Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/sys pullup (approved by releng-1-5)
details: https://anonhg.NetBSD.org/src/rev/286086a1fec4
branches: netbsd-1-5
changeset: 489682:286086a1fec4
user: itojun <itojun%NetBSD.org@localhost>
date: Thu Oct 05 14:51:57 2000 +0000
description:
pullup (approved by releng-1-5)
always use rnd(4) for IPsec random number source. avoid random(9).
if there's no rnd(4), random(9) will be used with one-time warning printf(9).
XXX not sure how good rnd_extract_data(RND_EXTRACT_ANY) is, under entropy-
starvation situation
cvs rdiff -r1.11 -r1.12 syssrc/sys/netinet6/esp_core.c
cvs rdiff -r1.9 -r1.10 syssrc/sys/netinet6/esp_output.c
cvs rdiff -r1.38 -r1.39 syssrc/sys/netkey/key.c
cvs rdiff -r1.6 -r1.7 syssrc/sys/netkey/key.h
diffstat:
sys/netinet6/esp_core.c | 28 ++--------------
sys/netinet6/esp_output.c | 7 +--
sys/netkey/key.c | 76 ++++++++++++++++++++++++++--------------------
sys/netkey/key.h | 7 +++-
4 files changed, 55 insertions(+), 63 deletions(-)
diffs (240 lines):
diff -r 53adb9b41721 -r 286086a1fec4 sys/netinet6/esp_core.c
--- a/sys/netinet6/esp_core.c Thu Oct 05 13:25:37 2000 +0000
+++ b/sys/netinet6/esp_core.c Thu Oct 05 14:51:57 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: esp_core.c,v 1.1.1.1.2.5 2000/10/04 17:39:35 itojun Exp $ */
-/* $KAME: esp_core.c,v 1.44 2000/09/20 18:15:22 itojun Exp $ */
+/* $NetBSD: esp_core.c,v 1.1.1.1.2.6 2000/10/05 14:51:57 itojun Exp $ */
+/* $KAME: esp_core.c,v 1.46 2000/10/05 04:02:57 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,6 +61,7 @@
#include <netinet6/esp_rijndael.h>
#include <net/pfkeyv2.h>
#include <netkey/keydb.h>
+#include <netkey/key.h>
#include <crypto/des/des.h>
#include <crypto/blowfish/blowfish.h>
#include <crypto/cast128/cast128.h>
@@ -110,7 +111,6 @@
struct secasvar *, const struct esp_algorithm *, int));
static int esp_cbc_encrypt __P((struct mbuf *, size_t, size_t,
struct secasvar *, const struct esp_algorithm *, int));
-static void esp_increment_iv __P((struct secasvar *));
#define MAXIVLEN 16
@@ -1027,31 +1027,11 @@
bzero(iv, sizeof(iv));
bzero(sbuf, sizeof(sbuf));
- esp_increment_iv(sav);
+ key_sa_stir_iv(sav);
return 0;
}
-/*
- * increment iv.
- */
-static void
-esp_increment_iv(sav)
- struct secasvar *sav;
-{
- u_int8_t *x;
- u_int8_t y;
- int i;
-
- y = time.tv_sec & 0xff;
- if (!y) y++;
- x = (u_int8_t *)sav->iv;
- for (i = 0; i < sav->ivlen; i++) {
- *x = (*x + y) & 0xff;
- x++;
- }
-}
-
/*------------------------------------------------------------*/
/* does not free m0 on error */
diff -r 53adb9b41721 -r 286086a1fec4 sys/netinet6/esp_output.c
--- a/sys/netinet6/esp_output.c Thu Oct 05 13:25:37 2000 +0000
+++ b/sys/netinet6/esp_output.c Thu Oct 05 14:51:57 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: esp_output.c,v 1.1.1.1.2.5 2000/10/02 23:41:32 itojun Exp $ */
-/* $KAME: esp_output.c,v 1.34 2000/10/01 12:37:19 itojun Exp $ */
+/* $NetBSD: esp_output.c,v 1.1.1.1.2.6 2000/10/05 14:51:57 itojun Exp $ */
+/* $KAME: esp_output.c,v 1.35 2000/10/05 03:25:23 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -455,8 +455,7 @@
}
switch (sav->flags & SADB_X_EXT_PMASK) {
case SADB_X_EXT_PRAND:
- for (i = 0; i < extendsiz; i++)
- extend[i] = random() & 0xff;
+ key_randomfill(extend, extendsiz);
break;
case SADB_X_EXT_PZERO:
bzero(extend, extendsiz);
diff -r 53adb9b41721 -r 286086a1fec4 sys/netkey/key.c
--- a/sys/netkey/key.c Thu Oct 05 13:25:37 2000 +0000
+++ b/sys/netkey/key.c Thu Oct 05 14:51:57 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: key.c,v 1.23.2.7 2000/10/02 23:42:34 itojun Exp $ */
