Re: [Libevent-users] Fun facts about Libevent 2.0.4-alpha

[William Ahern <william@xxxxxxxxxxxxxxxxxx>]

On Wed, Mar 03, 2010 at 04:38:59PM -0500, Nick Mathewson wrote:
>
> * Libevent now uses a secure PRNG for the entropy that evdns needs to
> be secure.  This is arc4random() on platforms that provide it, and our
> own copy of arc4random() on platforms that don't.  You no longer need
> to replace the evdns transaction ID or random_bytes functions for
> security.
> 

I noticed that the compat version will expect to open a /dev randomness
device to stir. But this looks like it will fail for daemons which chroot. A
quick grep looks like arc4random_stir() isn't called anywhere (i.e. from a
libevent init routine).

Two possible solution:

(1) call arc4random_stir() from something which it is reasonable to expect
the application to call before chroot'ing.

and/or

(2) as Linux is probably by far the most common environment for libevent,
first try to grab bytes from sysctl. here's the relevant snippet from my own
portable arc4random implemention:

  int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
  unsigned char uuid[128];
  size_t len, n;

  for (len = 0; len < sizeof uuid; len += n) {
    n = sizeof uuid - len;

    if (0 != sysctl(mib, sizeof mib / sizeof mib[0], &uuid[len], &n, (void*)0, 0))
      break;
  }

  for (n = 0; n < len && n < sizeof rnd; n++)
    rnd.bytes[n] ^= uuid[n];


Interestingly, arc4random on FreeBSD just uses /dev/urandom, so at the very
least #1 should be used. But, that doesn't fix the re-seeding problem, and
at least on Linux that can be addressed like above.

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.