Date: Sat, 12 Nov 2011 14:22:41 +0400 From: Andrey Chernov <ache@freebsd.org> To: David Schultz <das@freebsd.org>, current@freebsd.org, secteam@freebsd.org Subject: Re: Is fork() hook ever possible? Message-ID: <20111112102241.GA75396@vniz.net> In-Reply-To: <20080916201932.GA59781@zim.MIT.EDU> References: <20080916140319.GA34447@nagual.pp.ru> <20080916201932.GA59781@zim.MIT.EDU>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 16, 2008 at 04:19:32PM -0400, David Schultz wrote:
> secteam@ already agreed to the idea of solving the fork problem as
> in OpenBSD over a month ago.
On Wed, Sep 17, 2008 at 12:50:25PM +0400, Andrey Chernov wrote:
> I agree with your patch (BTW you can remove unneded #define RANDOMDEV).
The question remains: why you don't commit this patch all that 3
years, having secteam@ and mine agreements too?
> --- /usr/ob/src/lib/libc/crypt/arc4random.c 2008-06-03 20:50:23.000000000 -0400
> +++ arc4random.c 2008-08-16 15:14:59.000000000 -0400
> @@ -34,21 +34,22 @@
> * RC4 is a registered trademark of RSA Laboratories.
> */
>
> +#include <sys/cdefs.h>
> +__FBSDID("$FreeBSD: head/lib/libc/gen/arc4random.c 181261 2008-08-03 20:15:22Z ache $");
> +
> +#include "namespace.h"
> #include <fcntl.h>
> #include <limits.h>
> #include <stdlib.h>
> #include <unistd.h>
> +#include <pthread.h>
> #include <sys/types.h>
> #include <sys/param.h>
> #include <sys/time.h>
> #include <sys/sysctl.h>
> -#include "thread_private.h"
>
> -#ifdef __GNUC__
> -#define inline __inline
> -#else /* !__GNUC__ */
> -#define inline
> -#endif /* !__GNUC__ */
> +#include "libc_private.h"
> +#include "un-namespace.h"
>
> struct arc4_stream {
> u_int8_t i;
> @@ -56,6 +57,21 @@
> u_int8_t s[256];
> };
>
> +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
> +
> +#define RANDOMDEV "/dev/urandom"
> +#define _ARC4_LOCK() \
> + do { \
> + if (__isthreaded) \
> + _pthread_mutex_lock(&arc4random_mtx); \
> + } while (0)
> +
> +#define _ARC4_UNLOCK() \
> + do { \
> + if (__isthreaded) \
> + _pthread_mutex_unlock(&arc4random_mtx); \
> + } while (0)
> +
> static int rs_initialized;
> static struct arc4_stream rs;
> static pid_t arc4_stir_pid;
> @@ -114,9 +130,9 @@
>
> /*
> * Discard early keystream, as per recommendations in:
> - * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
> + * "(Not So) Random Shuffles of RC4" by Ilya Mironov.
> */
> - for (i = 0; i < 256; i++)
> + for (i = 0; i < 1024; i++)
> (void)arc4_getbyte();
> arc4_count = 1600000;
> }
> @@ -135,6 +151,7 @@
> return (rs.s[(si + sj) & 0xff]);
> }
>
> +#if 0
> u_int8_t
> __arc4_getbyte(void)
> {
> @@ -147,6 +164,7 @@
> _ARC4_UNLOCK();
> return val;
> }
> +#endif
>
> static inline u_int32_t
> arc4_getword(void)
--
http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111112102241.GA75396>