
Patch
Comment 2 Mark Rowe (bdash) 2011-02-11 22:35:54 PST
arc4random itself on Mac OS X seeds from /dev/random rather than /dev/urandom.  On Mac OS X and FreeBSD the two are equivalent, but on Linux platforms /dev/random contains strictly more entropy than /dev/urandom, with the latter not being recommended for certain long-term cryptographic purposes.  Is there a particular reason why the code uses /dev/random rather than /dev/urandom?
Comment 3 Adam Barth 2011-02-11 23:20:40 PST
> arc4random itself on Mac OS X seeds from /dev/random rather than /dev/urandom.

Does it?

http://www.opensource.apple.com/source/Libc/Libc-391.2.7/gen/arc4random.c says:

	fd = open("/dev/urandom", O_RDONLY, 0);

Perhaps that code is out of date?
Comment 4 Adam Barth 2011-02-11 23:27:58 PST
In either case, my understanding is that this statement from wikipedia is accurate:

[[
A counterpart to /dev/random is /dev/urandom ("unlocked"/non-blocking random source[4]) which reuses the internal pool to produce more pseudo-random bits. This means that the call will not block, but the output may contain less entropy than the corresponding read from /dev/random. While it is still intended as a pseudorandom number generator suitable for most cryptographic purposes, it is not recommended for the generation of long-term cryptographic keys.
]]

For our purposes, the non-blocking nature of /dev/urandom is helpful (otherwise the browser will hang).  We're already re-using our entropy pool with RC4, so the net result is essentially the same.
Comment 5 Mark Rowe (bdash) 2011-02-12 02:51:09 PST
(In reply to comment #3)
> > arc4random itself on Mac OS X seeds from /dev/random rather than /dev/urandom.
> 
> Does it?
> 
> http://www.opensource.apple.com/source/Libc/Libc-391.2.7/gen/arc4random.c says:
> 
>     fd = open("/dev/urandom", O_RDONLY, 0);
> 
> Perhaps that code is out of date?

That code is certainly out of date.  Libc-391.2.7 looks to come from Mac OS X 10.4.x.  The version I was looking at is basically identical to what’s in current FreeBSD (<http://svn.freebsd.org/base/head/lib/libc/gen/arc4random.c>).
Comment 6 Mark Rowe (bdash) 2011-02-12 02:52:30 PST
(In reply to comment #4)
> For our purposes, the non-blocking nature of /dev/urandom is helpful (otherwise the browser will hang).  We're already re-using our entropy pool with RC4, so the net result is essentially the same.

If you’re convinced it’s good enough then that’s fine with me.  It’s obviously makes no difference on Mac OS X which we use as both /dev/urandom and /dev/random are backed by the same device.
Comment 7 WebKit Commit Bot 2011-02-12 13:34:02 PST
The commit-queue encountered the following flaky tests while processing attachment 82115 [details]:

http/tests/websocket/tests/handshake-challenge-randomness.html bug 53738 (author: abarth@webkit.org)
The commit-queue is continuing to process your patch.
Comment 8 WebKit Commit Bot 2011-02-12 13:35:40 PST
Comment on attachment 82115 [details]
Patch

Clearing flags on attachment: 82115

Committed r78421: <http://trac.webkit.org/changeset/78421>
Comment 9 WebKit Commit Bot 2011-02-12 13:35:45 PST
All reviewed patches have been landed.  Closing bug.
Comment 10 WebKit Commit Bot 2011-02-12 15:05:35 PST
The commit-queue encountered the following flaky tests while processing attachment 82115 [details]:

http/tests/websocket/tests/multiple-connections.html bug 53825 (author: abarth@webkit.org)
The commit-queue is continuing to process your patch.