svn commit: r253786 - in head/sys: dev/random modules/padlock_rng modules/rdrand_rng modules/yarrow_rng
obrien at FreeBSD.org
Wed Jul 31 17:46:18 UTC 2013
On Wed, Jul 31, 2013 at 05:58:43AM +0400, Andrey Chernov wrote:
> On 31.07.2013 4:07, David O'Brien wrote:
> > I believe you're talking about this code in
> > sys/libkern/arc4random.c:arc4rand()
> > if (atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE,
> > ARC4_ENTR_SEED) || reseed ||
> > (arc4_numruns > ARC4_RESEED_BYTES) ||
> > (tv.tv_sec > arc4_t_reseed))
> > arc4_randomstir();
> > Without setting 'arc4rand_iniseed_state' from ARC4_ENTR_NONE ->
> > ARC4_ENTR_HAVE, we would still call arc4_randomstir() periodically due
> > to (tv.tv_sec > arc4_t_reseed) and (arc4_numruns > ARC4_RESEED_BYTES).
> The whole problem is that arc4 is poorly initialized right after boot,
> but immediately used in many places like tcp. It reseeds again only
> after 5 minutes after boot making vulnerability window at this interval.
I realize the motivation for your r249631 change.
But as it relates to the change I committed, there is no change in
behavior in this. If one is using a hardware RNG, yarrow is not
initialized and so the ARC4_ENTR_NONE -> ARC4_ENTR_HAVE transition
does not happen.
-- David (obrien at FreeBSD.org)
More information about the svn-src-head