use getgentropy() call. If it fails, things are pretty bad --

call abort(). this direction discussed at length with miod beck tedu matthew etc
author: deraadt <deraadt@openbsd.org> 2014-06-13 15:36:37 +0000
committer: deraadt <deraadt@openbsd.org> 2014-06-13 15:36:37 +0000
commit: 7e46e095650112e3ff3c84813551801512847a06 (patch)
tree: 9179eb0395f9b301f133eedb0dc89eed29989f8b /lib/libc
parent: use getentropy; from matthew (diff)
download: wireguard-openbsd-7e46e095650112e3ff3c84813551801512847a06.tar.xz
wireguard-openbsd-7e46e095650112e3ff3c84813551801512847a06.zip
1 files changed, 3 insertions, 8 deletions
diff --git a/lib/libc/crypt/arc4random.c b/lib/libc/crypt/arc4random.c
index e08b729a04d..4b6cde63fb8 100644
--- a/lib/libc/crypt/arc4random.c
+++ b/lib/libc/crypt/arc4random.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: arc4random.c,v 1.31 2014/05/31 10:32:12 jca Exp $	*/
+/*	$OpenBSD: arc4random.c,v 1.32 2014/06/13 15:36:37 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -77,15 +77,10 @@ _rs_init(u_char *buf, size_t n)
 static void
 _rs_stir(void)
 {
-	int     mib[2];
-	size_t	len;
 	u_char rnd[KEYSZ + IVSZ];
 
-	mib[0] = CTL_KERN;
-	mib[1] = KERN_ARND;
-
-	len = sizeof(rnd);
-	sysctl(mib, 2, rnd, &len, NULL, 0);
+	if (getentropy(rnd, sizeof rnd) == -1)
+		abort();
 
 	if (!rs_initialized) {
 		rs_initialized = 1;
author	deraadt <deraadt@openbsd.org>	2014-06-13 15:36:37 +0000
committer	deraadt <deraadt@openbsd.org>	2014-06-13 15:36:37 +0000
commit	7e46e095650112e3ff3c84813551801512847a06 (patch)
tree	9179eb0395f9b301f133eedb0dc89eed29989f8b /lib/libc
parent	use getentropy; from matthew (diff)
download	wireguard-openbsd-7e46e095650112e3ff3c84813551801512847a06.tar.xz wireguard-openbsd-7e46e095650112e3ff3c84813551801512847a06.zip