1 files changed, 44 insertions, 37 deletions
diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c
index 7a2d9e800a..03eb047f98 100644
--- a/src/lib/libc/crypt/arc4random.c
+++ b/src/lib/libc/crypt/arc4random.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: arc4random.c,v 1.33 2014/06/13 18:58:58 deraadt Exp $ */
+/*      $OpenBSD: arc4random.c,v 1.34 2014/06/17 00:37:07 matthew Exp $ */
 /*
 * Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -48,12 +48,13 @@
 #define IVSZ    8
 #define BLOCKSZ 64
 #define RSBUFSZ (16*BLOCKSZ)
-static int rs_initialized;
-static pid_t rs_stir_pid;
+static struct {
-static chacha_ctx *rs;          /* chacha context for random keystream */
+        size_t          rs_have;        /* valid bytes at end of rs_buf */
+        size_t          rs_count;       /* bytes till reseed */
+        chacha_ctx      rs_chacha;      /* chacha context for random keystream */
+} *rs;
 static u_char *rs_buf;          /* keystream blocks */
-static size_t rs_have;          /* valid bytes at end of rs_buf */
-static size_t rs_count;         /* bytes till reseed */
 static inline void _rs_rekey(u_char *dat, size_t datlen);
@@ -63,15 +64,23 @@ _rs_init(u_char *buf, size_t n)
        if (n < KEYSZ + IVSZ)
                return;
-        if (rs == NULL && (rs = mmap(NULL, sizeof(*rs), PROT_READ|PROT_WRITE,
+        if (rs == NULL) {
-            MAP_ANON, -1, 0)) == MAP_FAILED)
+                if ((rs = mmap(NULL, sizeof(*rs), PROT_READ|PROT_WRITE,
-                abort();
+                    MAP_ANON, -1, 0)) == MAP_FAILED)
-        if (rs_buf == NULL && (rs_buf = mmap(NULL, RSBUFSZ, PROT_READ|PROT_WRITE,
+                        abort();
-            MAP_ANON, -1, 0)) == MAP_FAILED)
+                if (minherit(rs, sizeof(*rs), MAP_INHERIT_ZERO) == -1)
-                abort();
+                        abort();
+        }
+        if (rs_buf == NULL) {
+                if ((rs_buf = mmap(NULL, RSBUFSZ, PROT_READ|PROT_WRITE,
+                    MAP_ANON, -1, 0)) == MAP_FAILED)
+                        abort();
+                if (minherit(rs_buf, RSBUFSZ, MAP_INHERIT_ZERO) == -1)
+                        abort();
+        }
-        chacha_keysetup(rs, buf, KEYSZ * 8, 0);
+        chacha_keysetup(&rs->rs_chacha, buf, KEYSZ * 8, 0);
-        chacha_ivsetup(rs, buf + KEYSZ);
+        chacha_ivsetup(&rs->rs_chacha, buf + KEYSZ);
 }
 static void
@@ -82,30 +91,28 @@ _rs_stir(void)
        /* XXX */
        (void) getentropy(rnd, sizeof rnd);
-        if (!rs_initialized) {
+        if (!rs)
-                rs_initialized = 1;
                _rs_init(rnd, sizeof(rnd));
-        } else
+        else
                _rs_rekey(rnd, sizeof(rnd));
        explicit_bzero(rnd, sizeof(rnd));
        /* invalidate rs_buf */
-        rs_have = 0;
+        rs->rs_have = 0;
        memset(rs_buf, 0, RSBUFSZ);
-        rs_count = 1600000;
+        rs->rs_count = 1600000;
 }
 static inline void
 _rs_stir_if_needed(size_t len)
 {
-        pid_t pid = getpid();
+        if (!rs || rs->rs_count <= len)
-        if (rs_count <= len || !rs_initialized || rs_stir_pid != pid) {
-                rs_stir_pid = pid;
                _rs_stir();
-        } else
+        if (rs->rs_count <= len)
-                rs_count -= len;
+                rs->rs_count = 0;
+        else
+                rs->rs_count -= len;
 }
 static inline void
@@ -115,7 +122,7 @@ _rs_rekey(u_char *dat, size_t datlen)
        memset(rs_buf, 0,RSBUFSZ);
 #endif
        /* fill rs_buf with the keystream */
-        chacha_encrypt_bytes(rs, rs_buf, rs_buf, RSBUFSZ);
+        chacha_encrypt_bytes(&rs->rs_chacha, rs_buf, rs_buf, RSBUFSZ);
        /* mix in optional user provided data */
        if (dat) {
                size_t i, m;
@@ -127,7 +134,7 @@ _rs_rekey(u_char *dat, size_t datlen)
