From owner-svn-src-all@freebsd.org  Fri Nov 22 20:56:55 2019
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 51B281C1599;
 Fri, 22 Nov 2019 20:56:55 +0000 (UTC)
 (envelope-from rpokala@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 47KTJ71VFdz4FNv;
 Fri, 22 Nov 2019 20:56:55 +0000 (UTC)
 (envelope-from rpokala@freebsd.org)
Received: from [172.17.133.228] (unknown [12.202.168.51])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 (Authenticated sender: rpokala)
 by smtp.freebsd.org (Postfix) with ESMTPSA id 8ABF115417;
 Fri, 22 Nov 2019 20:56:54 +0000 (UTC)
 (envelope-from rpokala@freebsd.org)
User-Agent: Microsoft-MacOutlook/10.1f.0.191110
Date: Fri, 22 Nov 2019 12:56:44 -0800
Subject: Re: svn commit: r355018 - in head/sys: dev/random sys
From: Ravi Pokala <rpokala@freebsd.org>
To: Conrad Meyer <cem@FreeBSD.org>, <src-committers@freebsd.org>,
 <svn-src-all@freebsd.org>, <svn-src-head@freebsd.org>
Message-ID: <85EFA1CD-5093-4588-9FA4-F704DA122674@panasas.com>
Thread-Topic: svn commit: r355018 - in head/sys: dev/random sys
References: <201911222020.xAMKKbE0017524@repo.freebsd.org>
In-Reply-To: <201911222020.xAMKKbE0017524@repo.freebsd.org>
Mime-version: 1.0
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: quoted-printable
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2019 20:56:55 -0000

Hi Conrad,

The original code did

    explicit_bzero(data, size);

which appears to have been lost in this change. Is that intentional? If so,=
 why is that okay?

Thanks,

Ravi (rpokala@)

=EF=BB=BF-----Original Message-----
From: <owner-src-committers@freebsd.org> on behalf of Conrad Meyer <cem@Fre=
eBSD.org>
Date: 2019-11-22, Friday at 12:20
To: <src-committers@freebsd.org>, <svn-src-all@freebsd.org>, <svn-src-head@=
freebsd.org>
Subject: svn commit: r355018 - in head/sys: dev/random sys

