From c62ff2800ba9e4b6e851ae71b1696b28920854b9 Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Sat, 14 Dec 2019 08:28:10 +0000 Subject: Deprecate sranddev(3) API It serves no useful purpose and wasn't as popular as its equally meritless cousin, srandomdev(3). Setting aside the problems with rand(3) in general, the problem with this interface is that the seed isn't shared with the caller (other than by attacking the output of the generator, which is trivial, but not a hallmark of pleasant API design). The (arguable) utility of rand(3) or random(3) is as a semi-fast simulation generator which produces consistent results from a given seed. These are mutually at odd. Furthermore, sometimes people got the mistaken impression that a high quality random seed meant a weak generator like rand(3) or random(3) could be used for things like cryptographic key generation. This is absolutely not so. The API was never part of a standard and was not widely used in tree. Existing in-tree uses have all been removed. Possible replacement in out of tree codebases: char buf[3]; time_t t; time(t); strftime(buf, sizeof(buf), "%S", gmtime(&t)); srand(atoi(buf)); Relnotes: yes --- lib/libc/stdlib/Makefile.inc | 2 +- lib/libc/stdlib/Symbol.map | 1 - lib/libc/stdlib/rand.3 | 12 +++--------- lib/libc/stdlib/rand.c | 25 ++++++++++--------------- 4 files changed, 14 insertions(+), 26 deletions(-) (limited to 'lib/libc/stdlib') diff --git a/lib/libc/stdlib/Makefile.inc b/lib/libc/stdlib/Makefile.inc index ee6d98e9cf6a9..1a44306973856 100644 --- a/lib/libc/stdlib/Makefile.inc +++ b/lib/libc/stdlib/Makefile.inc @@ -52,7 +52,7 @@ MLINKS+=insque.3 remque.3 MLINKS+=lsearch.3 lfind.3 MLINKS+=ptsname.3 grantpt.3 ptsname.3 unlockpt.3 MLINKS+=qsort.3 heapsort.3 qsort.3 mergesort.3 qsort.3 qsort_r.3 -MLINKS+=rand.3 rand_r.3 rand.3 srand.3 rand.3 sranddev.3 +MLINKS+=rand.3 rand_r.3 rand.3 srand.3 MLINKS+=random.3 initstate.3 random.3 setstate.3 random.3 srandom.3 \ random.3 srandomdev.3 MLINKS+=radixsort.3 sradixsort.3 diff --git a/lib/libc/stdlib/Symbol.map b/lib/libc/stdlib/Symbol.map index 8682901bca6df..d25b463241d7f 100644 --- a/lib/libc/stdlib/Symbol.map +++ b/lib/libc/stdlib/Symbol.map @@ -56,7 +56,6 @@ FBSD_1.0 { rand_r; rand; srand; - sranddev; srandom; srandomdev; initstate; diff --git a/lib/libc/stdlib/rand.3 b/lib/libc/stdlib/rand.3 index ce3bae730a889..04de06ae48847 100644 --- a/lib/libc/stdlib/rand.3 +++ b/lib/libc/stdlib/rand.3 @@ -32,13 +32,12 @@ .\" @(#)rand.3 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd April 22, 2019 +.Dd December 14, 2019 .Dt RAND 3 .Os .Sh NAME .Nm rand , .Nm srand , -.Nm sranddev , .Nm rand_r .Nd bad random number generator .Sh LIBRARY @@ -47,8 +46,6 @@ .In stdlib.h .Ft void .Fn srand "unsigned seed" -.Ft void -.Fn sranddev void .Ft int .Fn rand void .Ft int @@ -90,10 +87,6 @@ value is provided, the functions are automatically seeded with a value of 1. .Pp The -.Fn sranddev -function initializes a seed using pseudo-random numbers obtained from the kernel. -.Pp -The .Fn rand_r function provides the same functionality as @@ -122,4 +115,5 @@ conform to .Pp The .Fn rand_r -function is as proposed in the POSIX.4a Draft #6 document. +function is marked as obsolescent in POSIX and may be removed in a future +revision of the standard. diff --git a/lib/libc/stdlib/rand.c b/lib/libc/stdlib/rand.c index be2c3d4f058b6..3722e850549c4 100644 --- a/lib/libc/stdlib/rand.c +++ b/lib/libc/stdlib/rand.c @@ -40,7 +40,9 @@ __FBSDID("$FreeBSD$"); #include "namespace.h" #include #include +#include #include +#include #include "un-namespace.h" #ifdef TEST @@ -102,25 +104,18 @@ srand(unsigned seed) } -/* - * sranddev: - * - * Many programs choose the seed value in a totally predictable manner. - * This often causes problems. We seed the generator using pseudo-random - * data from the kernel. - */ +void __sranddev_fbsd12(void); void -sranddev(void) +__sranddev_fbsd12(void) { - int mib[2]; - size_t len; - - len = sizeof(next); + static bool warned = false; - mib[0] = CTL_KERN; - mib[1] = KERN_ARND; - sysctl(mib, 2, (void *)&next, &len, NULL, 0); + if (!warned) { + syslog(LOG_DEBUG, "Deprecated function sranddev() called"); + warned = true; + } } +__sym_compat(sranddev, __sranddev_fbsd12, FBSD_1.0); #ifdef TEST -- cgit v1.2.3