        /* immediately reinit for backtracking resistance */
        _rs_init(rs_buf, KEYSZ + IVSZ);
        memset(rs_buf, 0, KEYSZ + IVSZ);
-        rs_have = RSBUFSZ - KEYSZ - IVSZ;
+        rs->rs_have = RSBUFSZ - KEYSZ - IVSZ;
 }
 static inline void
@@ -138,15 +145,15 @@ _rs_random_buf(void *_buf, size_t n)
        _rs_stir_if_needed(n);
        while (n > 0) {
-                if (rs_have > 0) {
+                if (rs->rs_have > 0) {
-                        m = MIN(n, rs_have);
+                        m = MIN(n, rs->rs_have);
-                        memcpy(buf, rs_buf + RSBUFSZ - rs_have, m);
+                        memcpy(buf, rs_buf + RSBUFSZ - rs->rs_have, m);
-                        memset(rs_buf + RSBUFSZ - rs_have, 0, m);
+                        memset(rs_buf + RSBUFSZ - rs->rs_have, 0, m);
                        buf += m;
                        n -= m;
-                        rs_have -= m;
+                        rs->rs_have -= m;
                }
-                if (rs_have == 0)
+                if (rs->rs_have == 0)
                        _rs_rekey(NULL, 0);
        }
 }
@@ -155,11 +162,11 @@ static inline void
 _rs_random_u32(u_int32_t *val)
 {
        _rs_stir_if_needed(sizeof(*val));
-        if (rs_have < sizeof(*val))
+        if (rs->rs_have < sizeof(*val))
                _rs_rekey(NULL, 0);
-        memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val));
+        memcpy(val, rs_buf + RSBUFSZ - rs->rs_have, sizeof(*val));
-        memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val));
+        memset(rs_buf + RSBUFSZ - rs->rs_have, 0, sizeof(*val));
-        rs_have -= sizeof(*val);
+        rs->rs_have -= sizeof(*val);
 }
 u_int32_t

diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c index 7a2d9e800a..03eb047f98 100644 --- a/src/lib/libc/crypt/arc4random.c +++ b/src/lib/libc/crypt/arc4random.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: arc4random.c,v 1.33 2014/06/13 18:58:58 deraadt Exp $ */	1	/* $OpenBSD: arc4random.c,v 1.34 2014/06/17 00:37:07 matthew Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 1996, David Mazieres <dm@uun.org>	4	* Copyright (c) 1996, David Mazieres <dm@uun.org>
@@ -48,12 +48,13 @@
48	#define IVSZ 8	48	#define IVSZ 8
49	#define BLOCKSZ 64	49	#define BLOCKSZ 64
50	#define RSBUFSZ (16*BLOCKSZ)	50	#define RSBUFSZ (16*BLOCKSZ)
51	static int rs_initialized;	51
52	static pid_t rs_stir_pid;	52	static struct {
53	static chacha_ctx rs; / chacha context for random keystream */	53	size_t rs_have; /* valid bytes at end of rs_buf */
		54	size_t rs_count; /* bytes till reseed */
		55	chacha_ctx rs_chacha; /* chacha context for random keystream */
		56	} *rs;
54	static u_char rs_buf; / keystream blocks */	57	static u_char rs_buf; / keystream blocks */
55	static size_t rs_have; /* valid bytes at end of rs_buf */
56	static size_t rs_count; /* bytes till reseed */
57		58
58	static inline void _rs_rekey(u_char *dat, size_t datlen);	59	static inline void _rs_rekey(u_char *dat, size_t datlen);
59		60
@@ -63,15 +64,23 @@ _rs_init(u_char *buf, size_t n)
63	if (n < KEYSZ + IVSZ)	64	if (n < KEYSZ + IVSZ)
64	return;	65	return;
65		66
66	if (rs == NULL && (rs = mmap(NULL, sizeof(*rs), PROT_READ\|PROT_WRITE,	67	if (rs == NULL) {
67	MAP_ANON, -1, 0)) == MAP_FAILED)	68	if ((rs = mmap(NULL, sizeof(*rs), PROT_READ\|PROT_WRITE,
68	abort();	69	MAP_ANON, -1, 0)) == MAP_FAILED)
69	if (rs_buf == NULL && (rs_buf = mmap(NULL, RSBUFSZ, PROT_READ\|PROT_WRITE,	70	abort();
70	MAP_ANON, -1, 0)) == MAP_FAILED)	71	if (minherit(rs, sizeof(*rs), MAP_INHERIT_ZERO) == -1)
71	abort();	72	abort();
		73	}
		74	if (rs_buf == NULL) {
		75	if ((rs_buf = mmap(NULL, RSBUFSZ, PROT_READ\|PROT_WRITE,
		76	MAP_ANON, -1, 0)) == MAP_FAILED)
		77	abort();
