[src/tls-earlyentropy]: src/sys/net Increase unpredictability of early output...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/tls-earlyentropy]: src/sys/net Increase unpredictability of early output...
From: tls <tls%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 02:20:19 +0000

details:   https://anonhg.NetBSD.org/src/rev/5c7add994f9e
branches:  tls-earlyentropy
changeset: 795265:5c7add994f9e
user:      tls <tls%NetBSD.org@localhost>
date:      Mon Apr 07 02:24:31 2014 +0000

description:
Increase unpredictability of early output: mix in the headers of the
first 100 Ethernet packets received by the system (if we are really
short of entropy, keep mixing them though we don't count any entropy from
them; such systems are particularly likely to have guessable outputs).

diffstat:

 sys/net/if_ethersubr.c |  11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diffs (46 lines):

diff -r 3dd895d768e3 -r 5c7add994f9e sys/net/if_ethersubr.c
--- a/sys/net/if_ethersubr.c    Mon Apr 07 02:20:00 2014 +0000
+++ b/sys/net/if_ethersubr.c    Mon Apr 07 02:24:31 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: if_ethersubr.c,v 1.196 2014/02/25 22:42:06 pooka Exp $ */
+/*     $NetBSD: if_ethersubr.c,v 1.196.2.1 2014/04/07 02:24:31 tls Exp $       */
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -61,7 +61,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.196 2014/02/25 22:42:06 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_ethersubr.c,v 1.196.2.1 2014/04/07 02:24:31 tls Exp $");
 
 #include "opt_inet.h"
 #include "opt_atalk.h"
@@ -91,6 +91,7 @@
 #include <sys/cpu.h>
 #include <sys/intr.h>
 #include <sys/device.h>
+#include <sys/rnd.h>
 
 #include <net/if.h>
 #include <net/netisr.h>
@@ -577,6 +578,7 @@
        uint16_t etype;
        struct ether_header *eh;
        size_t ehlen;
+       static int earlypkts;
 #if defined (LLC) || defined(NETATALK)
        struct llc *l;
 #endif
@@ -593,6 +595,11 @@
        etype = ntohs(eh->ether_type);
        ehlen = sizeof(*eh);
 
+       if(__predict_false(earlypkts < 100 || !rnd_initial_entropy)) {
+               rnd_add_data(NULL, eh, ehlen, 0);
+               earlypkts++;
+       }
+
        /*
         * Determine if the packet is within its size limits.
         */

Prev by Date: [src/tls-earlyentropy]: src/sys Get more entropy into the system early:
Next by Date: [src/tls-earlyentropy]: src/sbin/rndctl Update rndctl(8) to add the -v option...
Previous by Thread: [src/tls-earlyentropy]: src/sys Get more entropy into the system early:
Next by Thread: [src/tls-earlyentropy]: src/sbin/rndctl Update rndctl(8) to add the -v option...
Indexes:

Home | Main Index | Thread Index | Old Index