Attempt to mitigate poor initialization of arc4 by one-shot

reinitialization from yarrow right after good entropy is harvested.

Approved by:    secteam (delphij)
MFC after:      1 week

sys/dev/random/randomdev_soft.c

@@ -367,6 +367,8 @@ random_yarrow_unblock(void)
 		selwakeuppri(&random_systat.rsel, PUSER);
 		wakeup(&random_systat);
 	}
+	(void)atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_NONE,
+	    ARC4_ENTR_HAVE);
 }
 
 static int

sys/libkern/arc4random.c

@@ -24,6 +24,8 @@ __FBSDID("$FreeBSD$");
 #define	ARC4_RESEED_SECONDS 300
 #define	ARC4_KEYBYTES (256 / 8)
 
+int arc4rand_iniseed_state = ARC4_ENTR_NONE;
+
 static u_int8_t arc4_i, arc4_j;
 static int arc4_numruns = 0;
 static u_int8_t arc4_sbox[256];
@@ -130,7 +132,8 @@ arc4rand(void *ptr, u_int len, int reseed)
 	struct timeval tv;
 
 	getmicrouptime(&tv);
-	if (reseed || 
+	if (atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_HAVE,
+	    ARC4_ENTR_SEED) || reseed ||
 	   (arc4_numruns > ARC4_RESEED_BYTES) ||
 	   (tv.tv_sec > arc4_t_reseed))
 		arc4_randomstir();

sys/sys/libkern.h

@@ -70,6 +70,11 @@ static __inline int abs(int a) { return (a < 0 ? -a : a); }
 static __inline long labs(long a) { return (a < 0 ? -a : a); }
 static __inline quad_t qabs(quad_t a) { return (a < 0 ? -a : a); }
 
+#define	ARC4_ENTR_NONE	0	/* Don't have entropy yet. */
+#define	ARC4_ENTR_HAVE	1	/* Have entropy. */
+#define	ARC4_ENTR_SEED	2	/* Reseeding. */
+extern int arc4rand_iniseed_state;
+
 /* Prototypes for non-quad routines. */
 struct malloc_type;
 uint32_t arc4random(void);