Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: src/sys
Module Name: src
Committed By: riastradh
Date: Thu May 7 19:05:51 UTC 2020
Modified Files:
src/sys/dev: random.c
src/sys/kern: kern_entropy.c
src/sys/sys: entropy.h
Log Message:
Consolidate entropy on RNDADDDATA and writes to /dev/random.
The man page for some time has advertised:
Writing to either /dev/random or /dev/urandom influences subsequent
output of both devices, guaranteed to take effect at next open.
So let's make that true again.
It is a conscious choice _not_ to consolidate entropy frequently.
For example, if you have a _slow_ HWRNG, which provides 32 bits of
entropy every few seconds, and you reveal a hash that to the
adversary before any more comes in, the adversary can in principle
just keep guessing the intermediate state by a brute force search
over ~2^32 possibilities.
To mitigate this, the kernel generally tries to avoid consolidating
entropy from the per-CPU pools until doing so would bring us from
zero entropy to full entropy.
However, there are various _possible_ sources of entropy which are
just hard to give honest estimates for that are valid on ~all
machines -- like interrupt timings. The time at which we read a seed
in, which usually happens via /etc/rc.d/random_seed early in
userland, is a reasonable time to gather this up. An operator or
system engineer who knows another opportune moment can always issue
`sysctl -w kern.entropy.consolidate=1'.
Prompted by a suggestion from nia@ to consolidate entropy at the
first transition to userland. I chose not to do that because it
would likely cause warning fatigue on systems that are perfectly fine
with a random seed -- doing it this way instead lets rndctl -L
trigger the consolidation automatically. A subsequent commit will
reorder the operations in rndctl again to make it work out better.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/sys/dev/random.c
cvs rdiff -u -r1.12 -r1.13 src/sys/kern/kern_entropy.c
cvs rdiff -u -r1.1 -r1.2 src/sys/sys/entropy.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index