Remember, the code
int is_less_than(int a, unsigned b) {
return a < b;
}
is buggy, since the C integer promotion rules basically turn it into
int is_less_than(int a, unsigned b) {
return ((unsigned)a) < b;
}
and we really want something closer to
int is_less_than(int a, unsigned b) {
return a < 0 || ((unsigned)a) < b;
}
.
Suggested by an example from Ralph Castain
For future note, opensolaris doesn't have sys/sysctl.h, doesn't like
comparing iov_buf to a chain_space_ptr without a cast, and is (predictably)
unforgiving of dumb syntax errors.
Also, we had accidentally broken the devpoll backend test in configure.in
It turns out that the happy fun Linux kernel is deprecating sysctl,
and using sysctl to fetch entropy will spew messages in the kernel
logs. Let's not do that. Instead, let's call sysctl for our
entropy only when all other means fail.
Additionally, let's add another means, and try
/proc/sys/kernel/random/uuid if /dev/urandom fails.
Of course, FreeBSD has its own arc4random() implementation, so this should
never actually be needed. Still, it's good to paint the underside of the
wagon.
William Ahern points out that if the user has chrooted, they might not
have a working /dev/urandom. Linux and many of the BSDs, however,
define a sysctl interface to their kernel random number generators.
This patch takes a belt-and-suspenders approach and tries to do use the
sysctl _and_ the /dev/urandom approach if both are present. When using
the sysctl approach, it tries to bulletproof itself by checking to make
sure that the buffers are actually set by the sysctl calls.
On Windows, getpid() is _getpid(), and requires that we first include
<process.h>. arc4random.c previously didn't know that.
Actually, I question whether arc4random needs to do its getpid() tricks
on Windows. They exist only so that we remember to re-seed the ARC4
cipher whenever we fork... but Windows has no fork(), so I think we're
in the clear.
Previously, evdns was at the mercy of the user for providing a good
entropy source; without one, it would be vulnerable to various
active attacks.
This patch adds a port of OpenBSD's arc4random() calls to Libevent
[port by Chris Davis], and wraps it up a little bit so we can use it
more safely.
