From owner-svn-src-head@FreeBSD.ORG Thu Jan 26 17:52:44 2012 Return-Path: Delivered-To: svn-src-head@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BD8E1065672; Thu, 26 Jan 2012 17:52:44 +0000 (UTC) (envelope-from das@FreeBSD.ORG) Received: from zim.MIT.EDU (ZIM.MIT.EDU [18.95.3.101]) by mx1.freebsd.org (Postfix) with ESMTP id 32DF98FC0A; Thu, 26 Jan 2012 17:52:43 +0000 (UTC) Received: from zim.MIT.EDU (localhost [127.0.0.1]) by zim.MIT.EDU (8.14.5/8.14.2) with ESMTP id q0QHqhV4019352; Thu, 26 Jan 2012 12:52:43 -0500 (EST) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by zim.MIT.EDU (8.14.5/8.14.2/Submit) id q0QHqhil019351; Thu, 26 Jan 2012 12:52:43 -0500 (EST) (envelope-from das@FreeBSD.ORG) Date: Thu, 26 Jan 2012 12:52:43 -0500 From: David Schultz To: Andrey Chernov , John Baldwin , Mark Murray , src-committers@FreeBSD.ORG, svn-src-all@FreeBSD.ORG, svn-src-head@FreeBSD.ORG Message-ID: <20120126175243.GA19199@zim.MIT.EDU> Mail-Followup-To: Andrey Chernov , John Baldwin , Mark Murray , src-committers@FreeBSD.ORG, svn-src-all@FreeBSD.ORG, svn-src-head@FreeBSD.ORG References: <20120126143819.GA88677@vniz.net> <20120126155626.GA92229@vniz.net> <201201261132.38320.jhb@freebsd.org> <20120126165521.GA92622@vniz.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120126165521.GA92622@vniz.net> Cc: Subject: Re: svn commit: r230230 - head/sys/dev/random X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2012 17:52:44 -0000 On Thu, Jan 26, 2012, Andrey Chernov wrote: > On Thu, Jan 26, 2012 at 11:32:38AM -0500, John Baldwin wrote: > > On Thursday, January 26, 2012 10:56:27 am Andrey Chernov wrote: > > > > On Thu, Jan 26, 2012 at 08:39:07AM -0500, John Baldwin wrote: > > > > > atomic_cmpset_int(&iniseed_state, ARC4_ENTER_NONE, > > ARC4_ENTER_HAVE); > > > > > break; > > > > > > Updated version (I hope, final): > > > > > > --- sys/libkern.h.old 2012-01-16 07:15:12.000000000 +0400 > > > +++ sys/libkern.h 2012-01-26 19:38:06.000000000 +0400 > > > @@ -72,6 +72,8 @@ static __inline quad_t qabs(quad_t a) { > > > > > > /* Prototypes for non-quad routines. */ > > > struct malloc_type; > > > +enum arc4_is { ARC4_ENTR_NONE, ARC4_ENTR_HAVE, ARC4_ENTR_DONE }; > > > +extern volatile enum arc4_is arc4rand_iniseed_state; > > > > Atomics don't operate on enums. You'll need to make it an int and just use > > #define's for the 3 states. > > Although current version with current kernel flags works, I forget it is > implementation defined in general and not always equal to sizeof(int), > f.e. with gcc --short-enums. I'll remade it with #defines, thanx again. Why complicate things with atomics at all? A race might result in arc4random(9) being seeded multiple times, but that's harmless. The race that worries me is that consumers that call arc4random() before it is properly seeded will get predictable numbers. To fix that robustly, we'd either have to move arc4random() into the random module (tricky given all the places where it's used), or make the random module a mandatory part of the kernel. OpenSSL addresses the issue by providing two APIs: RAND_bytes() requires a good entropy source and produces cryptographically strong pseudorandomness. RAND_pseudo_bytes() produces "good" (but not necessarily unpredictable) randomness, even in the absence of an entropy source. Applications call one interface or the other, depending on whether they require cryptographic- quality randomness.