From nobody Sun Feb 13 01:22:45 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1F6AD1951E44; Sun, 13 Feb 2022 01:22:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Jx8jf0Lftz4l70; Sun, 13 Feb 2022 01:22:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644715366; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bp5S1PS90V4PqGiSUwJNy2W2ng5H0Q71ENW/lxffbBg=; b=Z1fGefa5eIEsfha1mG4/tARe19nTE49mbZyYOuwLgXH3XwJa9xwZRnHe2YEeIvleCQXDzh C166Zw/zJJHtnuy2alSIHZOt5mLrXQWADoYhn8lbLc2sJ2rdbjg0EuP8Q6hahigFAP85Iu zR9edLfTPCuLxWL9MIrArF9IEToNvSmU5sKWLChWnKpcc42R0j1bK2rezjFPiMqURlUtbu 8Dmz9JedtKJauYDtRKmp2GqNNO9eriAGhZjnmp8bxzUC1A8V1htXnelE5qneYvK6m6nrvR qnk+lLmJq0iVCRVkBnYfgViWTMLaOYt7XITKVZG6anKrw6YCFXggfbqlO95rlA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DFC05126C6; Sun, 13 Feb 2022 01:22:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21D1MjvL038708; Sun, 13 Feb 2022 01:22:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21D1MjNK038707; Sun, 13 Feb 2022 01:22:45 GMT (envelope-from git) Date: Sun, 13 Feb 2022 01:22:45 GMT Message-Id: <202202130122.21D1MjNK038707@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "David E. O'Brien" Subject: git: 3e04c85a3a23 - stable/12 - Replace read_random(9) with more appropriate arc4rand(9) KPIs List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: obrien X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 3e04c85a3a23e1be41b663088ec35697cd646cdf Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644715366; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=bp5S1PS90V4PqGiSUwJNy2W2ng5H0Q71ENW/lxffbBg=; b=d6Z8668tnuq0jbHhS2TYechCGf8ERChn7dr2auCkTO/5O4zwXb++grZTEjoEC5pmmK6tDh Zf+Dro6jKz5nhVaQ+T2m+ibAjLrlwxEPbaJUkcWX1AKTTA5PMkD+Y+KK+DNdzz68FANjpc RPI054+Y15d2Ls7sMwVnvSNs6FUIinIINX0gcUxlcr7vKq5d+kbn3wJfriaZmVogoGCuZ/ cGuSrW2hqf08fbqVSQ/UMEIv+a42sHTtgfIZp/5hAZBrNkzTLRmAN2+DH5z4MDT7mW7rwl xuXWr3S8O+ABsoKyDIk7sqcESKgv0SwCIhDgEUz9XaZE+zIL3l1rZ7hUb+Jykw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1644715366; a=rsa-sha256; cv=none; b=pgZtI1xcH9JhFlriEpRAvz5l8LGQXz7Aa5ZAHfT1gYlqAuXqY/+0JRL+ySkAgO4yKvOb92 lZICRcjiitnd4HYNNkrCacSeKzwYDZykH4ae7d2/QzkU2pEklSY0DPpvd8fAUUOttwwtew HKrwxbtVzAonU+g0D7gKiYjMPRgAjB+zR29trgJetzjheNgK6iRcONFMmT9ROMW5WkUW77 T3pBZZNu/Hc2CK4iGevDgX42cVINSBNkjKyTWe5i6cSXH/ke2CEFx4VTezvHLPAFGG22P3 tmj068BZWiPPLzX9zrFUj9VDbvdl1HailNQnLLJ9UJU43xNEHROonWTd69oUyw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by obrien: URL: https://cgit.FreeBSD.org/src/commit/?id=3e04c85a3a23e1be41b663088ec35697cd646cdf commit 3e04c85a3a23e1be41b663088ec35697cd646cdf Author: Conrad Meyer AuthorDate: 2019-04-04 01:02:50 +0000 Commit: David E. O'Brien CommitDate: 2022-02-13 00:32:39 +0000 Replace read_random(9) with more appropriate arc4rand(9) KPIs Reviewed by: ae, delphij Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19760 (cherry picked from commit a8a16c71287e615fff06f05c92addbe8ffc2b9e0) --- .../contrib/opensolaris/uts/common/dtrace/dtrace.c | 2 +- .../linuxkpi/common/include/linux/etherdevice.h | 3 +-- sys/compat/linuxkpi/common/include/linux/random.h | 3 +-- sys/net/if_spppsubr.c | 8 ++----- sys/netipsec/key.c | 26 +--------------------- sys/netipsec/key.h | 1 - sys/netipsec/xform_esp.c | 2 +- sys/netpfil/pf/pf.c | 2 +- 8 files changed, 8 insertions(+), 39 deletions(-) diff --git a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c index 927325e9ede1..cab8c334d082 100644 --- a/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c +++ b/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c @@ -14631,7 +14631,7 @@ dtrace_state_create(struct cdev *dev, struct ucred *cred __unused) * SI_SUB_RANDOM < SI_SUB_DTRACE_ANON therefore entropy device is * assumed to be seeded at this point (if from Fortuna seed file). */ - (void) read_random(&state->dts_rstate[0], 2 * sizeof(uint64_t)); + arc4random_buf(&state->dts_rstate[0], 2 * sizeof(uint64_t)); for (cpu_it = 1; cpu_it < NCPU; cpu_it++) { /* * Each CPU is assigned a 2^64 period, non-overlapping diff --git a/sys/compat/linuxkpi/common/include/linux/etherdevice.h b/sys/compat/linuxkpi/common/include/linux/etherdevice.h index 71ff97958024..392f395a5feb 100644 --- a/sys/compat/linuxkpi/common/include/linux/etherdevice.h +++ b/sys/compat/linuxkpi/common/include/linux/etherdevice.h @@ -108,8 +108,7 @@ eth_zero_addr(u8 *pa) static inline void random_ether_addr(u8 * dst) { - if (read_random(dst, 6) == 0) - arc4rand(dst, 6, 0); + arc4random_buf(dst, 6); dst[0] &= 0xfe; dst[0] |= 0x02; diff --git a/sys/compat/linuxkpi/common/include/linux/random.h b/sys/compat/linuxkpi/common/include/linux/random.h index c473c54f0190..14ea88237e1b 100644 --- a/sys/compat/linuxkpi/common/include/linux/random.h +++ b/sys/compat/linuxkpi/common/include/linux/random.h @@ -41,8 +41,7 @@ static inline void get_random_bytes(void *buf, int nbytes) { - if (read_random(buf, nbytes) == 0) - arc4rand(buf, nbytes, 0); + arc4random_buf(buf, nbytes); } static inline u_int diff --git a/sys/net/if_spppsubr.c b/sys/net/if_spppsubr.c index a68cd11469f3..9d999701e91e 100644 --- a/sys/net/if_spppsubr.c +++ b/sys/net/if_spppsubr.c @@ -4335,16 +4335,12 @@ sppp_chap_tld(struct sppp *sp) static void sppp_chap_scr(struct sppp *sp) { - u_long *ch, seed; + u_long *ch; u_char clen; /* Compute random challenge. */ ch = (u_long *)sp->myauth.challenge; - read_random(&seed, sizeof seed); - ch[0] = seed ^ random(); - ch[1] = seed ^ random(); - ch[2] = seed ^ random(); - ch[3] = seed ^ random(); + arc4random_buf(ch, 4 * sizeof(*ch)); clen = AUTHKEYLEN; sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index efe4ee519659..347aa821e358 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -4760,34 +4760,10 @@ key_random() { u_long value; - key_randomfill(&value, sizeof(value)); + arc4random_buf(&value, sizeof(value)); return value; } -void -key_randomfill(void *p, size_t l) -{ - size_t n; - u_long v; - static int warn = 1; - - n = 0; - n = (size_t)read_random(p, (u_int)l); - /* last resort */ - while (n < l) { - v = random(); - bcopy(&v, (u_int8_t *)p + n, - l - n < sizeof(v) ? l - n : sizeof(v)); - n += sizeof(v); - - if (warn) { - printf("WARNING: pseudo-random number generator " - "used for IPsec processing\n"); - warn = 0; - } - } -} - /* * map SADB_SATYPE_* to IPPROTO_*. * if satype == SADB_SATYPE then satype is mapped to ~0. diff --git a/sys/netipsec/key.h b/sys/netipsec/key.h index 7d7ae69f379d..2ee7c208f195 100644 --- a/sys/netipsec/key.h +++ b/sys/netipsec/key.h @@ -78,7 +78,6 @@ void key_unregister_ifnet(struct secpolicy **, u_int); void key_delete_xform(const struct xformsw *); extern u_long key_random(void); -extern void key_randomfill(void *, size_t); extern void key_freereg(struct socket *); extern int key_parse(struct mbuf *, struct socket *); extern void key_init(void); diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index e5182f258bbc..ed3063131853 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -811,7 +811,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, */ switch (sav->flags & SADB_X_EXT_PMASK) { case SADB_X_EXT_PRAND: - (void) read_random(pad, padding - 2); + arc4random_buf(pad, padding - 2); break; case SADB_X_EXT_PZERO: bzero(pad, padding - 2); diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index ea658e33bbb6..4e80fcdecea3 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -3616,7 +3616,7 @@ pf_tcp_iss(struct pf_pdesc *pd) u_int32_t digest[4]; if (V_pf_tcp_secret_init == 0) { - read_random(&V_pf_tcp_secret, sizeof(V_pf_tcp_secret)); + arc4random_buf(&V_pf_tcp_secret, sizeof(V_pf_tcp_secret)); MD5Init(&V_pf_tcp_secret_ctx); MD5Update(&V_pf_tcp_secret_ctx, V_pf_tcp_secret, sizeof(V_pf_tcp_secret));