[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Re: [RFC] ra_svn::make_nonce: how to cope with entropy shortages?

From: Peter Samuelson <peter_at_p12n.org>
Date: Thu, 3 Nov 2011 16:26:57 -0500

[Jonathan Nieder]
> state = apr_random_standard_new(pool);
>
> for (;;) {
> while (apr_random_secure_ready(state) == APR_ENOTENOUGHENTROPY) {
> apr_generate_random_bytes(buf, sizeof(buf));
> apr_random_add_entropy(state, buf, sizeof(buf));
> }
>
> apr_random_secure_bytes(state, ret, n);
> yield;
> }

The problem is that svnserve is often used in 'inetd' mode, one
connection per process. I've recommended that for years, as being
easier and less hassle than managing a separate daemon. Given inetd
mode, your approach will exhaust /dev/random just as fast as the status
quo.

(Also, and this is minor, those functions didn't exist in apr 0.9, for
those poor souls still needing to build Subversion on platforms with
Apache 2.0. I don't _think_ we've ever dropped support for our
original apr platform, have we?)

-- 
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/
Received on 2011-11-03 22:27:37 CET

This is an archived mail posted to the Subversion Dev mailing list.