[src/trunk]: src/sys ESP output was drawing down the entropy pool at a feroci...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys ESP output was drawing down the entropy pool at a feroci...
From: tls <tls%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 12:06:54 +0000

details:   https://anonhg.NetBSD.org/src/rev/26a83e4aaaf2
branches:  trunk
changeset: 537823:26a83e4aaaf2
user:      tls <tls%NetBSD.org@localhost>
date:      Sun Oct 06 08:51:44 2002 +0000

description:
ESP output was drawing down the entropy pool at a ferocious rate, a
particular problem on hosts with only wireless interfaces that are
definitely not safe to use as entropy sources.

Add arc4randbytes() which hands out bytes from the same source used
by arc4random().  This is intended to be a _temporary_ interface
until we can design and implement a better general PRNG interface
that is decoupled from the entropy-pool implementation.

Modify key_randomfill() (used only for initialization vectors on
SA creation and via key_sa_stir_iv(), which does not "stir",
despite its name) to use arc4randbytes() instead of pulling bits
directly from the entropy pool.  It is my hope that this change
will pose minimal integration problems for the KAME folks as the
random-pool interface is *already* different between each BSD
variant; this just simplifies the NetBSD case and solves a
fairly serious problem.

Note that it is generally considered acceptable cryptographic
practice to use a fast stream cipher to generate IVs for encryption
with stronger block ciphers.  For example, the use of "non-Approved"
PRNGs to generate IVs for "Approved" block ciphers is explicitly
sanctioned by FIPS 140-2.

diffstat:

 sys/lib/libkern/arc4random.c |  18 +++++++++++++++++-
 sys/lib/libkern/libkern.h    |   3 ++-
 sys/netkey/key.c             |  30 +++++++++++-------------------
 3 files changed, 30 insertions(+), 21 deletions(-)

diffs (101 lines):

diff -r 2de7a508bd54 -r 26a83e4aaaf2 sys/lib/libkern/arc4random.c
--- a/sys/lib/libkern/arc4random.c      Sun Oct 06 06:47:40 2002 +0000
+++ b/sys/lib/libkern/arc4random.c      Sun Oct 06 08:51:44 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: arc4random.c,v 1.7 2002/10/06 06:47:40 tls Exp $       */
+/*     $NetBSD: arc4random.c,v 1.8 2002/10/06 08:51:44 tls Exp $       */
 
 /*-
  * Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -199,3 +199,19 @@
        for(i = 0, ret = 0; i < 24; ret |= arc4_randbyte() << i, i += 8);
        return ret;
 }
+
+void
+arc4randbytes(void *p, size_t len)
+{
+    u_int8_t *buf;
+    size_t i;
+
+    buf = (u_int8_t *)p;
+
+    for(i = 0; i < len; buf[i] = arc4_randbyte(), i++);
+    arc4_numruns += len / sizeof(u_int32_t);
+    if((arc4_numruns > ARC4_MAXRUNS) ||
+       (mono_time.tv_sec > arc4_tv_nextreseed.tv_sec)) {
+               arc4_randrekey();
+       }
+}
diff -r 2de7a508bd54 -r 26a83e4aaaf2 sys/lib/libkern/libkern.h
--- a/sys/lib/libkern/libkern.h Sun Oct 06 06:47:40 2002 +0000
+++ b/sys/lib/libkern/libkern.h Sun Oct 06 08:51:44 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: libkern.h,v 1.45 2002/10/04 18:39:52 junyoung Exp $    */
+/*     $NetBSD: libkern.h,v 1.46 2002/10/06 08:51:44 tls Exp $ */
 
 /*-
  * Copyright (c) 1992, 1993
@@ -279,6 +279,7 @@
 void   *memmove __P((void *, const void *, size_t));
 int     pmatch __P((const char *, const char *, const char **));
 u_int32_t arc4random __P((void));
+void    arc4randbytes __P((void *, size_t));
 u_long  random __P((void));
 int     scanc __P((u_int, const u_char *, const u_char *, int));
 int     skpc __P((int, size_t, u_char *));
diff -r 2de7a508bd54 -r 26a83e4aaaf2 sys/netkey/key.c
--- a/sys/netkey/key.c  Sun Oct 06 06:47:40 2002 +0000
+++ b/sys/netkey/key.c  Sun Oct 06 08:51:44 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: key.c,v 1.77 2002/10/04 05:45:22 itojun Exp $  */
+/*     $NetBSD: key.c,v 1.78 2002/10/06 08:51:46 tls Exp $     */
 /*     $KAME: key.c,v 1.249 2002/06/14 14:46:22 itojun Exp $   */
 
 /*
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.77 2002/10/04 05:45:22 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.78 2002/10/06 08:51:46 tls Exp $");
 
 #include "opt_inet.h"
 #include "opt_ipsec.h"
@@ -4251,27 +4251,19 @@
        void *p;
        size_t l;
 {
-       size_t n;
-       u_long v;
        static int warn = 1;
 
-       n = 0;
 #if NRND > 0
-       n = rnd_extract_data(p, l, RND_EXTRACT_ANY);
+       arc4randbytes(p, l);
+       warn = 0;
+#else
+       /* the arc4 generator is keyed with junk. */
+       if (warn) {
+               printf("WARNING: pseudo-random number generator "
+                   "used for IPsec processing\n");
+               warn = 0;
+       }
 #endif
-       /* last resort */
-       while (n < l) {
-               v = random();
-               bcopy(&v, (u_int8_t *)p + n,
-                   l - n < sizeof(v) ? l - n : sizeof(v));
-               n += sizeof(v);
-
-               if (warn) {
-                       printf("WARNING: pseudo-random number generator "
-                           "used for IPsec processing\n");
-                       warn = 0;
-               }
-       }
 }
 
 /*

Prev by Date: [src/trunk]: src/sys/arch add SYSTRACE; approved perry.
Next by Date: [src/trunk]: src/sys/dev/raidframe Introduce a temp variable, and allocate th...
Previous by Thread: [src/trunk]: src/sys/arch add SYSTRACE; approved perry.
Next by Thread: [src/trunk]: src/sys/dev/raidframe Introduce a temp variable, and allocate th...
Indexes:

Home | Main Index | Thread Index | Old Index