Page MenuHomeFreeBSD

arc4random(9): Integrate with RANDOM_FENESTRASX push-reseed
ClosedPublic

Authored by cem on Dec 16 2019, 7:32 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jan 18, 10:13 PM
Unknown Object (File)
Thu, Jan 16, 10:38 AM
Unknown Object (File)
Fri, Jan 10, 8:07 AM
Unknown Object (File)
Sun, Jan 5, 12:32 PM
Unknown Object (File)
Fri, Jan 3, 12:24 PM
Unknown Object (File)
Dec 5 2024, 8:06 AM
Unknown Object (File)
Nov 27 2024, 2:59 AM
Unknown Object (File)
Nov 24 2024, 3:16 AM
Subscribers

Details

Summary

In the fenestrasX model, when the root CSPRNG is reseeded from pools due to
an (infrequent) timer, child CSPRNGs can cheaply detect this condition and
reseed. To do so, they just need to track an additional 64-bit value in the
associated state, and check the __read_mostly root seed version (generation)
on random reads.

This revision integrates arc4random(9) into that model without changing the
design or implementation of arc4random(9) much. The motivation is that
arc4random(9) is immediately reseeded when the backing random(4)
implementation has additional entropy. This is arguably most important
during boot, when fenestrasX is reseeding at 1, 3, 9, 27, etc., second
intervals, but arc4random(9) has a hardcoded 300 second reseed window.
Without this mechanism, if arc4random(9) gets weak entropy during initial
seed (and arc4random(9) is used early in boot, so this is quite possible),
it may continue to emit poorly seeded output for 5 minutes. This scheme
corrects arc4random(9) as soon as possible.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

I would like to land this. With the RANDOM_FENESTRASX option off (default), it should be no functional change. Any objection?

markm added a subscriber: markm.

I'm happy to see this landed in disabled form.

This revision is now accepted and ready to land.Oct 7 2020, 5:58 PM