		78	if (minherit(rs_buf, RSBUFSZ, MAP_INHERIT_ZERO) == -1)
		79	abort();
		80	}
72		81
73	chacha_keysetup(rs, buf, KEYSZ * 8, 0);	82	chacha_keysetup(&rs->rs_chacha, buf, KEYSZ * 8, 0);
74	chacha_ivsetup(rs, buf + KEYSZ);	83	chacha_ivsetup(&rs->rs_chacha, buf + KEYSZ);
75	}	84	}
76		85
77	static void	86	static void
@@ -82,30 +91,28 @@ _rs_stir(void)
82	/* XXX */	91	/* XXX */
83	(void) getentropy(rnd, sizeof rnd);	92	(void) getentropy(rnd, sizeof rnd);
84		93
85	if (!rs_initialized) {	94	if (!rs)
86	rs_initialized = 1;
87	_rs_init(rnd, sizeof(rnd));	95	_rs_init(rnd, sizeof(rnd));
88	} else	96	else
89	_rs_rekey(rnd, sizeof(rnd));	97	_rs_rekey(rnd, sizeof(rnd));
90	explicit_bzero(rnd, sizeof(rnd));	98	explicit_bzero(rnd, sizeof(rnd));
91		99
92	/* invalidate rs_buf */	100	/* invalidate rs_buf */
93	rs_have = 0;	101	rs->rs_have = 0;
94	memset(rs_buf, 0, RSBUFSZ);	102	memset(rs_buf, 0, RSBUFSZ);
95		103
96	rs_count = 1600000;	104	rs->rs_count = 1600000;
97	}	105	}
98		106
99	static inline void	107	static inline void
100	_rs_stir_if_needed(size_t len)	108	_rs_stir_if_needed(size_t len)
101	{	109	{
102	pid_t pid = getpid();	110	if (!rs \|\| rs->rs_count <= len)
103
104	if (rs_count <= len \|\| !rs_initialized \|\| rs_stir_pid != pid) {
105	rs_stir_pid = pid;
106	_rs_stir();	111	_rs_stir();
107	} else	112	if (rs->rs_count <= len)
108	rs_count -= len;	113	rs->rs_count = 0;
		114	else
		115	rs->rs_count -= len;
109	}	116	}
110		117
111	static inline void	118	static inline void
@@ -115,7 +122,7 @@ _rs_rekey(u_char *dat, size_t datlen)
115	memset(rs_buf, 0,RSBUFSZ);	122	memset(rs_buf, 0,RSBUFSZ);
116	#endif	123	#endif
117	/* fill rs_buf with the keystream */	124	/* fill rs_buf with the keystream */
118	chacha_encrypt_bytes(rs, rs_buf, rs_buf, RSBUFSZ);	125	chacha_encrypt_bytes(&rs->rs_chacha, rs_buf, rs_buf, RSBUFSZ);
119	/* mix in optional user provided data */	126	/* mix in optional user provided data */
120	if (dat) {	127	if (dat) {
121	size_t i, m;	128	size_t i, m;
@@ -127,7 +134,7 @@ _rs_rekey(u_char *dat, size_t datlen)
127	/* immediately reinit for backtracking resistance */	134	/* immediately reinit for backtracking resistance */
128	_rs_init(rs_buf, KEYSZ + IVSZ);	135	_rs_init(rs_buf, KEYSZ + IVSZ);
129	memset(rs_buf, 0, KEYSZ + IVSZ);	136	memset(rs_buf, 0, KEYSZ + IVSZ);
130	rs_have = RSBUFSZ - KEYSZ - IVSZ;	137	rs->rs_have = RSBUFSZ - KEYSZ - IVSZ;
131	}	138	}
132		139
133	static inline void	140	static inline void
@@ -138,15 +145,15 @@ _rs_random_buf(void *_buf, size_t n)
138		145
139	_rs_stir_if_needed(n);	146	_rs_stir_if_needed(n);
140	while (n > 0) {	147	while (n > 0) {
141	if (rs_have > 0) {	148	if (rs->rs_have > 0) {
142	m = MIN(n, rs_have);	149	m = MIN(n, rs->rs_have);
143	memcpy(buf, rs_buf + RSBUFSZ - rs_have, m);	150	memcpy(buf, rs_buf + RSBUFSZ - rs->rs_have, m);
144	memset(rs_buf + RSBUFSZ - rs_have, 0, m);	151	memset(rs_buf + RSBUFSZ - rs->rs_have, 0, m);
145	buf += m;	152	buf += m;
146	n -= m;	153	n -= m;
147	rs_have -= m;	154	rs->rs_have -= m;
148	}	155	}
149	if (rs_have == 0)	156	if (rs->rs_have == 0)
150	_rs_rekey(NULL, 0);	157	_rs_rekey(NULL, 0);
151	}	158	}
152	}	159	}
@@ -155,11 +162,11 @@ static inline void
155	_rs_random_u32(u_int32_t *val)	162	_rs_random_u32(u_int32_t *val)
156	{	163	{
157	_rs_stir_if_needed(sizeof(*val));	164	_rs_stir_if_needed(sizeof(*val));
158	if (rs_have < sizeof(*val))	165	if (rs->rs_have < sizeof(*val))
159	_rs_rekey(NULL, 0);	166	_rs_rekey(NULL, 0);
160	memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val));	167	memcpy(val, rs_buf + RSBUFSZ - rs->rs_have, sizeof(*val));
161	memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val));	168	memset(rs_buf + RSBUFSZ - rs->rs_have, 0, sizeof(*val));
162	rs_have -= sizeof(*val);	169	rs->rs_have -= sizeof(*val);
163	}	170	}
164		171
165	u_int32_t	172	u_int32_t