git: 3e04c85a3a23 - stable/12 - Replace read_random(9) with more appropriate arc4rand(9) KPIs
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 13 Feb 2022 01:22:45 UTC
The branch stable/12 has been updated by obrien:
URL: https://cgit.FreeBSD.org/src/commit/?id=3e04c85a3a23e1be41b663088ec35697cd646cdf
commit 3e04c85a3a23e1be41b663088ec35697cd646cdf
Author: Conrad Meyer <cem@FreeBSD.org>
AuthorDate: 2019-04-04 01:02:50 +0000
Commit: David E. O'Brien <obrien@FreeBSD.org>
CommitDate: 2022-02-13 00:32:39 +0000
Replace read_random(9) with more appropriate arc4rand(9) KPIs
Reviewed by: ae, delphij
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D19760
(cherry picked from commit a8a16c71287e615fff06f05c92addbe8ffc2b9e0)
---
.../contrib/opensolaris/uts/common/dtrace/dtrace.c | 2 +-
.../linuxkpi/common/include/linux/etherdevice.h | 3 +--
sys/compat/linuxkpi/common/include/linux/random.h | 3 +--
sys/net/if_spppsubr.c | 8 ++-----
sys/netipsec/key.c | 26 +---------------------
sys/netipsec/key.h | 1 -
sys/netipsec/xform_esp.c | 2 +-
sys/netpfil/pf/pf.c | 2 +-
8 files changed, 8 insertions(+), 39 deletions(-)
diff --git a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
index 927325e9ede1..cab8c334d082 100644
--- a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
+++ b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
@@ -14631,7 +14631,7 @@ dtrace_state_create(struct cdev *dev, struct ucred *cred __unused)
* SI_SUB_RANDOM < SI_SUB_DTRACE_ANON therefore entropy device is
* assumed to be seeded at this point (if from Fortuna seed file).
*/
- (void) read_random(&state->dts_rstate[0], 2 * sizeof(uint64_t));
+ arc4random_buf(&state->dts_rstate[0], 2 * sizeof(uint64_t));
for (cpu_it = 1; cpu_it < NCPU; cpu_it++) {
/*
* Each CPU is assigned a 2^64 period, non-overlapping
diff --git a/sys/compat/linuxkpi/common/include/linux/etherdevice.h b/sys/compat/linuxkpi/common/include/linux/etherdevice.h
index 71ff97958024..392f395a5feb 100644
--- a/sys/compat/linuxkpi/common/include/linux/etherdevice.h
+++ b/sys/compat/linuxkpi/common/include/linux/etherdevice.h
@@ -108,8 +108,7 @@ eth_zero_addr(u8 *pa)
static inline void
random_ether_addr(u8 * dst)
{
- if (read_random(dst, 6) == 0)
- arc4rand(dst, 6, 0);
+ arc4random_buf(dst, 6);
dst[0] &= 0xfe;
dst[0] |= 0x02;
diff --git a/sys/compat/linuxkpi/common/include/linux/random.h b/sys/compat/linuxkpi/common/include/linux/random.h
index c473c54f0190..14ea88237e1b 100644
--- a/sys/compat/linuxkpi/common/include/linux/random.h
+++ b/sys/compat/linuxkpi/common/include/linux/random.h
@@ -41,8 +41,7 @@ static inline void
get_random_bytes(void *buf, int nbytes)
{
- if (read_random(buf, nbytes) == 0)
- arc4rand(buf, nbytes, 0);
+ arc4random_buf(buf, nbytes);
}
static inline u_int
diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c
index a68cd11469f3..9d999701e91e 100644
--- a/sys/net/if_spppsubr.c
+++ b/sys/net/if_spppsubr.c
@@ -4335,16 +4335,12 @@ sppp_chap_tld(struct sppp *sp)
static void
sppp_chap_scr(struct sppp *sp)
{
- u_long *ch, seed;
+ u_long *ch;
u_char clen;
/* Compute random challenge. */
ch = (u_long *)sp->myauth.challenge;
- read_random(&seed, sizeof seed);
- ch[0] = seed ^ random();
- ch[1] = seed ^ random();
- ch[2] = seed ^ random();
- ch[3] = seed ^ random();
+ arc4random_buf(ch, 4 * sizeof(*ch));
clen = AUTHKEYLEN;
sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP];
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index efe4ee519659..347aa821e358 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -4760,34 +4760,10 @@ key_random()
{
u_long value;
- key_randomfill(&value, sizeof(value));
+ arc4random_buf(&value, sizeof(value));
return value;
}
-void
-key_randomfill(void *p, size_t l)
-{
- size_t n;
- u_long v;
- static int warn = 1;
-
- n = 0;
- n = (size_t)read_random(p, (u_int)l);
- /* last resort */
- while (n < l) {
- v = random();
- bcopy(&v, (u_int8_t *)p + n,
- l - n < sizeof(v) ? l - n : sizeof(v));
- n += sizeof(v);
-
- if (warn) {
- printf("WARNING: pseudo-random number generator "
- "used for IPsec processing\n");
- warn = 0;
- }
- }
-}
-
/*
* map SADB_SATYPE_* to IPPROTO_*.
* if satype == SADB_SATYPE then satype is mapped to ~0.
diff --git a/sys/netipsec/key.h b/sys/netipsec/key.h
index 7d7ae69f379d..2ee7c208f195 100644
--- a/sys/netipsec/key.h
+++ b/sys/netipsec/key.h
@@ -78,7 +78,6 @@ void key_unregister_ifnet(struct secpolicy **, u_int);
void key_delete_xform(const struct xformsw *);
extern u_long key_random(void);
-extern void key_randomfill(void *, size_t);
extern void key_freereg(struct socket *);
extern int key_parse(struct mbuf *, struct socket *);
extern void key_init(void);
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index e5182f258bbc..ed3063131853 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -811,7 +811,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
*/
switch (sav->flags & SADB_X_EXT_PMASK) {
case SADB_X_EXT_PRAND:
- (void) read_random(pad, padding - 2);
+ arc4random_buf(pad, padding - 2);
break;
case SADB_X_EXT_PZERO:
bzero(pad, padding - 2);
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index ea658e33bbb6..4e80fcdecea3 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -3616,7 +3616,7 @@ pf_tcp_iss(struct pf_pdesc *pd)
u_int32_t digest[4];
if (V_pf_tcp_secret_init == 0) {
- read_random(&V_pf_tcp_secret, sizeof(V_pf_tcp_secret));
+ arc4random_buf(&V_pf_tcp_secret, sizeof(V_pf_tcp_secret));
MD5Init(&V_pf_tcp_secret_ctx);
MD5Update(&V_pf_tcp_secret_ctx, V_pf_tcp_secret,
sizeof(V_pf_tcp_secret));