Use sysctl(KERN_ARND) to get n bytes, instead of just 4 at a time

and remove fallback code. If somebody is dumb enough to make the
sysctl fail using systrace, he deserves what he gets. Saves 7 syscalls
on process startup.
looks good miod@ ok deraadt@ tedu@

3 files changed, 16 insertions, 51 deletions

diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c
index 843751d09e..1e338f9968 100644
--- a/src/lib/libc/crypt/arc4random.c
+++ b/src/lib/libc/crypt/arc4random.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: arc4random.c,v 1.14 2005/06/06 14:57:59 kjell Exp $   */
+/*      $OpenBSD: arc4random.c,v 1.15 2005/11/30 07:51:02 otto Exp $    */
 
 /*
  * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -99,14 +99,7 @@ arc4_stir(struct arc4_stream *as)
         mib[1] = KERN_ARND;
 
         len = sizeof(rnd);
-        if (sysctl(mib, 2, rnd, &len, NULL, 0) == -1) {
-                for (i = 0; i < sizeof(rnd) / sizeof(u_int); i ++) {
-                        len = sizeof(u_int);
-                        if (sysctl(mib, 2, &rnd[i * sizeof(u_int)], &len,
-                            NULL, 0) == -1)
-                                break;
-                }
-        }
+        sysctl(mib, 2, rnd, &len, NULL, 0);
 
         arc4_stir_pid = getpid();
         arc4_addrandom(as, rnd, sizeof(rnd));
diff --git a/src/lib/libc/stdlib/random.3 b/src/lib/libc/stdlib/random.3
index f43f06420d..626b040b50 100644
--- a/src/lib/libc/stdlib/random.3
+++ b/src/lib/libc/stdlib/random.3
@@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"     $OpenBSD: random.3,v 1.17 2003/06/02 20:18:38 millert Exp $
+.\"     $OpenBSD: random.3,v 1.18 2005/11/30 07:51:02 otto Exp $
 .\"
 .Dd April 19, 1991
 .Dt RANDOM 3
@@ -89,9 +89,8 @@ as the seed.
 .Pp
 The
 .Fn srandomdev
-routine initializes a state array using the
-.Xr arandom 4
-random number device which returns good random numbers,
+routine initializes a state array using
+random numbers obtained from the kernel,
 suitable for cryptographic use.
 Note that this particular seeding procedure can generate
 states which are impossible to reproduce by calling
diff --git a/src/lib/libc/stdlib/random.c b/src/lib/libc/stdlib/random.c
index 565542ecdb..48e892042b 100644
--- a/src/lib/libc/stdlib/random.c
+++ b/src/lib/libc/stdlib/random.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: random.c,v 1.14 2005/08/08 08:05:37 espie Exp $ */
+/*      $OpenBSD: random.c,v 1.15 2005/11/30 07:51:02 otto Exp $ */
 /*
  * Copyright (c) 1983 Regents of the University of California.
  * All rights reserved.
@@ -220,17 +220,17 @@ srandom(unsigned int x)
  * srandomdev:
  *
  * Many programs choose the seed value in a totally predictable manner.
- * This often causes problems.  We seed the generator using the much more
- * secure arandom(4) interface.  Note that this particular seeding
- * procedure can generate states which are impossible to reproduce by
- * calling srandom() with any value, since the succeeding terms in the
- * state buffer are no longer derived from the LC algorithm applied to
- * a fixed seed.
+ * This often causes problems.  We seed the generator using random
+ * data from the kernel.
+ * Note that this particular seeding procedure can generate states
+ * which are impossible to reproduce by calling srandom() with any
+ * value, since the succeeding terms in the state buffer are no longer
+ * derived from the LC algorithm applied to a fixed seed.
  */
 void
 srandomdev(void)
 {
-        int fd, i, mib[2], n;
+        int mib[2];
         size_t len;
 
         if (rand_type == TYPE_0)
@@ -238,36 +238,9 @@ srandomdev(void)
         else
                 len = rand_deg * sizeof(state[0]);
 
-        /*
-         * To get seed data, first try reading from /dev/arandom.
-         * If that fails, try the KERN_ARND sysctl() (one int at a time).
-         * As a last resort, call srandom().
-         */
-        if ((fd = open("/dev/arandom", O_RDONLY, 0)) != -1 &&
-            read(fd, (void *) state, len) == (ssize_t) len) {
-                close(fd);
-        } else {
-                if (fd != -1)
-                        close(fd);
-                mib[0] = CTL_KERN;
-                mib[1] = KERN_ARND;
-                n = len / sizeof(int);
-                len = sizeof(int);
-                for (i = 0; i < n; i++) {
-                        if (sysctl(mib, 2, (char *)((int *)state + i), &len,
-                            NULL, 0) == -1)
-                                break;
-                }
-                if (i != n) {
-                        struct timeval tv;
-                        u_int junk;
-
-                        /* XXX - this could be better */
-                        gettimeofday(&tv, NULL);
-                        srandom(getpid() ^ tv.tv_sec ^ tv.tv_usec ^ junk);
-                        return;
-                }
-        }
+        mib[0] = CTL_KERN;
+        mib[1] = KERN_ARND;
+        sysctl(mib, 2, state, &len, NULL, 0);
 
         if (rand_type != TYPE_0) {
                 fptr = &state[rand_sep];