-/* $KAME: key.c,v 1.162 2000/10/01 12:37:21 itojun Exp $ */
+/* $NetBSD: key.c,v 1.23.2.8 2000/10/05 14:51:58 itojun Exp $ */
+/* $KAME: key.c,v 1.167 2000/10/05 04:02:57 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -93,12 +93,10 @@
#include <machine/stdarg.h>
-#ifdef __NetBSD__
#include "rnd.h"
#if NRND > 0
#include <sys/rnd.h>
#endif
-#endif
#include <net/net_osdep.h>
@@ -376,7 +374,6 @@
static int key_sockaddrcmp __P((struct sockaddr *, struct sockaddr *, int));
static int key_bbcmp __P((caddr_t, caddr_t, u_int));
static void key_srandom __P((void));
-static u_long key_random __P((void));
static u_int16_t key_satype2proto __P((u_int8_t));
static u_int8_t key_proto2satype __P((u_int16_t));
@@ -4196,50 +4193,53 @@
key_srandom()
{
struct timeval tv;
-#ifdef __bsdi__
- extern long randseed; /* it's defined at i386/i386/random.s */
-#endif /* __bsdi__ */
-#ifdef __NetBSD__
int i;
-#endif
microtime(&tv);
-#ifdef __FreeBSD__
- srandom(tv.tv_usec);
-#elif defined(__bsdi__)
- randseed = tv.tv_usec;
-#elif defined(__NetBSD__)
for (i = (int)((tv.tv_sec ^ tv.tv_usec) & 0x3ff); i > 0; i--)
(void)random();
-#endif
return;
}
-/*
- * to initialize a seed for random()
- */
-static u_long
+u_long
key_random()
{
u_long value;
-#if defined(__NetBSD__) && NRND > 0
- int l;
-#endif
-
-#if defined(__NetBSD__) && NRND > 0
- /* assumes that random number pool has enough entropy */
- l = rnd_extract_data(&value, sizeof(value), RND_EXTRACT_GOOD);
- if (l != sizeof(value))
- value = random();
-#else
- value = random();
-#endif
-
+
+ key_randomfill(&value, sizeof(value));
return value;
}
+void
+key_randomfill(p, l)
+ void *p;
+ size_t l;
+{
+ size_t n;
+ u_long v;
+ static int warn = 1;
+
+ n = 0;
+#if NRND > 0
+ n = rnd_extract_data(p, l, RND_EXTRACT_ANY);
+#endif
+ /* last resort */
+ while (n < l) {
+ v = random();
+ bcopy(&v, (u_int8_t *)p + n,
+ l - n < sizeof(v) ? l - n : sizeof(v));
+ n += sizeof(v);
+
+ if (warn) {
+ printf("WARNING: pseudo-random number generator "
+ "used for IPsec processing\n");
+ warn = 0;
+ }
+ }
+}
+
/*
* map SADB_SATYPE_* to IPPROTO_*.
* if satype == SADB_SATYPE then satype is mapped to ~0.
@@ -7222,6 +7222,16 @@
LIST_INSERT_HEAD(&sav->sah->savtree[state], sav, chain);
}
+void
+key_sa_stir_iv(sav)
+ struct secasvar *sav;
+{
+
+ if (!sav->iv)
+ panic("key_sa_stir_iv called with sav == NULL");
+ key_randomfill(sav->iv, sav->ivlen);
+}
+
/* XXX too much? */
static struct mbuf *
key_alloc_mbuf(l)
diff -r 53adb9b41721 -r 286086a1fec4 sys/netkey/key.h
--- a/sys/netkey/key.h Thu Oct 05 13:25:37 2000 +0000
+++ b/sys/netkey/key.h Thu Oct 05 14:51:57 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: key.h,v 1.6 2000/06/12 10:40:47 itojun Exp $ */
-/* $KAME: key.h,v 1.17 2000/06/12 07:01:13 itojun Exp $ */
+/* $NetBSD: key.h,v 1.6.2.1 2000/10/05 14:51:59 itojun Exp $ */
+/* $KAME: key.h,v 1.19 2000/10/05 04:02:58 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,6 +61,8 @@
extern int key_ismyaddr __P((struct sockaddr *));
extern int key_spdacquire __P((struct secpolicy *));
extern void key_timehandler __P((void));
+extern u_long key_random __P((void));
+extern void key_randomfill __P((void *, size_t));
extern void key_freereg __P((struct socket *));
extern int key_parse __P((struct mbuf *, struct socket *));
extern void key_init __P((void));
@@ -68,6 +70,7 @@
caddr_t, caddr_t));
extern void key_sa_recordxfer __P((struct secasvar *, struct mbuf *));
extern void key_sa_routechange __P((struct sockaddr *));
+extern void key_sa_stir_iv __P((struct secasvar *));
extern int key_sysctl __P((int *, u_int, void *, size_t *, void *, size_t));
Home |
Main Index |
Thread Index |
Old Index