Page MenuHomeFreeBSD

arc4random(9): Integrate with RANDOM_FENESTRASX push-reseed

Authored by cem on Dec 16 2019, 7:32 PM.



In the fenestrasX model, when the root CSPRNG is reseeded from pools due to
an (infrequent) timer, child CSPRNGs can cheaply detect this condition and
reseed. To do so, they just need to track an additional 64-bit value in the
associated state, and check the __read_mostly root seed version (generation)
on random reads.

This revision integrates arc4random(9) into that model without changing the
design or implementation of arc4random(9) much. The motivation is that
arc4random(9) is immediately reseeded when the backing random(4)
implementation has additional entropy. This is arguably most important
during boot, when fenestrasX is reseeding at 1, 3, 9, 27, etc., second
intervals, but arc4random(9) has a hardcoded 300 second reseed window.
Without this mechanism, if arc4random(9) gets weak entropy during initial
seed (and arc4random(9) is used early in boot, so this is quite possible),
it may continue to emit poorly seeded output for 5 minutes. This scheme
corrects arc4random(9) as soon as possible.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

I would like to land this. With the RANDOM_FENESTRASX option off (default), it should be no functional change. Any objection?

markm added a subscriber: markm.

I'm happy to see this landed in disabled form.

This revision is now accepted and ready to land.Oct 7 2020, 5:58 PM