PR/58632 CVS commit: src/lib/libc/gen

[gnats-admin%netbsd.org@localhost]

The following reply was made to PR kern/58632; it has been noted by GNATS.

From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/58632 CVS commit: src/lib/libc/gen
Date: Mon, 26 Aug 2024 15:19:23 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Mon Aug 26 15:19:22 UTC 2024
 
 Modified Files:
 	src/lib/libc/gen: arc4random.c
 
 Log Message:
 arc4random(3): Reseed if system entropy epoch changes.
 
 This can happen, for example, if the system is a VM instance, and the
 VM is cloned.
 
 This incurs the cost of a system call on every arc4random call, which
 is unfortunate, but
 
 1. we don't currently have a (machine-independent) mechanism for
    exposing a read-only page to userland shared by the kernel to
    enable a cheaper access path to the entropy epoch; and
 
 2. the algorithm here -- a simple application of ChaCha -- is likely
    also a bottleneck and could be much cheaper by
 
    (a) using sys/crypto/chacha for machine-dependent vectorized
        ChaCha code, and
 
    (b) filling a buffer (somewhere between a cipher block and a page)
        in a batch at a time, instead of running ChaCha to generate
        only 32 bytes at a time.
 
 So although this might be a performance hit, the security benefit is
 worthwhile and we have a clear path to do better than reversing the
 performance hit later.
 
 PR kern/58632: getentropy(2) and arc4random(3) do not reseed on VM
 fork
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.34 -r1.35 src/lib/libc/gen/arc4random.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.