From owner-freebsd-security@FreeBSD.ORG Thu Apr 4 21:29:24 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 1540EEE8; Thu, 4 Apr 2013 21:29:24 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) by mx1.freebsd.org (Postfix) with ESMTP id EE52AE70; Thu, 4 Apr 2013 21:29:23 +0000 (UTC) Received: from zeta.ixsystems.com (drawbridge.ixsystems.com [206.40.55.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 6530064AA; Thu, 4 Apr 2013 14:29:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1365110963; bh=3Lmhnx5su6yhokefYOw4Ki/RnFErKzcVgJIpFxr5N5g=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=XMjqkxUmKfLYx3eoU4+pIYpwbcFJbmU0XyySfvBZ7kh+OEua3bSjYhZWPTsXO8y6B ucGhm1eQ8OnlITZ82yCrHphci1KVw0mT/jS2KaDEAexJJTO0ozQU+TsJnwKvRmoiK+ eDAH3osRa4f0CssXZWKXs9cNZDKtdP9mpGwFLVrU= Message-ID: <515DF0B4.6020000@delphij.net> Date: Thu, 04 Apr 2013 14:29:24 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Andrey Chernov Subject: Kernel arc4 one-shot reseed upon /dev/random unblock References: <201304022341.r32NfL8L096954@svn.freebsd.org> <20130403165736.F819@besplex.bde.org> <515BDADF.8060303@freebsd.org> <515D0E70.8050701@delphij.net> <515D295A.3020407@freebsd.org> In-Reply-To: <515D295A.3020407@freebsd.org> X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2TSVUWWOHGUHBDXSBAGNL" Cc: Xin LI , d@delphij.net, "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Apr 2013 21:29:24 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2TSVUWWOHGUHBDXSBAGNL Content-Type: multipart/mixed; boundary="------------070305050204090202030601" This is a multi-part message in MIME format. --------------070305050204090202030601 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable (Moved to freebsd-security@) On 04/04/13 00:18, Andrey Chernov wrote: > Ok, patches are attached, one with atomic, and another one - without. > They try to reseed arc4 immediately after we have enough of entropy. > Only one of them is needed, not both. Atomic version works 100% right > and non-atomic may cause chained arc4 reseed in edge case, which not > harms arc4 itself, just takes time. The atomic version of the patch (attached) looks reasonable to me, but I'd like to give this more exposure first so please hold until Apr 18, 20= 13. I have put this on secteam@'s agenda and have set a deadline on that day, also noted on my own calendar as well as the agenda. If we have received no objections by Apr 18, I assume the responsibility of approving this proposed change and consider this as a formal approval for committing. Cheers, --=20 Xin LI https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die --------------070305050204090202030601 Content-Type: text/plain; charset=UTF-8; name="atomic.patch.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="atomic.patch.txt" --- sys/libkern.h.old 2012-01-16 07:15:12.000000000 +0400 +++ sys/libkern.h 2012-01-28 08:49:19.000000000 +0400 @@ -70,6 +70,11 @@ static __inline int abs(int a) { return=20 static __inline long labs(long a) { return (a < 0 ? -a : a); } static __inline quad_t qabs(quad_t a) { return (a < 0 ? -a : a); } =20 +#define ARC4_ENTR_NONE 0 /* Don't have entropy yet. */ +#define ARC4_ENTR_HAVE 1 /* Have entropy. */ +#define ARC4_ENTR_SEED 2 /* Reseeding. */ +extern int arc4rand_iniseed_state; + /* Prototypes for non-quad routines. */ struct malloc_type; uint32_t arc4random(void); --- dev/random/randomdev_soft.c.old 2011-03-02 01:42:19.000000000 +0300 +++ dev/random/randomdev_soft.c 2012-01-28 08:48:22.000000000 +0400 @@ -366,6 +366,8 @@ random_yarrow_unblock(void) selwakeuppri(&random_systat.rsel, PUSER); wakeup(&random_systat); } + (void)atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_NONE, + ARC4_ENTR_HAVE); } =20 static int --- libkern/arc4random.c.old 2008-08-08 01:51:09.000000000 +0400 +++ libkern/arc4random.c 2012-01-28 08:51:12.000000000 +0400 @@ -24,6 +24,8 @@ __FBSDID("$FreeBSD: src/sys/libkern/arc4 #define ARC4_RESEED_SECONDS 300 #define ARC4_KEYBYTES (256 / 8) =20 +int arc4rand_iniseed_state =3D ARC4_ENTR_NONE; + static u_int8_t arc4_i, arc4_j; static int arc4_numruns =3D 0; static u_int8_t arc4_sbox[256]; @@ -130,7 +132,8 @@ arc4rand(void *ptr, u_int len, int resee struct timeval tv; =20 getmicrouptime(&tv); - if (reseed ||=20 + if (atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE, + ARC4_ENTR_SEED) || reseed || (arc4_numruns > ARC4_RESEED_BYTES) || (tv.tv_sec > arc4_t_reseed)) arc4_randomstir(); --------------070305050204090202030601-- ------enig2TSVUWWOHGUHBDXSBAGNL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJRXfC0AAoJEG80Jeu8UPuzhkMIAKdKK9y7CXqWjbXMiImeMBaB fmx14/xXatMNdpq6CaRahDscHZZc6MznjGfagusS8nu/SLtZqQTGE+YA3a0p+cAe AHREIzrozNte3qs0YWmj4IHDgeQfarm/I/ecrzrjmDCwJeARquuk/WnFKhFESx/Q 3aj6E6lUjspmVu4eyd7w+yicfgSU07EZzNC5msdpdLytWIUI6UTBaNoGJENz867E kSsbnFMDrS4Om1EtuiYb+8ButTlQaCVl55ZsGfhB8tRv0GzmY67V8lm7XofvBikA VBuGssz3WGZHdSkrgobB6+kHi8IojXZpq3eWwi+b+wdN2YXXbf8ThZTicDdziIc= =XDjD -----END PGP SIGNATURE----- ------enig2TSVUWWOHGUHBDXSBAGNL--