Re: Non-forking randomness

View: New views

3 Messages — Rating Filter: Alert me

	Re: Non-forking randomness by Steve Landers :: Rate this Message: \| View Threaded \| Show Only this Message Peter Gutmann <pgut001 <at> cs.auckland.ac.nz> writes: > Stephen Hurd <shurd <at> sasktel.net> writes: > > > If the sysctl approach is no good, would you be open to a patch which allows > > an alternate slow poll which uses pthreads on OS X and FreeBSD? > > Sure. There's another consideration on MacOS X Leopard - if Cryptlib is being called by a process that also uses CoreFoundation APIs then CoreFoundation will detect that the fork in random/unix.c isn't immediately followed by an exec, and will print warning messages like the following: The process has forked and you cannot use this CoreFoundation \ functionality safely. You MUST exec(). Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_\ COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug. I've encountered this using Cryptkit - a Tcl extension that wraps Cryptlib into an OO API (Tcl uses CoreFoundation on OSX). See http://developer.apple.com/technotes/tn2005/tn2083.html for more details on the specific issue (search for "Listing 13"). Steve -- Steve Landers steve@... Perth, Western Australia DigitalSmarties.com _______________________________________________ Cryptlib mailing list Cryptlib@... via Mail: cryptlib-request@... Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/ http://news.gmane.org/gmane.comp.encryption.cryptlib Posts from non-subscribed addresses are blocked to prevent spam, please subscribe in order to post messages.
	Re: Non-forking randomness by Peter Gutmann :: Rate this Message: \| View Threaded \| Show Only this Message Steve Landers <steve@...> writes: >There's another consideration on MacOS X Leopard - if Cryptlib is being >called by a process that also uses CoreFoundation APIs then CoreFoundation >will detect that the fork in random/unix.c isn't immediately followed by an >exec, and will print warning messages like the following: > > The process has forked and you cannot use this CoreFoundation \ > functionality safely. You MUST exec(). > Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_\ > COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug. Hmm, seems like a false positive, since the first fork() does little more than fork off the gatherers, which immediately exec(). Would a vfork() in place of the initial fork() get rid of this message? Peter. _______________________________________________ Cryptlib mailing list Cryptlib@... via Mail: cryptlib-request@... Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/ http://news.gmane.org/gmane.comp.encryption.cryptlib Posts from non-subscribed addresses are blocked to prevent spam, please subscribe in order to post messages.
	Re: Non-forking randomness by Steve Landers :: Rate this Message: \| View Threaded \| Show Only this Message On 03/12/2007, at 10:57 PM, Peter Gutmann wrote: > Steve Landers <steve@...> writes: > >> There's another consideration on MacOS X Leopard - if Cryptlib is >> being >> called by a process that also uses CoreFoundation APIs then >> CoreFoundation >> will detect that the fork in random/unix.c isn't immediately >> followed by an >> exec, and will print warning messages like the following: >> >> The process has forked and you cannot use this CoreFoundation \ >> functionality safely. You MUST exec(). >> Break on __THE_PROCESS_HAS_FORKED_AND_YOU_CANNOT_USE_THIS_\ >> COREFOUNDATION_FUNCTIONALITY___YOU_MUST_EXEC__() to debug. > > Hmm, seems like a false positive, since the first fork() does little > more than > fork off the gatherers, which immediately exec(). Would a vfork() > in place of > the initial fork() get rid of this message? No - apparently not. I'll discuss it with some colleagues with a deeper knowledge of Leopard internals and see if there is a solution. In the meantime, cryptlib does work on Leopard, it is just a bit noisy. Steve _______________________________________________ Cryptlib mailing list Cryptlib@... via Mail: cryptlib-request@... Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/ http://news.gmane.org/gmane.comp.encryption.cryptlib Posts from non-subscribed addresses are blocked to prevent spam, please subscribe in order to post messages.