Author: cem Date: Thu Apr 4 01:02:50 2019 New Revision: 345865 URL: https://svnweb.freebsd.org/changeset/base/345865
Log: Replace read_random(9) with more appropriate arc4rand(9) KPIs Reviewed by: ae, delphij Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D19760 Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c head/sys/compat/linuxkpi/common/include/linux/etherdevice.h head/sys/compat/linuxkpi/common/include/linux/random.h head/sys/net/if_spppsubr.c head/sys/netipsec/key.c head/sys/netipsec/key.h head/sys/netipsec/xform_esp.c head/sys/netpfil/pf/pf.c Modified: head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c ============================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Thu Apr 4 00:05:36 2019 (r345864) +++ head/sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c Thu Apr 4 01:02:50 2019 (r345865) @@ -14631,7 +14631,7 @@ dtrace_state_create(struct cdev *dev, struct ucred *cr * SI_SUB_RANDOM < SI_SUB_DTRACE_ANON therefore entropy device is * assumed to be seeded at this point (if from Fortuna seed file). */ - (void) read_random(&state->dts_rstate[0], 2 * sizeof(uint64_t)); + arc4random_buf(&state->dts_rstate[0], 2 * sizeof(uint64_t)); for (cpu_it = 1; cpu_it < NCPU; cpu_it++) { /* * Each CPU is assigned a 2^64 period, non-overlapping Modified: head/sys/compat/linuxkpi/common/include/linux/etherdevice.h ============================================================================== --- head/sys/compat/linuxkpi/common/include/linux/etherdevice.h Thu Apr 4 00:05:36 2019 (r345864) +++ head/sys/compat/linuxkpi/common/include/linux/etherdevice.h Thu Apr 4 01:02:50 2019 (r345865) @@ -108,8 +108,7 @@ eth_zero_addr(u8 *pa) static inline void random_ether_addr(u8 * dst) { - if (read_random(dst, 6) == 0) - arc4rand(dst, 6, 0); + arc4random_buf(dst, 6); dst[0] &= 0xfe; dst[0] |= 0x02; Modified: head/sys/compat/linuxkpi/common/include/linux/random.h ============================================================================== --- head/sys/compat/linuxkpi/common/include/linux/random.h Thu Apr 4 00:05:36 2019 (r345864) +++ head/sys/compat/linuxkpi/common/include/linux/random.h Thu Apr 4 01:02:50 2019 (r345865) @@ -39,8 +39,7 @@ static inline void get_random_bytes(void *buf, int nbytes) { - if (read_random(buf, nbytes) == 0) - arc4rand(buf, nbytes, 0); + arc4random_buf(buf, nbytes); } static inline u_int Modified: head/sys/net/if_spppsubr.c ============================================================================== --- head/sys/net/if_spppsubr.c Thu Apr 4 00:05:36 2019 (r345864) +++ head/sys/net/if_spppsubr.c Thu Apr 4 01:02:50 2019 (r345865) @@ -4337,16 +4337,12 @@ sppp_chap_tld(struct sppp *sp) static void sppp_chap_scr(struct sppp *sp) { - u_long *ch, seed; + u_long *ch; u_char clen; /* Compute random challenge. */ ch = (u_long *)sp->myauth.challenge; - read_random(&seed, sizeof seed); - ch[0] = seed ^ random(); - ch[1] = seed ^ random(); - ch[2] = seed ^ random(); - ch[3] = seed ^ random(); + arc4random_buf(ch, 4 * sizeof(*ch)); clen = AUTHKEYLEN; sp->confid[IDX_CHAP] = ++sp->pp_seq[IDX_CHAP]; Modified: head/sys/netipsec/key.c ============================================================================== --- head/sys/netipsec/key.c Thu Apr 4 00:05:36 2019 (r345864) +++ head/sys/netipsec/key.c Thu Apr 4 01:02:50 2019 (r345865) @@ -4760,32 +4760,8 @@ key_random() { u_long value; - key_randomfill(&value, sizeof(value)); + arc4random_buf(&value, sizeof(value)); return value; -} - -void -key_randomfill(void *p, size_t l) -{ - size_t n; - u_long v; - static int warn = 1; - - n = 0; - n = (size_t)read_random(p, (u_int)l); - /* last resort */ - while (n < l) { - v = random(); - bcopy(&v, (u_int8_t *)p + n, - l - n < sizeof(v) ? l - n : sizeof(v)); - n += sizeof(v); - - if (warn) { - printf("WARNING: pseudo-random number generator " - "used for IPsec processing\n"); - warn = 0; - } - } } /* Modified: head/sys/netipsec/key.h ============================================================================== --- head/sys/netipsec/key.h Thu Apr 4 00:05:36 2019 (r345864) +++ head/sys/netipsec/key.h Thu Apr 4 01:02:50 2019 (r345865) @@ -78,7 +78,6 @@ void key_unregister_ifnet(struct secpolicy **, u_int); void key_delete_xform(const struct xformsw *); extern u_long key_random(void); -extern void key_randomfill(void *, size_t); extern void key_freereg(struct socket *); extern int key_parse(struct mbuf *, struct socket *); extern void key_init(void); Modified: head/sys/netipsec/xform_esp.c ============================================================================== --- head/sys/netipsec/xform_esp.c Thu Apr 4 00:05:36 2019 (r345864) +++ head/sys/netipsec/xform_esp.c Thu Apr 4 01:02:50 2019 (r345865) @@ -768,7 +768,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struc */ switch (sav->flags & SADB_X_EXT_PMASK) { case SADB_X_EXT_PRAND: - (void) read_random(pad, padding - 2); + arc4random_buf(pad, padding - 2); break; case SADB_X_EXT_PZERO: bzero(pad, padding - 2); Modified: head/sys/netpfil/pf/pf.c ============================================================================== --- head/sys/netpfil/pf/pf.c Thu Apr 4 00:05:36 2019 (r345864) +++ head/sys/netpfil/pf/pf.c Thu Apr 4 01:02:50 2019 (r345865) @@ -3207,7 +3207,7 @@ pf_tcp_iss(struct pf_pdesc *pd) u_int32_t digest[4]; if (V_pf_tcp_secret_init == 0) { - read_random(&V_pf_tcp_secret, sizeof(V_pf_tcp_secret)); + arc4random_buf(&V_pf_tcp_secret, sizeof(V_pf_tcp_secret)); MD5Init(&V_pf_tcp_secret_ctx); MD5Update(&V_pf_tcp_secret_ctx, V_pf_tcp_secret, sizeof(V_pf_tcp_secret)); _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
