Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/kern Don't reject seed file entropy estimates, until one...



details:   https://anonhg.NetBSD.org/src/rev/60c8e263a28b
branches:  trunk
changeset: 1009888:60c8e263a28b
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Wed May 06 18:31:05 2020 +0000

description:
Don't reject seed file entropy estimates, until one is nonzero.

We try to avoid counting the seed file's entropy twice, e.g. once
from the boot loader and once from rndctl via /etc/rc.d/random_seed.

But previously, if you had a /var/db/entropy-file that was deemed to
have zero entropy, that would prevent rndctl -L from _ever_ setting a
nonzero entropy estimate, even if you (say) copy a seed file over
from another machine (over a non-eavesdroppable medium) and try to
load it in with rndctl -L, e.g. via `/etc/rc.d/random_seed start'.

Now we accept the first _nonzero_ entropy estimate from a seed file.

The operator can still always trick the kernel into believing there's
entropy in the system by writing data to /dev/random, if the operator
knows something the kernel doesn't; this only affects the _automated_
seed file loading.

diffstat:

 sys/kern/kern_entropy.c |  11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diffs (46 lines):

diff -r cedcfe9f34bd -r 60c8e263a28b sys/kern/kern_entropy.c
--- a/sys/kern/kern_entropy.c   Wed May 06 18:15:40 2020 +0000
+++ b/sys/kern/kern_entropy.c   Wed May 06 18:31:05 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_entropy.c,v 1.10 2020/05/05 15:31:42 riastradh Exp $      */
+/*     $NetBSD: kern_entropy.c,v 1.11 2020/05/06 18:31:05 riastradh Exp $      */
 
 /*-
  * Copyright (c) 2019 The NetBSD Foundation, Inc.
@@ -77,7 +77,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.10 2020/05/05 15:31:42 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_entropy.c,v 1.11 2020/05/06 18:31:05 riastradh Exp $");
 
 #include <sys/param.h>
 #include <sys/types.h>
@@ -550,7 +550,7 @@
        if (E->stage >= ENTROPY_WARM)
                mutex_enter(&E->lock);
        seeded = E->seeded;
-       E->seeded = true;
+       E->seeded = (seed->entropy > 0);
        if (E->stage >= ENTROPY_WARM)
                mutex_exit(&E->lock);
 
@@ -563,7 +563,8 @@
                printf("entropy: double-seeded by bootloader\n");
                seed->entropy = 0;
        } else {
-               printf("entropy: entering seed from bootloader\n");
+               printf("entropy: entering seed from bootloader"
+                   " with %u bits of entropy\n", (unsigned)seed->entropy);
        }
 
        /* Enter it into the pool and promptly zero it.  */
@@ -2197,7 +2198,7 @@
                 * load a seed from disk that we have already loaded
                 * from the bootloader, so we don't double-count it.
                 */
-               if (privileged) {
+               if (privileged && rdata->entropy && rdata->len) {
                        mutex_enter(&E->lock);
                        if (!E->seeded) {
                                entropybits = MIN(rdata->entropy,



Home | Main Index | Thread Index | Old Index