Date: Thu, 04 Apr 2013 11:18:50 +0400 From: Andrey Chernov <ache@freebsd.org> To: d@delphij.net Cc: src-committers@FreeBSD.org, svn-src-all@FreeBSD.org, Xin LI <delphij@FreeBSD.org>, Bruce Evans <brde@optusnet.com.au>, svn-src-head@FreeBSD.org, Xin Li <delphij@delphij.net> Subject: Re: svn commit: r249035 - head/lib/libc/stdlib Message-ID: <515D295A.3020407@freebsd.org> In-Reply-To: <515D0E70.8050701@delphij.net> References: <201304022341.r32NfL8L096954@svn.freebsd.org> <20130403165736.F819@besplex.bde.org> <515BDADF.8060303@freebsd.org> <515D0E70.8050701@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2VJSJGFXUBPAQWALRLPIA
Content-Type: multipart/mixed;
boundary="------------060206030706080906020705"
This is a multi-part message in MIME format.
--------------060206030706080906020705
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable
On 04.04.2013 9:24, Xin Li wrote:
> True, but keep mind that neither random(3) nor rand(3) is intended to
> satisfy cryptographically secure needs, and I don't see a reason why
> kernel arc4 can not be improved.
Danger level here is not to get something cryptographically less secure,
but even much probability to get the same sequence after boot.
> To be honest, I don't personally have access to the archive (nor I'm
> aware there was one, the arc4 change you are talking about may predate
> my membership on secteam@ by the way).
>=20
> How about sending the patch again and let's see how we can work it out?=
Ok, patches are attached, one with atomic, and another one - without.
They try to reseed arc4 immediately after we have enough of entropy.
Only one of them is needed, not both. Atomic version works 100% right
and non-atomic may cause chained arc4 reseed in edge case, which not
harms arc4 itself, just takes time.
--------------060206030706080906020705
Content-Type: text/plain; charset=windows-1251;
name="atomic.patch.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="atomic.patch.txt"
--- sys/libkern.h.old 2012-01-16 07:15:12.000000000 +0400
+++ sys/libkern.h 2012-01-28 08:49:19.000000000 +0400
@@ -70,6 +70,11 @@ static __inline int abs(int a) { return=20
static __inline long labs(long a) { return (a < 0 ? -a : a); }
static __inline quad_t qabs(quad_t a) { return (a < 0 ? -a : a); }
=20
+#define ARC4_ENTR_NONE 0 /* Don't have entropy yet. */
+#define ARC4_ENTR_HAVE 1 /* Have entropy. */
+#define ARC4_ENTR_SEED 2 /* Reseeding. */
+extern int arc4rand_iniseed_state;
+
/* Prototypes for non-quad routines. */
struct malloc_type;
uint32_t arc4random(void);
--- dev/random/randomdev_soft.c.old 2011-03-02 01:42:19.000000000 +0300
+++ dev/random/randomdev_soft.c 2012-01-28 08:48:22.000000000 +0400
@@ -366,6 +366,8 @@ random_yarrow_unblock(void)
selwakeuppri(&random_systat.rsel, PUSER);
wakeup(&random_systat);
}
+ (void)atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_NONE,
+ ARC4_ENTR_HAVE);
}
=20
static int
--- libkern/arc4random.c.old 2008-08-08 01:51:09.000000000 +0400
+++ libkern/arc4random.c 2012-01-28 08:51:12.000000000 +0400
@@ -24,6 +24,8 @@ __FBSDID("$FreeBSD: src/sys/libkern/arc4
#define ARC4_RESEED_SECONDS 300
#define ARC4_KEYBYTES (256 / 8)
=20
+int arc4rand_iniseed_state =3D ARC4_ENTR_NONE;
+
static u_int8_t arc4_i, arc4_j;
static int arc4_numruns =3D 0;
static u_int8_t arc4_sbox[256];
@@ -130,7 +132,8 @@ arc4rand(void *ptr, u_int len, int resee
struct timeval tv;
=20
getmicrouptime(&tv);
- if (reseed ||=20
+ if (atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE,
+ ARC4_ENTR_SEED) || reseed ||
(arc4_numruns > ARC4_RESEED_BYTES) ||
(tv.tv_sec > arc4_t_reseed))
arc4_randomstir();
--------------060206030706080906020705
Content-Type: text/plain; charset=windows-1251;
name="non-atomic.patch.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="non-atomic.patch.txt"
--- sys/libkern.h.bak 2012-01-16 07:15:12.000000000 +0400
+++ sys/libkern.h 2012-01-25 17:31:49.000000000 +0400
@@ -72,6 +72,7 @@ static __inline quad_t qabs(quad_t a) {=20
=20
/* Prototypes for non-quad routines. */
struct malloc_type;
+extern int arc4rand_iniseed_state;
uint32_t arc4random(void);
void arc4rand(void *ptr, u_int len, int reseed);
int bcmp(const void *, const void *, size_t);
--- dev/random/randomdev_soft.c.bak 2011-03-02 01:42:19.000000000 +0300
+++ dev/random/randomdev_soft.c 2012-01-25 17:28:19.000000000 +0400
@@ -366,6 +366,8 @@ random_yarrow_unblock(void)
selwakeuppri(&random_systat.rsel, PUSER);
wakeup(&random_systat);
}
+ if (arc4rand_iniseed_state =3D=3D 0)
+ arc4rand_iniseed_state =3D 1;
}
=20
static int
--- libkern/arc4random.c.bak 2008-08-08 01:51:09.000000000 +0400
+++ libkern/arc4random.c 2012-01-25 17:30:30.000000000 +0400
@@ -24,6 +24,8 @@ __FBSDID("$FreeBSD: src/sys/libkern/arc4
#define ARC4_RESEED_SECONDS 300
#define ARC4_KEYBYTES (256 / 8)
=20
+int arc4rand_iniseed_state =3D 0;
+
static u_int8_t arc4_i, arc4_j;
static int arc4_numruns =3D 0;
static u_int8_t arc4_sbox[256];
@@ -74,6 +76,8 @@ arc4_randomstir (void)
/* Reset for next reseed cycle. */
arc4_t_reseed =3D tv_now.tv_sec + ARC4_RESEED_SECONDS;
arc4_numruns =3D 0;
+ if (arc4rand_iniseed_state =3D=3D 1)
+ arc4rand_iniseed_state =3D -1;
=20
/*
* Throw away the first N words of output, as suggested in the
@@ -130,7 +134,7 @@ arc4rand(void *ptr, u_int len, int resee
struct timeval tv;
=20
getmicrouptime(&tv);
- if (reseed ||=20
+ if (reseed || arc4rand_iniseed_state =3D=3D 1 ||
(arc4_numruns > ARC4_RESEED_BYTES) ||
(tv.tv_sec > arc4_t_reseed))
arc4_randomstir();
--------------060206030706080906020705--
------enig2VJSJGFXUBPAQWALRLPIA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (MingW32)
iEYEARECAAYFAlFdKWMACgkQVg5YK5ZEdN3qowCeMwh5r/DBs9doWBnaKRshd/yZ
uIEAn0746bHQ/3TmCNotRrHTqnKf5jo1
=If4t
-----END PGP SIGNATURE-----
------enig2VJSJGFXUBPAQWALRLPIA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?515D295A.3020407>