openbsd/src/lib/libcrypto/crypto/arc4random_linux.h, branch OPENBSD_5_9_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_5_9_BASE 2016-01-04T02:04:56+00:00 Calling clone(2) with CLONE_NEWPID yields multiple processes with pid=1. 2016-01-04T02:04:56+00:00 bcook 2016-01-04T02:04:56+00:00 urn:sha1:0f894628446dec0db2f00dac168dac6bcb7dd705 Work around this particular case by reseeding whenever pid=1, but as guenther@ notes, directly calling clone(2), and then forking to match another pid, provides other ways to bypass new process detection on Linux. Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and does not invent a corresponding mechanism to subvert it. Noted by Sebastian Krahmer and the opmsg team. See http://stealth.openwall.net/crypto/randup.c for a test program. ok beck@ back in september I did the large abstraction refactoring to allow these 2015-01-15T06:57:18+00:00 deraadt 2015-01-15T06:57:18+00:00 urn:sha1:2c0fa7a33267776e90c29aa1b640595e92c0d8f7 other systems to fit into the same mold, so add copyright munmap correct object in (extremely unlikely, and effectively terminal) 2014-08-13T06:04:10+00:00 deraadt 2014-08-13T06:04:10+00:00 urn:sha1:a4dcb1ba73868ec4ce8e7552483d80ead4aab937 case of failing to map the 2nd object. found by Paul Maurers Move more OS-specific functionality to arc4random.h headers. 2014-07-20T20:51:13+00:00 bcook 2014-07-20T20:51:13+00:00 urn:sha1:e1e31280b22a03036aa16e7c3814eedfa8ce1be4 Move <sys/mman.h> and raise(SIGKILL) calls to OS-specific headers. On OpenBSD, move thread_private.h as well to arc4random.h. On Windows, use TerminateProcess on getentropy failure. ok deraadt@ Move _ARC4_ATFORK handlers from thread_private.h in portable. 2014-07-19T15:29:25+00:00 bcook 2014-07-19T15:29:25+00:00 urn:sha1:62420f1b1933ae233466d93f14a20382680ca61c move _ARC4_LOCK/UNLOCK primitives from thread_private into OS-specific modules 2014-07-19T14:34:38+00:00 bcook 2014-07-19T14:34:38+00:00 urn:sha1:8323938cd69c84c53e1c31b179623d9c20175393 fixup typos 2014-07-19T13:02:28+00:00 bcook 2014-07-19T13:02:28+00:00 urn:sha1:7fb2af12ce2778416f758df6e30e9932b1909167 Change _rs_allocate so it can combine the two regions (rs and rsx) 2014-07-19T00:08:43+00:00 deraadt 2014-07-19T00:08:43+00:00 urn:sha1:7dda705eb34d88c4c8c8ece0a009c6cac7b14c67 into one if a system has an awesome getentropy(). In that case it is valid to totally throw away the rsx state in the child. If the getentropy() is not very good and has a lazy reseed operation, this combining is a bad idea, and the reseed should probably continue to use the "something old, something new" mix. _rs_allocate() can accomodate either method, but not on the fly. ok matthew Cleanup portable arc4random fork detection code: 2014-07-18T21:40:54+00:00 matthew 2014-07-18T21:40:54+00:00 urn:sha1:cb6d7664a81745720f33266734161b267e83c5dd 1. Use "len" parameter instead of sizeof(*rs). 2. Simplify the atfork handler to be strictly async signal safe by simply writing to a global volatile sig_atomic_t object, and then checking for this in _rs_forkdetect(). (Idea from discussions with Szabolcs Nagy and Rich Felker.) 3. Use memset(rs, 0, sizeof(*rs)) to match OpenBSD's MAP_INHERIT_ZERO fork semantics to avoid any skew in behavior across platforms. ok deraadt Seperate arc4random's os-dependent parts into static inline functions, 2014-07-18T02:05:55+00:00 deraadt 2014-07-18T02:05:55+00:00 urn:sha1:c3ecd2f97aa6b0c3ad2b858fd98b8b662c2b7751 making it much easier for libressl -portable to fill in the gaps. ok bcook beck