diff options
author | Conrad Meyer <cem@FreeBSD.org> | 2019-04-04 01:02:50 +0000 |
---|---|---|
committer | Conrad Meyer <cem@FreeBSD.org> | 2019-04-04 01:02:50 +0000 |
commit | a8a16c71287e615fff06f05c92addbe8ffc2b9e0 (patch) | |
tree | b445dafe48a56365c05c773b15233f8bab1bbeec /sys/netipsec | |
parent | d9eb18ace9d6d8cf4b1a77f3d03237e05a194c25 (diff) | |
download | src-a8a16c71287e615fff06f05c92addbe8ffc2b9e0.tar.gz src-a8a16c71287e615fff06f05c92addbe8ffc2b9e0.zip |
Replace read_random(9) with more appropriate arc4rand(9) KPIs
Reviewed by: ae, delphij
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D19760
Notes
Notes:
svn path=/head/; revision=345865
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/key.c | 26 | ||||
-rw-r--r-- | sys/netipsec/key.h | 1 | ||||
-rw-r--r-- | sys/netipsec/xform_esp.c | 2 |
3 files changed, 2 insertions, 27 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 09e067ce2609..d54427410b92 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -4760,34 +4760,10 @@ key_random() { u_long value; - key_randomfill(&value, sizeof(value)); + arc4random_buf(&value, sizeof(value)); return value; } -void -key_randomfill(void *p, size_t l) -{ - size_t n; - u_long v; - static int warn = 1; - - n = 0; - n = (size_t)read_random(p, (u_int)l); - /* last resort */ - while (n < l) { - v = random(); - bcopy(&v, (u_int8_t *)p + n, - l - n < sizeof(v) ? l - n : sizeof(v)); - n += sizeof(v); - - if (warn) { - printf("WARNING: pseudo-random number generator " - "used for IPsec processing\n"); - warn = 0; - } - } -} - /* * map SADB_SATYPE_* to IPPROTO_*. * if satype == SADB_SATYPE then satype is mapped to ~0. diff --git a/sys/netipsec/key.h b/sys/netipsec/key.h index 7d7ae69f379d..2ee7c208f195 100644 --- a/sys/netipsec/key.h +++ b/sys/netipsec/key.h @@ -78,7 +78,6 @@ void key_unregister_ifnet(struct secpolicy **, u_int); void key_delete_xform(const struct xformsw *); extern u_long key_random(void); -extern void key_randomfill(void *, size_t); extern void key_freereg(struct socket *); extern int key_parse(struct mbuf *, struct socket *); extern void key_init(void); diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 68fbf3fc3851..77cba8345f89 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -768,7 +768,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, */ switch (sav->flags & SADB_X_EXT_PMASK) { case SADB_X_EXT_PRAND: - (void) read_random(pad, padding - 2); + arc4random_buf(pad, padding - 2); break; case SADB_X_EXT_PZERO: bzero(pad, padding - 2); |