Module Name: src
Committed By: riz
Date: Wed Oct 17 21:27:12 UTC 2012
Modified Files:
src/sys/kern [netbsd-6]: kern_rndq.c subr_cprng.c
src/sys/sys [netbsd-6]: rnd.h
Log Message:
Pull up following revision(s) (requested by tls in ticket #558):
sys/sys/rnd.h: revision 1.33
sys/kern/subr_cprng.c: revision 1.10
sys/kern/kern_rndq.c: revision 1.4
sys/kern/subr_cprng.c: revision 1.11
sys/kern/kern_rndq.c: revision 1.5
Try to help embedded systems a _little_ bit: stir in the system boot time
as early as possible. On systems with no cycle counter (or very very
predictable cycle counts early in boot) at least this will cause some
difference across boots.
Don't wait until the pool *fills* to rekey anything that was keyed with
insufficient entropy at boot: key it as soon as it makes any request after
we hit the minimum entropy threshold.
This too should help avoid predictable output at boot time.
Fix kern/46911: note that we rekeyed the cprng so we don't keep doing so.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.2 -r1.1.2.3 src/sys/kern/kern_rndq.c
cvs rdiff -u -r1.5.2.3 -r1.5.2.4 src/sys/kern/subr_cprng.c
cvs rdiff -u -r1.29.2.2 -r1.29.2.3 src/sys/sys/rnd.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_rndq.c
diff -u src/sys/kern/kern_rndq.c:1.1.2.2 src/sys/kern/kern_rndq.c:1.1.2.3
--- src/sys/kern/kern_rndq.c:1.1.2.2 Fri Apr 20 23:35:20 2012
+++ src/sys/kern/kern_rndq.c Wed Oct 17 21:27:12 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_rndq.c,v 1.1.2.2 2012/04/20 23:35:20 riz Exp $ */
+/* $NetBSD: kern_rndq.c,v 1.1.2.3 2012/10/17 21:27:12 riz Exp $ */
/*-
* Copyright (c) 1997-2011 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.1.2.2 2012/04/20 23:35:20 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.1.2.3 2012/10/17 21:27:12 riz Exp $");
#include <sys/param.h>
#include <sys/ioctl.h>
@@ -168,7 +168,7 @@ static void rnd_add_data_ts(krndso
uint32_t, uint32_t, uint32_t);
int rnd_ready = 0;
-static int rnd_have_entropy = 0;
+int rnd_initial_entropy = 0;
#ifdef DIAGNOSTIC
static int rnd_tested = 0;
@@ -255,11 +255,11 @@ rnd_wakeup_readers(void)
*/
if (rndpool_get_entropy_count(&rnd_pool) > RND_ENTROPY_THRESHOLD * 8) {
#ifdef RND_VERBOSE
- if (!rnd_have_entropy)
+ if (!rnd_initial_entropy)
printf("rnd: have initial entropy (%u)\n",
rndpool_get_entropy_count(&rnd_pool));
#endif
- rnd_have_entropy = 1;
+ rnd_initial_entropy = 1;
mutex_spin_exit(&rndpool_mtx);
} else {
mutex_spin_exit(&rndpool_mtx);
@@ -447,7 +447,7 @@ rnd_init(void)
RND_POOLBITS / 2));
if (rndpool_get_entropy_count(&rnd_pool) >
RND_ENTROPY_THRESHOLD * 8) {
- rnd_have_entropy = 1;
+ rnd_initial_entropy = 1;
}
mutex_spin_exit(&rndpool_mtx);
#ifdef RND_VERBOSE
@@ -904,9 +904,17 @@ rnd_timeout(void *arg)
u_int32_t
rnd_extract_data_locked(void *p, u_int32_t len, u_int32_t flags)
{
+ static int timed_in;
KASSERT(mutex_owned(&rndpool_mtx));
- if (!rnd_have_entropy) {
+ if (__predict_false(!timed_in)) {
+ if (boottime.tv_sec) {
+ rndpool_add_data(&rnd_pool, &boottime,
+ sizeof(boottime), 0);
+ }
+ timed_in++;
+ }
+ if (__predict_false(!rnd_initial_entropy)) {
u_int32_t c;
#ifdef RND_VERBOSE
Index: src/sys/kern/subr_cprng.c
diff -u src/sys/kern/subr_cprng.c:1.5.2.3 src/sys/kern/subr_cprng.c:1.5.2.4
--- src/sys/kern/subr_cprng.c:1.5.2.3 Mon May 21 16:49:54 2012
+++ src/sys/kern/subr_cprng.c Wed Oct 17 21:27:12 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_cprng.c,v 1.5.2.3 2012/05/21 16:49:54 jdc Exp $ */
+/* $NetBSD: subr_cprng.c,v 1.5.2.4 2012/10/17 21:27:12 riz Exp $ */
/*-
* Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -46,7 +46,7 @@
#include <sys/cprng.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.5.2.3 2012/05/21 16:49:54 jdc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.5.2.4 2012/10/17 21:27:12 riz Exp $");
void
cprng_init(void)
@@ -171,7 +171,7 @@ cprng_strong_create(const char *const na
c->reseed.state = RSTATE_IDLE;
c->reseed.cb = cprng_strong_reseed;
c->reseed.arg = c;
- c->entropy_serial = rnd_filled;
+ c->entropy_serial = rnd_initial_entropy ? rnd_filled : -1;
mutex_init(&c->reseed.mtx, MUTEX_DEFAULT, IPL_VM);
strlcpy(c->reseed.name, name, sizeof(c->reseed.name));
@@ -228,8 +228,15 @@ cprng_strong(cprng_strong_t *const c, vo
}
mutex_enter(&c->mtx);
+ /* If we were initialized with the pool empty, rekey ASAP */
+ if (__predict_false(c->entropy_serial == -1) && rnd_initial_entropy) {
+ c->entropy_serial = 0;
+ goto rekeyany; /* We have _some_ entropy, use it. */
+ }
+
if (nist_ctr_drbg_generate(&c->drbg, p, len, &cc, sizeof(cc))) {
/* A generator failure really means we hit the hard limit. */
+rekeyany:
if (c->flags & CPRNG_REKEY_ANY) {
uint8_t key[NIST_BLOCK_KEYLEN_BYTES];
Index: src/sys/sys/rnd.h
diff -u src/sys/sys/rnd.h:1.29.2.2 src/sys/sys/rnd.h:1.29.2.3
--- src/sys/sys/rnd.h:1.29.2.2 Fri Apr 20 23:35:20 2012
+++ src/sys/sys/rnd.h Wed Oct 17 21:27:12 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: rnd.h,v 1.29.2.2 2012/04/20 23:35:20 riz Exp $ */
+/* $NetBSD: rnd.h,v 1.29.2.3 2012/10/17 21:27:12 riz Exp $ */
/*-
* Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -187,6 +187,7 @@ rnd_add_uint32(krndsource_t *kr, uint32_
extern int rnd_full;
extern int rnd_filled;
+extern int rnd_initial_entropy;
#endif /* _KERNEL */
