diff options
author | Colin Percival <cperciva@FreeBSD.org> | 2008-11-24 17:39:39 +0000 |
---|---|---|
committer | Colin Percival <cperciva@FreeBSD.org> | 2008-11-24 17:39:39 +0000 |
commit | 8c85a7fb78d9486ad7db6ce44dfa06449d931fd1 (patch) | |
tree | 1b3d5ad6747035a3af07a8c99d741712c3c52d07 /sys/dev/random | |
parent | 14443589665c67b40a37acc820b293c57cc165c2 (diff) | |
download | src-8c85a7fb78d9486ad7db6ce44dfa06449d931fd1.tar.gz src-8c85a7fb78d9486ad7db6ce44dfa06449d931fd1.zip |
Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom returns.
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-08:11.arc4random
Notes
Notes:
svn path=/head/; revision=185254
Diffstat (limited to 'sys/dev/random')
-rw-r--r-- | sys/dev/random/randomdev.c | 1 | ||||
-rw-r--r-- | sys/dev/random/randomdev_soft.c | 26 |
2 files changed, 24 insertions, 3 deletions
diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c index 7cc78e61e8c2..99c4ea6260de 100644 --- a/sys/dev/random/randomdev.c +++ b/sys/dev/random/randomdev.c @@ -90,6 +90,7 @@ random_close(struct cdev *dev __unused, int flags, int fmt __unused, && (securelevel_gt(td->td_ucred, 0) == 0)) { (*random_systat.reseed)(); random_systat.seeded = 1; + arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */ } return (0); diff --git a/sys/dev/random/randomdev_soft.c b/sys/dev/random/randomdev_soft.c index c03673a59081..dfe589ae643e 100644 --- a/sys/dev/random/randomdev_soft.c +++ b/sys/dev/random/randomdev_soft.c @@ -61,6 +61,7 @@ random_harvest_internal(u_int64_t, const void *, u_int, u_int, u_int, enum esource); static int random_yarrow_poll(int event,struct thread *td); static int random_yarrow_block(int flag); +static void random_yarrow_flush_reseed(void); struct random_systat random_yarrow = { .ident = "Software, Yarrow", @@ -70,7 +71,7 @@ struct random_systat random_yarrow = { .read = random_yarrow_read, .write = random_yarrow_write, .poll = random_yarrow_poll, - .reseed = random_yarrow_reseed, + .reseed = random_yarrow_flush_reseed, .seeded = 1, }; @@ -96,7 +97,7 @@ static struct entropyfifo emptyfifo; /* Harvested entropy */ static struct entropyfifo harvestfifo[ENTROPYSOURCE]; -/* <0 to end the kthread, 0 to let it run */ +/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */ static int random_kthread_control = 0; static struct proc *random_kthread_proc; @@ -241,7 +242,7 @@ random_kthread(void *arg __unused) local_count = 0; /* Process until told to stop */ - for (; random_kthread_control == 0;) { + for (; random_kthread_control >= 0;) { active = 0; @@ -276,6 +277,13 @@ random_kthread(void *arg __unused) KASSERT(local_count == 0, ("random_kthread: local_count %d", local_count)); + /* + * If a queue flush was commanded, it has now happened, + * and we can mark this by resetting the command. + */ + if (random_kthread_control == 1) + random_kthread_control = 0; + /* Found nothing, so don't belabour the issue */ if (!active) pause("-", hz / 10); @@ -400,3 +408,15 @@ random_yarrow_block(int flag) return error; } + +/* Helper routine to perform explicit reseeds */ +static void +random_yarrow_flush_reseed(void) +{ + /* Command a entropy queue flush and wait for it to finish */ + random_kthread_control = 1; + while (random_kthread_control) + pause("-", hz / 10); + + random_yarrow_reseed(); +} |