From nobody Tue Sep 30 15:23:46 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cbhfV3zNLz69DXQ; Tue, 30 Sep 2025 15:23:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cbhfV1v3Lz3LqB; Tue, 30 Sep 2025 15:23:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1759245826; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2OKHWMHrpZdE/2okfh7DLZUCg5bPS7AsV9V3V2w+OyM=; b=eI/dpmVJCJkxWznG0+oxPnkmwLe3G2hK/XurONCq7XNwA02bCfQi77DP8oiBJFaWIgvEza R8xDZREAkqkIU5JaGjUqBP1MKOABvfNBgeSW4xLuOdcak0BcvrwXWPWPyW806D1WvUPswQ ank89M/vFW06GVwSDkd/ubmHnI6cYdHerDVQ1Uz+c7kmxLCiMDQZDMOYnynie6cq7AgkW2 3XXQ+o3Igxti9yif0nZyNtuTggLpg+rkI53Wu/OMYY/PXT9H7FLDsYqEWrH+eOZXnl2gZr aIzuardSzh8QQbvk+HA6wlUGZu4EngUZFdbNTYkyzjE2zXuJuSDx3RPShlbhiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1759245826; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2OKHWMHrpZdE/2okfh7DLZUCg5bPS7AsV9V3V2w+OyM=; b=k+u/k5gsDrSo+GFFDENGxj0ofRfioC7erWL18Mq6LuOZoZ2H+D5pucutThNh6pw0JpEa9z WypMDx0P02arhQHmSsJvCPmLnc5XsACqxltSAN+8uhS5v9fZH39a+p3k0aVsLiVjfVAX/X X+wwxchG5Y+7Tz5ZHcfAYRrzjKVY7zOUVZEfB3UOQSwfrOPej0lzkLJ6wytEbtxXlNg35z Yr5kB3aKQMRTgbS23HHLSfnb5Hhp9g+YUdM3cZhT+lCGlMMg9TdZTYYGEcRgDxmBznbidm F4Juk03xrx8cveDzsiKez4KhxvHWtmgQFb8UJ9wLWbpIsnptOYQdDZ1e2duYQg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1759245826; a=rsa-sha256; cv=none; b=D57LL2ftHy7uxpUpvVlrkb3K6hND/scXqRbloiMe3o7f+3/a6Fft6FW0DPbVti+G8IoL1J 21EwunaRVZdV8wVxO0cNeBoovqC6/0DFrJk0fr2vnjD/mCdagqdAuvypGtthAtu0G0j8K6 AxjFFKyx+ucUodwh2tsaFLgzkEQAyS9uje4RfYyQGS4s0qbeCFXvXYBcGzkDnCt0sGxuFX cbqzl0tCpAmcw/qKu+nstjY7GCTWphIoTmV2tWUIICcK0RhizH5vbxPwl/ttV+EzzC6WBP nxyfQRVsuXyh/2JavGgQZoXqirzuxpVkby14OQNz/yjgEra2e5QnlQ6xKDmj9g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cbhfV166Lzj06; Tue, 30 Sep 2025 15:23:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58UFNk5K045944; Tue, 30 Sep 2025 15:23:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58UFNkIW045941; Tue, 30 Sep 2025 15:23:46 GMT (envelope-from git) Date: Tue, 30 Sep 2025 15:23:46 GMT Message-Id: <202509301523.58UFNkIW045941@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: b466df5ae9f8 - stable/15 - random: Allow pure entropy sources to provide a min-entropy estimate List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: b466df5ae9f81a5cf846cdbbff72e60c9bbd3827 Auto-Submitted: auto-generated The branch stable/15 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b466df5ae9f81a5cf846cdbbff72e60c9bbd3827 commit b466df5ae9f81a5cf846cdbbff72e60c9bbd3827 Author: Mark Johnston AuthorDate: 2025-09-08 14:45:23 +0000 Commit: Mark Johnston CommitDate: 2025-09-30 09:43:08 +0000 random: Allow pure entropy sources to provide a min-entropy estimate The current implementation of the NIST health tests assumes a min-entropy estimate of one bit per sample, which is quite conservative. For so-called "pure" sources (e.g., virtio-random, TPM) it might be nice to support larger estimates so that the tests catch failed devices more quickly. Thus: - let each pure random source provide an estimate, so that downstreams or driver implementors can override defaults if they want to; - increase the default estimate for pure sources; - for pure sources initialize the state machine at source registration time. Reviewed by: cem MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D52232 (cherry picked from commit f865264f6a5eba4025c0f6284a48f383717fd74e) --- sys/dev/random/random_harvestq.c | 21 +++++++++++++++++---- sys/dev/random/randomdev.h | 1 + 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c index 6d1f9daf649b..c308f6f80d59 100644 --- a/sys/dev/random/random_harvestq.c +++ b/sys/dev/random/random_harvestq.c @@ -478,6 +478,7 @@ random_healthtest_init(enum random_entropy_source source, int min_entropy) struct health_test_softc *ht; ht = &healthtest[source]; + memset(ht, 0, sizeof(*ht)); KASSERT(ht->ht_state == INIT, ("%s: health test state is %d for source %d", __func__, ht->ht_state, source)); @@ -532,12 +533,22 @@ random_healthtest_init(enum random_entropy_source source, int min_entropy) }; const int error_rate = 34; - if (min_entropy == 0) - min_entropy = 1; - else if (min_entropy < 0 || min_entropy >= nitems(apt_cutoffs)) { + if (min_entropy == 0) { + /* + * For environmental sources, the main source of entropy is the + * associated timecounter value. Since these sources can be + * influenced by unprivileged users, we conservatively use a + * min-entropy estimate of 1 bit per sample. For "pure" + * sources, we assume 8 bits per sample, as such sources provide + * a variable amount of data per read and in particular might + * only provide a single byte at a time. + */ + min_entropy = source >= RANDOM_PURE_START ? 8 : 1; + } else if (min_entropy < 0 || min_entropy >= nitems(apt_cutoffs)) { panic("invalid min_entropy %d for %s", min_entropy, random_source_descr[source]); } + ht->ht_rct_limit = 1 + howmany(error_rate, min_entropy); ht->ht_apt_cutoff = apt_cutoffs[min_entropy]; } @@ -707,7 +718,7 @@ random_harvestq_init(void *unused __unused) RANDOM_HARVEST_INIT_LOCK(); harvest_context.hc_active_buf = 0; - for (int i = 0; i < ENTROPYSOURCE; i++) + for (int i = RANDOM_START; i <= RANDOM_ENVIRONMENTAL_END; i++) random_healthtest_init(i, 0); } SYSINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_THIRD, random_harvestq_init, NULL); @@ -901,6 +912,8 @@ random_source_register(const struct random_source *rsource) printf("random: registering fast source %s\n", rsource->rs_ident); + random_healthtest_init(rsource->rs_source, rsource->rs_min_entropy); + RANDOM_HARVEST_LOCK(); hc_source_mask |= (1 << rsource->rs_source); CK_LIST_INSERT_HEAD(&source_list, rrs, rrs_entries); diff --git a/sys/dev/random/randomdev.h b/sys/dev/random/randomdev.h index 0fa92f8c9575..a6ca66c7d92e 100644 --- a/sys/dev/random/randomdev.h +++ b/sys/dev/random/randomdev.h @@ -103,6 +103,7 @@ struct random_source { const char *rs_ident; enum random_entropy_source rs_source; random_source_read_t *rs_read; + int rs_min_entropy; }; void random_source_register(const struct random_source *);