From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <adhemerval.zanella@linaro.org>
Received: from mail-oa1-x2e.google.com (mail-oa1-x2e.google.com
 [IPv6:2001:4860:4864:20::2e])
 by sourceware.org (Postfix) with ESMTPS id EC0343858D28
 for <libc-alpha@sourceware.org>; Mon, 25 Apr 2022 12:36:52 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EC0343858D28
Received: by mail-oa1-x2e.google.com with SMTP id
 586e51a60fabf-deb9295679so15859446fac.6
 for <libc-alpha@sourceware.org>; Mon, 25 Apr 2022 05:36:52 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
 :content-language:to:references:from:in-reply-to
 :content-transfer-encoding;
 bh=KZ/QldLdv9USCeyUC7CRlVh5jykR99TIjt/JEIevNyM=;
 b=NycGsvhFHU7V2jWkTIWbn9ARbkvFV57v7sg6UVOhgPJ4kpTlBIS4KGDVC4rwlPNAxY
 70cXsmfS30KLtsk3v6iVFvmxaGFQ2eRqE3e0iz/P6W3xZ2gTQmv6YmyrX6eemweInPjZ
 YZ85seYRpvu2vPNDLLy+9YC2vWCRr0TDMxS7775Xp2j6lLLKMjXksZTRbjK/5WLq8cEE
 YpyPhok9m+A/WHMGqkFA5iyUAWTDyR+O2Ga2CYxpwn7Al6M1UW6YFIlJp7p6o0L+nDsc
 5QAyvECI1CksIzlQKEhcj32j9egsPY6k6FneSfZnsLFqrtym9exc3b6awpNOvhV6lRG6
 aJ3g==
X-Gm-Message-State: AOAM530d6+gHA5XScKj1H6DuWTNRiokzfmSQKWcanGJcO1qonJPBrmkF
 2G28lIIxttF7Uo5pdVUMjJw/sA==
X-Google-Smtp-Source: ABdhPJxySvB4biON+MNuRxp4zWL7b5Wr/ZLqNTMQzRN7UPPBuG7p0T9WsHX3sHsAw5ZFPKcfdmdpqA==
X-Received: by 2002:a05:6870:e408:b0:e9:2216:b4eb with SMTP id
 n8-20020a056870e40800b000e92216b4ebmr3193715oag.99.1650890212159; 
 Mon, 25 Apr 2022 05:36:52 -0700 (PDT)
Received: from ?IPV6:2804:431:c7ca:4214:b4dd:3339:98d6:1ec0?
 ([2804:431:c7ca:4214:b4dd:3339:98d6:1ec0])
 by smtp.gmail.com with ESMTPSA id
 s2-20020a05683004c200b0060558c5c2dbsm3714725otd.7.2022.04.25.05.36.50
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 25 Apr 2022 05:36:51 -0700 (PDT)
Message-ID: <c34d4256-076a-8eba-0819-764606488309@linaro.org>
Date: Mon, 25 Apr 2022 09:36:49 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.8.1
Subject: Re: [PATCH v3 9/9] stdlib: Add TLS optimization to arc4random
Content-Language: en-US
To: Yann Droneaud <ydroneaud@opteya.com>, libc-alpha@sourceware.org
References: <20220419212812.2688764-1-adhemerval.zanella@linaro.org>
 <20220419212812.2688764-10-adhemerval.zanella@linaro.org>
 <a2a232e8-c536-c5e2-a5fd-829197f3ea2c@opteya.com>
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
In-Reply-To: <a2a232e8-c536-c5e2-a5fd-829197f3ea2c@opteya.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2022 12:36:58 -0000



On 22/04/2022 13:02, Yann Droneaud wrote:
> Le 19/04/2022 à 23:28, Adhemerval Zanella via Libc-alpha a écrit :
>> The arc4random state is moved to TCB, so there is no allocation
>> failure.  It adds about 592 bytes struct pthread.
> 
> +to struct pthread ?

Ack.


>> +/* Reinit the thread context by reseeding the cipher state with kernel
>> +   entropy.  */
>> +static struct arc4random_state *
>> +arc4random_check_stir (size_t len)
>>  {
>> -  uint8_t rnd[CHACHA20_KEY_SIZE + CHACHA20_IV_SIZE];
>> -  arc4random_getentropy (rnd, sizeof rnd);
>> +  struct arc4random_state *state = &__glibc_tls_internal()->rnd_state;
>>  
>> -  if (state == NULL)
>> -    arc4random_init (rnd, sizeof rnd);
>> -  else
>> -    arc4random_rekey (rnd, sizeof rnd);
>> +  if (state->count < len || state->count == -1)
>> +    {
>> +      uint8_t rnd[CHACHA20_KEY_SIZE + CHACHA20_IV_SIZE];
>> +      arc4random_getentropy (rnd, sizeof rnd);
>>  
>> -  explicit_bzero (rnd, sizeof rnd);
>> +      if (state->count > CHACHE_RESEED_SIZE)
>> +	chacha20_init (state->ctx, rnd, rnd + CHACHA20_KEY_SIZE);
> 
> for case state->count == -1, chacha20_init() should be called (first) instead of arc4random_rekey()
> as chacha20 context is not setup and the buffer contains no keystream yet 
> 
>     if (state->count == -1)
>         chacha20_init (state->ctx, rnd, rnd + CHACHA20_KEY_SIZE);
> 
> 

Indeed, I forgot to change it. 


>>  static inline struct tls_internal_t *
>>  __glibc_tls_internal (void)
>>  {
>> @@ -31,8 +44,18 @@ __glibc_tls_internal (void)
>>  static inline void
>>  __glibc_tls_internal_free (void)
>>  {
>> -  free (THREAD_SELF->tls_state.strsignal_buf);
>> -  free (THREAD_SELF->tls_state.strerror_l_buf);
>> +  struct pthread *self = THREAD_SELF;
>> +  free (self->tls_state.strsignal_buf);
>> +  free (self->tls_state.strerror_l_buf);
>> +  if (self->tls_state.rnd_state.count != -1)
>> +    {
>> +      /* Clear any lingering random state prior so if the thread stack
>> +	 is cached it won't leak any data.  */
>> +      memset (&self->tls_state.rnd_state, 0,
>> +	      sizeof self->tls_state.rnd_state);
>> +      /* Force key init on created threads.  */
>> +      self->tls_state.rnd_state.count = -1;
> 
> setting to -1 is probably not needed, as it will be set by the init function.

Indeed, I removed it.