CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2020/02/27 09:52:44
Modified files:
sys/arch/amd64/amd64: cpu.c
sys/arch/i386/i386: cpu.c
Log message:
in rdrand() timeout, if the rdrand instruction fails to fetch entropy
(valid == 0) we can also inject that failure an entropic event, so xor
in that bit and proceed with submission.
the rdrand instruction can vmexit, so perform an additional rdtsc
afterwards measuring the vmexit latency (which due to caches is highly
unlikely to be constant), that's also worthwhile entropy to blend.
This works on the fundamental concept that the input-side of entropy
collection can accept bad or weak data. entropypool ^= weakdata is not
saturative or attackable, the entropy pool either remains as good or
becomes better.
ok djm jsg
