From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <fweimer@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id 4394138312A6
 for <libc-alpha@sourceware.org>; Tue, 28 Jun 2022 12:09:45 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4394138312A6
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-203-Miejy1FyMOWhnTyXdnQtUQ-1; Tue, 28 Jun 2022 08:09:43 -0400
X-MC-Unique: Miejy1FyMOWhnTyXdnQtUQ-1
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com
 [10.11.54.10])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1EE08185A7B2;
 Tue, 28 Jun 2022 12:09:43 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.193.0])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 44CAF40334D;
 Tue, 28 Jun 2022 12:09:42 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: Adhemerval Zanella via Libc-alpha <libc-alpha@sourceware.org>
Subject: Re: [PATCH v6 10/10] manual: Add documentation for arc4random
 functions
References: <20220518191424.3630729-1-adhemerval.zanella@linaro.org>
 <20220518191424.3630729-11-adhemerval.zanella@linaro.org>
Date: Tue, 28 Jun 2022 14:09:40 +0200
In-Reply-To: <20220518191424.3630729-11-adhemerval.zanella@linaro.org>
 (Adhemerval Zanella via Libc-alpha's message of "Wed, 18 May 2022
 16:14:24 -0300")
Message-ID: <87czetf0qj.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.85 on 10.11.54.10
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-5.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW,
 SPF_HELO_NONE, SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2022 12:09:46 -0000

* Adhemerval Zanella via Libc-alpha:

> +@node High Quality Random
> +@subsection High Quality Random Number Functions
> +
> +This section describes the random number functions provided as a GNU
> +extension, based on OpenBSD interfaces.
> +
> +@Theglibc{} uses kernel entropy obtained either through @code{getrandom}
> +or by reading @file{/dev/urandom} to seed and periodically re-seed the
> +internal state.  A per-thread data pool is used, which allows fast outpu=
t
> +generation.
> +
> +Although these functions provide higher random quality than ISO, BSD, an=
d
> +SVID functions, these still use a Pseudo-Random generator and should not
> +be used in cryptographic contexts.
> +
> +The internal state is cleared and reseed with kernel entropy on @code{fo=
rk}
> +and @code{_Fork} (it is not cleared for either direct @code{clone} sysca=
ll
> +or through glibc wrapper).

=E2=80=9Cor when using @theglibc{} @code{syscall} funcition=E2=80=9D?

> +The prototypes for these functions are in @file{stdlib.h}.
> +@pindex stdlib.h
> +
> +@deftypefun int32_t arc4random (void)
> +@standards{GNU, stdlib.h}

Should be BSD, I think.  Likewise below.

> +@safety{@mtsafe{}@asunsafe{@asucorrupt{}}@acsafe{}}
> +This function returns a single 32-bit value in the range of 0 to 2^32=E2=
=88=921,
> +which is twice the range of @code{rand} and @code{random}.
> +@end deftypefun

Can we use @math for the exponent?  And please say that the range is
inclusive.

> +@deftypefun uint32_t arc4random_uniform (uint32_t @var{upper_bound})
> +@standards{GNU, stdlib.h}
> +@safety{@mtsafe{}@asunsafe{@asucorrupt{}}@acsafe{}}
> +This function returns a single 32-bit value, uniformly distributed but
> +less than the @var{upper_bound}.  It avoids the @w{modulo bias} when the
> +upper bound is not a power of two.
> +
> +The algorithm obtains the exact sampling of a discrete uniform variable
> +using an optimal number of random bits for any range @var{upper_bounds},
> +allowing to consume as less as possible data from the per-thread entropy
> +pool.

I think this overspecifies the implementation.  And we obtain randomness
in blocks of 8 bits, IIRC, so it's not optimal in our implementation.

Thanks,
Florian