Date: Thu, 04 Apr 2013 11:18:50 +0400 From: Andrey Chernov <ache@freebsd.org> To: d@delphij.net Cc: src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, Xin LI <delphij@FreeBSD.org>, Bruce Evans <brde@optusnet.com.au>, svn-src-head@FreeBSD.org, Xin Li <delphij@delphij.net> Subject: Re: svn commit: r249035 - head/lib/libc/stdlib Message-ID: <515D295A.3020407@freebsd.org> In-Reply-To: <515D0E70.8050701@delphij.net> References: <201304022341.r32NfL8L096954@svn.freebsd.org> <20130403165736.F819@besplex.bde.org> <515BDADF.8060303@freebsd.org> <515D0E70.8050701@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2VJSJGFXUBPAQWALRLPIA Content-Type: multipart/mixed; boundary="------------060206030706080906020705" This is a multi-part message in MIME format. --------------060206030706080906020705 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable On 04.04.2013 9:24, Xin Li wrote: > True, but keep mind that neither random(3) nor rand(3) is intended to > satisfy cryptographically secure needs, and I don't see a reason why > kernel arc4 can not be improved. Danger level here is not to get something cryptographically less secure, but even much probability to get the same sequence after boot. > To be honest, I don't personally have access to the archive (nor I'm > aware there was one, the arc4 change you are talking about may predate > my membership on secteam@ by the way). >=20 > How about sending the patch again and let's see how we can work it out?= Ok, patches are attached, one with atomic, and another one - without. They try to reseed arc4 immediately after we have enough of entropy. Only one of them is needed, not both. Atomic version works 100% right and non-atomic may cause chained arc4 reseed in edge case, which not harms arc4 itself, just takes time. --------------060206030706080906020705 Content-Type: text/plain; charset=windows-1251; name="atomic.patch.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="atomic.patch.txt" --- sys/libkern.h.old 2012-01-16 07:15:12.000000000 +0400 +++ sys/libkern.h 2012-01-28 08:49:19.000000000 +0400 @@ -70,6 +70,11 @@ static __inline int abs(int a) { return=20 static __inline long labs(long a) { return (a < 0 ? -a : a); } static __inline quad_t qabs(quad_t a) { return (a < 0 ? -a : a); } =20 +#define ARC4_ENTR_NONE 0 /* Don't have entropy yet. */ +#define ARC4_ENTR_HAVE 1 /* Have entropy. */ +#define ARC4_ENTR_SEED 2 /* Reseeding. */ +extern int arc4rand_iniseed_state; + /* Prototypes for non-quad routines. */ struct malloc_type; uint32_t arc4random(void); --- dev/random/randomdev_soft.c.old 2011-03-02 01:42:19.000000000 +0300 +++ dev/random/randomdev_soft.c 2012-01-28 08:48:22.000000000 +0400 @@ -366,6 +366,8 @@ random_yarrow_unblock(void) selwakeuppri(&random_systat.rsel, PUSER); wakeup(&random_systat); } + (void)atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_NONE, + ARC4_ENTR_HAVE); } =20 static int --- libkern/arc4random.c.old 2008-08-08 01:51:09.000000000 +0400 +++ libkern/arc4random.c 2012-01-28 08:51:12.000000000 +0400 @@ -24,6 +24,8 @@ __FBSDID("$FreeBSD: src/sys/libkern/arc4 #define ARC4_RESEED_SECONDS 300 #define ARC4_KEYBYTES (256 / 8) =20 +int arc4rand_iniseed_state =3D ARC4_ENTR_NONE; + static u_int8_t arc4_i, arc4_j; static int arc4_numruns =3D 0; static u_int8_t arc4_sbox[256]; @@ -130,7 +132,8 @@ arc4rand(void *ptr, u_int len, int resee struct timeval tv; =20 getmicrouptime(&tv); - if (reseed ||=20 + if (atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE, + ARC4_ENTR_SEED) || reseed || (arc4_numruns > ARC4_RESEED_BYTES) || (tv.tv_sec > arc4_t_reseed)) arc4_randomstir(); --------------060206030706080906020705 Content-Type: text/plain; charset=windows-1251; name="non-atomic.patch.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="non-atomic.patch.txt" --- sys/libkern.h.bak 2012-01-16 07:15:12.000000000 +0400 +++ sys/libkern.h 2012-01-25 17:31:49.000000000 +0400 @@ -72,6 +72,7 @@ static __inline quad_t qabs(quad_t a) {=20 =20 /* Prototypes for non-quad routines. */ struct malloc_type; +extern int arc4rand_iniseed_state; uint32_t arc4random(void); void arc4rand(void *ptr, u_int len, int reseed); int bcmp(const void *, const void *, size_t); --- dev/random/randomdev_soft.c.bak 2011-03-02 01:42:19.000000000 +0300 +++ dev/random/randomdev_soft.c 2012-01-25 17:28:19.000000000 +0400 @@ -366,6 +366,8 @@ random_yarrow_unblock(void) selwakeuppri(&random_systat.rsel, PUSER); wakeup(&random_systat); } + if (arc4rand_iniseed_state =3D=3D 0) + arc4rand_iniseed_state =3D 1; } =20 static int --- libkern/arc4random.c.bak 2008-08-08 01:51:09.000000000 +0400 +++ libkern/arc4random.c 2012-01-25 17:30:30.000000000 +0400 @@ -24,6 +24,8 @@ __FBSDID("$FreeBSD: src/sys/libkern/arc4 #define ARC4_RESEED_SECONDS 300 #define ARC4_KEYBYTES (256 / 8) =20 +int arc4rand_iniseed_state =3D 0; + static u_int8_t arc4_i, arc4_j; static int arc4_numruns =3D 0; static u_int8_t arc4_sbox[256]; @@ -74,6 +76,8 @@ arc4_randomstir (void) /* Reset for next reseed cycle. */ arc4_t_reseed =3D tv_now.tv_sec + ARC4_RESEED_SECONDS; arc4_numruns =3D 0; + if (arc4rand_iniseed_state =3D=3D 1) + arc4rand_iniseed_state =3D -1; =20 /* * Throw away the first N words of output, as suggested in the @@ -130,7 +134,7 @@ arc4rand(void *ptr, u_int len, int resee struct timeval tv; =20 getmicrouptime(&tv); - if (reseed ||=20 + if (reseed || arc4rand_iniseed_state =3D=3D 1 || (arc4_numruns > ARC4_RESEED_BYTES) || (tv.tv_sec > arc4_t_reseed)) arc4_randomstir(); --------------060206030706080906020705-- ------enig2VJSJGFXUBPAQWALRLPIA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (MingW32) iEYEARECAAYFAlFdKWMACgkQVg5YK5ZEdN3qowCeMwh5r/DBs9doWBnaKRshd/yZ uIEAn0746bHQ/3TmCNotRrHTqnKf5jo1 =If4t -----END PGP SIGNATURE----- ------enig2VJSJGFXUBPAQWALRLPIA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?515D295A.3020407>