From owner-svn-src-all@FreeBSD.ORG Wed Jul 31 00:07:48 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 07488E40; Wed, 31 Jul 2013 00:07:48 +0000 (UTC) (envelope-from obrien@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id CB53220F9; Wed, 31 Jul 2013 00:07:47 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r6V07l3R018774; Wed, 31 Jul 2013 00:07:47 GMT (envelope-from obrien@freefall.freebsd.org) Received: (from obrien@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r6V07lSY018771; Wed, 31 Jul 2013 00:07:47 GMT (envelope-from obrien) Date: Tue, 30 Jul 2013 17:07:46 -0700 From: "David O'Brien" To: Andrey Chernov Subject: Re: svn commit: r253786 - in head/sys: dev/random modules/padlock_rng modules/rdrand_rng modules/yarrow_rng Message-ID: <20130731000746.GA65806@dragon.NUXI.org> References: <201307292058.r6TKwA56031193@svn.freebsd.org> <51F6E0AB.3010001@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <51F6E0AB.3010001@freebsd.org> X-Operating-System: FreeBSD 10.0-CURRENT X-MUA-Host: dragon.NUXI.org X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.5.20 (2009-06-14) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: obrien@freebsd.org List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jul 2013 00:07:48 -0000 On Tue, Jul 30, 2013 at 01:37:47AM +0400, Andrey Chernov wrote: > On 30.07.2013 0:58, David E. O'Brien wrote: > > Decouple yarrow from random(4) device. .. > > We currently have 3 random_adaptors: > > + yarrow > > + rdrand (ivy.c) > > + nehemeiah > > After this commit we again have a problem with badly initialized arc4 > (for rdrand and nehemiah cases, when yarrow isn't loaded), because only > yarrow have reinit code. I believe you're talking about this code in sys/libkern/arc4random.c:arc4rand() if (atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE, ARC4_ENTR_SEED) || reseed || (arc4_numruns > ARC4_RESEED_BYTES) || (tv.tv_sec > arc4_t_reseed)) arc4_randomstir(); Without setting 'arc4rand_iniseed_state' from ARC4_ENTR_NONE -> ARC4_ENTR_HAVE, we would still call arc4_randomstir() periodically due to (tv.tv_sec > arc4_t_reseed) and (arc4_numruns > ARC4_RESEED_BYTES). The lacking part is forcing a arc4_randomstir() call the next arc4rand()/arc4random() call after the PRNG is initialized. However, I don't think this has a large impact. But, this situation isn't the big issue. We have an existing bug where if one is using a hardware RNG, read_random() never gets changed from simply being read_random_phony() due to random_modevent() not calling random_yarrow_init_harvester() thru '(*random_systat->init)()'. Thus arc4random() has been weak for thus using the Intel RDRAND or Via Padlock. This is something we're going to address, but this commit is an infrastructure improvement commit (decoupling one thing from another), not addressing existing bugs or short comings. thoughts? -- -- David (obrien@FreeBSD.org)