- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Dec 13 2020
May 1 2017
+ if (nameNext != nameStart
+ && (nameEnd == NULL || nameNext <= nameEnd)) {
+ pat = patNext;
+ name = nameNext;
+ continue;
+ }I prefer to copy NetBSD implementing the same thing, it appears they have additional safeguard against "name" goes too far:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/glob.c.diff?r1=1.36&r2=1.37&f=h&f=u
Feb 25 2017
Ah, it is gnu one. Sorry I don't check first. Thats OK.
Feb 24 2017
See BSDism reallocf(3) instead, it does free() automatically.
Jan 19 2017
Dec 19 2016
Nov 7 2016
By the second thought, no problem:) Since you mention that per-CPU locking is not your goal, in worst case the same harmless multiple stiring can happens since numruns belongs to the same arc4 data set to which stiring applied.
Unfortunately this is a problem that is already present in the current version.
In current version it is not a problem (see my previous comment about multiple stiring above), but in case each arc4 instance can run on different arc4 data set, it can be a problem.
Nov 4 2016
unlocked read of arc4->numruns
Will lead to several arc4 stiring in worst case (which IMHO is non-practical case). Any number of stiring does not harm arc4, at least one stiring should be enough. But all this for one CPU case, I don't know about per-CPU locking in details so can't answer the next note.
Oct 24 2016
Oct 7 2016
Yes.
This is nearly what I proposed before, but why would you reseed all the instances in case the user calls arc4rand with reseed = 1?
Because from current API point of view there is no separate CPU argument, so the call with reseed == 1 can come from any random CPU.
In general any random CPU may be not equal to unknown CPU for which this operation was made.
Oct 6 2016
Not sure this is a big security concern or not?
Maybe I am wrong, but I don't see big deal here - the moment of good randomness available is unpredictable in the time intervals we consider, and if some threads got it a bit later (on the next call), I don't see the problem.
There can be small window when arc4rand_iniseed_state is already set to SEED, but arc4_randomstir() is not called yet. And right in this time another thread calls the code. Well, we miss only single reinitialization per-CPU (more are time-consuming and can't fit between the check and immediate function call), on the next call they will be already reinitialized. Dou mean another scenario?
We can move both check and function call under lock, but it will slow things down, i.e. the thing you fight against.
The problem is that another thread may call the arc4rand() function and get some unsafe random bytes before the stir actually occurs and after the state was set to SEED.
Please show how it can happen in steps by steps. In old code if the state was SEED, it surely reinitialized, and reinitialization itself keeps a lock, so RNG can't move further and wait for reinitialization (from any thread).
Here is what I propose:
In your code 'reseed' variable should be move to the same 'if' as 'arc4rand_iniseed_state' placed, we never know what we cpu we reseed otherwise.
The next thing I don't like much is possible double initialization, if this condition additionaly meet in the same time 'if ((arc4->numruns > ARC4_RESEED_BYTES) || (tv.tv_sec > arc4->t_reseed))
All you need is simple local 'reseedall' variable and set it where ARC4_FOREACH(arc4) is.
I meant the arc4rand_iniseed_state variable.
I too. Without locking or atomic either yet one additional seeding can happens or no seeding can happens at all (CPU writing to another half of word, which is already checked).
I do agree with that, but on the very first call of arc4rand(), we can make sure readomstir() is called,
Not all stiring are equal) Non random stiring is done to just not block arc4 on early boot phase.
When good randomnes becomes available (which arc4rand_iniseed_state indicates) it must be reinitialized immediately on the next call.
But I am not sure to see the actual benefit of this atomic?
It allows to not play with locking.
I guess the read_random() call is blocking until the underlying entropy processor becomes secure?
Yes. Then it allows arc4 reseed. There is no point to reseed it before it happens with non random data.
reseed arg without specifying particular CPU means nothing but stir all CPUs too. And specifying that CPU is impossible on API level - nobody know from which CPU this code will be called.
The problem is that arc4rand_iniseed_state which is reset on the first use with atomic currently asssume that all RNGs are stired, but really only first one.
Oct 4 2016
In D8130#168692, @emeric.poupon_stormshield.eu wrote:In D8130#168678, @ache wrote:Sorry, my prev. comment was sent non-edited. Please forget it if you got it through the mail and re-read here instead.
No problem!
Since the call is very unlikely to fail, what about a KASSERT on failure then? That seems to be an acceptable compromise.
Sorry, my prev. comment was sent non-edited. Please forget it if you got it through the mail and re-read here instead.
In D8130#168672, @emeric.poupon_stormshield.eu wrote:In D8130#168667, @ache wrote:It will be better to use non-failing malloc flag. arc4_init() can't fail.
You mean a M_WAITOK flag? I was wondering: are you sure it is really safe to sleep in this context?
It will be better to use non-failing malloc flag. arc4_init() can't fail.