Author: cem Date: Fri Oct 26 21:00:26 2018 New Revision: 339789 URL: https://svnweb.freebsd.org/changeset/base/339789
Log: fortuna: Drop global lock to zero stack variables Also drop explicit zeroing of hash context -- hash finish() operation is expected to do this. PR: 230877 Suggested by: delphij@ Reviewed by: delphij, markm Approved by: secteam (delphij) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D16986 Modified: head/sys/dev/random/fortuna.c Modified: head/sys/dev/random/fortuna.c ============================================================================== --- head/sys/dev/random/fortuna.c Fri Oct 26 20:55:01 2018 (r339788) +++ head/sys/dev/random/fortuna.c Fri Oct 26 21:00:26 2018 (r339789) @@ -374,47 +374,50 @@ random_fortuna_pre_read(void) now = getsbinuptime(); #endif - if (fortuna_state.fs_pool[0].fsp_length >= fortuna_state.fs_minpoolsize + if (fortuna_state.fs_pool[0].fsp_length < fortuna_state.fs_minpoolsize #ifdef _KERNEL /* FS&K - Use 'getsbinuptime()' to prevent reseed-spamming. */ - && (now - fortuna_state.fs_lasttime > SBT_1S/10) + || (now - fortuna_state.fs_lasttime <= SBT_1S/10) #endif ) { + RANDOM_RESEED_UNLOCK(); + return; + } + #ifdef _KERNEL - fortuna_state.fs_lasttime = now; + fortuna_state.fs_lasttime = now; #endif - /* FS&K - ReseedCNT = ReseedCNT + 1 */ - fortuna_state.fs_reseedcount++; - /* s = \epsilon at start */ - for (i = 0; i < RANDOM_FORTUNA_NPOOLS; i++) { - /* FS&K - if Divides(ReseedCnt, 2^i) ... */ - if ((fortuna_state.fs_reseedcount % (1 << i)) == 0) { - /*- - * FS&K - temp = (P_i) - * - P_i = \epsilon - * - s = s|H(temp) - */ - randomdev_hash_finish(&fortuna_state.fs_pool[i].fsp_hash, temp); - randomdev_hash_init(&fortuna_state.fs_pool[i].fsp_hash); - fortuna_state.fs_pool[i].fsp_length = 0; - randomdev_hash_init(&context); - randomdev_hash_iterate(&context, temp, RANDOM_KEYSIZE); - randomdev_hash_finish(&context, s + i*RANDOM_KEYSIZE_WORDS); - } else - break; - } + /* FS&K - ReseedCNT = ReseedCNT + 1 */ + fortuna_state.fs_reseedcount++; + /* s = \epsilon at start */ + for (i = 0; i < RANDOM_FORTUNA_NPOOLS; i++) { + /* FS&K - if Divides(ReseedCnt, 2^i) ... */ + if ((fortuna_state.fs_reseedcount % (1 << i)) == 0) { + /*- + * FS&K - temp = (P_i) + * - P_i = \epsilon + * - s = s|H(temp) + */ + randomdev_hash_finish(&fortuna_state.fs_pool[i].fsp_hash, temp); + randomdev_hash_init(&fortuna_state.fs_pool[i].fsp_hash); + fortuna_state.fs_pool[i].fsp_length = 0; + randomdev_hash_init(&context); + randomdev_hash_iterate(&context, temp, RANDOM_KEYSIZE); + randomdev_hash_finish(&context, s + i*RANDOM_KEYSIZE_WORDS); + } else + break; + } #ifdef _KERNEL - SDT_PROBE2(random, fortuna, event_processor, debug, fortuna_state.fs_reseedcount, fortuna_state.fs_pool); + SDT_PROBE2(random, fortuna, event_processor, debug, fortuna_state.fs_reseedcount, fortuna_state.fs_pool); #endif - /* FS&K */ - random_fortuna_reseed_internal(s, i); - /* Clean up and secure */ - explicit_bzero(s, sizeof(s)); - explicit_bzero(temp, sizeof(temp)); - explicit_bzero(&context, sizeof(context)); - } + /* FS&K */ + random_fortuna_reseed_internal(s, i); RANDOM_RESEED_UNLOCK(); + + /* Clean up and secure */ + explicit_bzero(s, sizeof(s)); + explicit_bzero(temp, sizeof(temp)); } /*- _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
