(Moved to freebsd-security@)
On 04/04/13 00:18, Andrey Chernov wrote:> Ok, patches are attached, one with atomic, and another one - without.
> They try to reseed arc4 immediately after we have enough of entropy.
> Only one of them is needed, not both. Atomic version works 100% right
> and non-atomic may cause chained arc4 reseed in edge case, which not
> harms arc4 itself, just takes time.
The atomic version of the patch (attached) looks reasonable to me, but
I'd like to give this more exposure first so please hold until Apr 18, 2013.
I have put this on secteam@'s agenda and have set a deadline on that
day, also noted on my own calendar as well as the agenda.
If we have received no objections by Apr 18, I assume the responsibility
of approving this proposed change and consider this as a formal approval
for committing.
Cheers,
--
Xin LI <delphij at delphij.net> https://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-------------- next part --------------
--- sys/libkern.h.old 2012-01-16 07:15:12.000000000 +0400
+++ sys/libkern.h 2012-01-28 08:49:19.000000000 +0400
@@ -70,6 +70,11 @@ static __inline int abs(int a) { return
static __inline long labs(long a) { return (a < 0 ? -a : a); }
static __inline quad_t qabs(quad_t a) { return (a < 0 ? -a : a); }
+#define ARC4_ENTR_NONE 0 /* Don't have entropy yet. */
+#define ARC4_ENTR_HAVE 1 /* Have entropy. */
+#define ARC4_ENTR_SEED 2 /* Reseeding. */
+extern int arc4rand_iniseed_state;
+
/* Prototypes for non-quad routines. */
struct malloc_type;
uint32_t arc4random(void);
--- dev/random/randomdev_soft.c.old 2011-03-02 01:42:19.000000000 +0300
+++ dev/random/randomdev_soft.c 2012-01-28 08:48:22.000000000 +0400
@@ -366,6 +366,8 @@ random_yarrow_unblock(void)
selwakeuppri(&random_systat.rsel, PUSER);
wakeup(&random_systat);
}
+ (void)atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_NONE,
+ ARC4_ENTR_HAVE);
}
static int
--- libkern/arc4random.c.old 2008-08-08 01:51:09.000000000 +0400
+++ libkern/arc4random.c 2012-01-28 08:51:12.000000000 +0400
@@ -24,6 +24,8 @@ __FBSDID("$FreeBSD: src/sys/libkern/arc4
#define ARC4_RESEED_SECONDS 300
#define ARC4_KEYBYTES (256 / 8)
+int arc4rand_iniseed_state = ARC4_ENTR_NONE;
+
static u_int8_t arc4_i, arc4_j;
static int arc4_numruns = 0;
static u_int8_t arc4_sbox[256];
@@ -130,7 +132,8 @@ arc4rand(void *ptr, u_int len, int resee
struct timeval tv;
getmicrouptime(&tv);
- if (reseed ||
+ if (atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE,
+ ARC4_ENTR_SEED) || reseed ||
(arc4_numruns > ARC4_RESEED_BYTES) ||
(tv.tv_sec > arc4_t_reseed))
arc4_randomstir();
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20130404/e9c32ffe/attachment.sig>