    Author: cem
    Date: Fri Nov 22 20:20:37 2019
    New Revision: 355018
    URL: https://svnweb.freebsd.org/changeset/base/355018
   =20
    Log:
      random(4): Abstract loader entropy injection
     =20
      Break random_harvestq_prime up into some logical subroutines.  The go=
al
      is that it becomes easier to add other early entropy sources.
     =20
      While here, drop pre-12.0 compatibility logic.  loader default config=
uration
      should preload the file as expeced since 12.0.
     =20
      Approved by:	csprng(delphij, markm)
      Differential Revision:	https://reviews.freebsd.org/D22482
   =20
    Modified:
      head/sys/dev/random/random_harvestq.c
      head/sys/sys/random.h
   =20
    Modified: head/sys/dev/random/random_harvestq.c
    =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D
    --- head/sys/dev/random/random_harvestq.c	Fri Nov 22 20:18:07 2019	(r35=
5017)
    +++ head/sys/dev/random/random_harvestq.c	Fri Nov 22 20:20:37 2019	(r35=
5018)
    @@ -402,6 +402,57 @@ random_harvestq_init(void *unused __unused)
     SYSINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_SECOND, random_h=
arvestq_init, NULL);
    =20
     /*
    + * Subroutine to slice up a contiguous chunk of 'entropy' and feed it =
into the
    + * underlying algorithm.  Returns number of bytes actually fed into un=
derlying
    + * algorithm.
    + */
    +static size_t
    +random_early_prime(char *entropy, size_t len)
    +{
    +	struct harvest_event event;
    +	size_t i;
    +
    +	len =3D rounddown(len, sizeof(event.he_entropy));
    +	if (len =3D=3D 0)
    +		return (0);
    +
    +	for (i =3D 0; i < len; i +=3D sizeof(event.he_entropy)) {
    +		event.he_somecounter =3D (uint32_t)get_cyclecount();
    +		event.he_size =3D sizeof(event.he_entropy);
    +		event.he_source =3D RANDOM_CACHED;
    +		event.he_destination =3D
    +		    harvest_context.hc_destination[RANDOM_CACHED]++;
    +		memcpy(event.he_entropy, entropy + i, sizeof(event.he_entropy));
    +		random_harvestq_fast_process_event(&event);
    +	}
    +	explicit_bzero(entropy, len);
    +	return (len);
    +}
    +
    +/*
    + * Subroutine to search for known loader-loaded files in memory and fe=
ed them
    + * into the underlying algorithm early in boot.  Returns the number of=
 bytes
    + * loaded (zero if none were loaded).
    + */
    +static size_t
    +random_prime_loader_file(const char *type)
    +{
    +	uint8_t *keyfile, *data;
    +	size_t size;
    +
    +	keyfile =3D preload_search_by_type(type);
    +	if (keyfile =3D=3D NULL)
    +		return (0);
    +
    +	data =3D preload_fetch_addr(keyfile);
    +	size =3D preload_fetch_size(keyfile);
    +	if (data =3D=3D NULL)
    +		return (0);
    +
    +	return (random_early_prime(data, size));
    +}
    +
    +/*
      * This is used to prime the RNG by grabbing any early random stuff
      * known to the kernel, and inserting it directly into the hashing
      * module, currently Fortuna.
    @@ -410,41 +461,19 @@ SYSINIT(random_device_h_init, SI_SUB_RANDOM, SI_O=
RDER_
     static void
     random_harvestq_prime(void *unused __unused)
     {
    -	struct harvest_event event;
    -	size_t count, size, i;
    -	uint8_t *keyfile, *data;
    +	size_t size;
    =20
     	/*
     	 * Get entropy that may have been preloaded by loader(8)
     	 * and use it to pre-charge the entropy harvest queue.
     	 */
    -	keyfile =3D preload_search_by_type(RANDOM_CACHED_BOOT_ENTROPY_MODULE);
    -#ifndef NO_BACKWARD_COMPATIBILITY
    -	if (keyfile =3D=3D NULL)
    -	    keyfile =3D preload_search_by_type(RANDOM_LEGACY_BOOT_ENTROPY_MODUL=
E);
    -#endif
    -	if (keyfile !=3D NULL) {
    -		data =3D preload_fetch_addr(keyfile);
    -		size =3D preload_fetch_size(keyfile);
    -		/* Trim the size. If the admin has a file with a funny size, we lose=
 some. Tough. */
    -		size -=3D (size % sizeof(event.he_entropy));
    -		if (data !=3D NULL && size !=3D 0) {
    -			for (i =3D 0; i < size; i +=3D sizeof(event.he_entropy)) {
    -				count =3D sizeof(event.he_entropy);
    -				event.he_somecounter =3D (uint32_t)get_cyclecount();
    -				event.he_size =3D count;
    -				event.he_source =3D RANDOM_CACHED;
    -				event.he_destination =3D
    -				    harvest_context.hc_destination[RANDOM_CACHED]++;
    -				memcpy(event.he_entropy, data + i, sizeof(event.he_entropy));
    -				random_harvestq_fast_process_event(&event);
    -			}
    -			explicit_bzero(data, size);
    -			if (bootverbose)
    -				printf("random: read %zu bytes from preloaded cache\n", size);
    -		} else
    -			if (bootverbose)
    -				printf("random: no preloaded entropy cache\n");
    +	size =3D random_prime_loader_file(RANDOM_CACHED_BOOT_ENTROPY_MODULE);
    +	if (bootverbose) {
    +		if (size > 0)
    +			printf("random: read %zu bytes from preloaded cache\n",
    +			    size);
    +		else
    +			printf("random: no preloaded entropy cache\n");
     	}
     }
     SYSINIT(random_device_prime, SI_SUB_RANDOM, SI_ORDER_MIDDLE, random_ha=
rvestq_prime, NULL);
   =20
    Modified: head/sys/sys/random.h
    =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D
    --- head/sys/sys/random.h	Fri Nov 22 20:18:07 2019	(r355017)
    +++ head/sys/sys/random.h	Fri Nov 22 20:20:37 2019	(r355018)
    @@ -81,7 +81,6 @@ enum random_entropy_source {
     _Static_assert(ENTROPYSOURCE <=3D 32,
         "hardcoded assumption that values fit in a typical word-sized bits=
et");
    =20
    -#define RANDOM_LEGACY_BOOT_ENTROPY_MODULE	"/boot/entropy"
     #define RANDOM_CACHED_BOOT_ENTROPY_MODULE	"boot_entropy_cache"
    =20
     extern u_int hc_source_mask;
   =20