Date: Mon, 13 May 2019 07:55:01 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 237869] is_random_seeded should perform pre_read for unseeded case Message-ID: <bug-237869-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237869 Bug ID: 237869 Summary: is_random_seeded should perform pre_read for unseeded case Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: delphij@FreeBSD.org I noticed the following on a recent -CURRENT amd64 system, this message on boot: arc4random: WARNING: initial seeding bypassed the cryptographic random devi= ce because it was not yet seeded and the knob 'bypass_before_seeding' was enab= led. Despite /boot/entropy is preloaded. It looks like it was related to r34635= 8. On my system, the call path is roughly: vnet_domain_init_inet_vnet_init -> arc4random() At the time, the entropy device have already seen /boot/entropy through random_harvestq_prime(), however, because nobody have read from entropy dev= ice, the pre_read method was never called, therefore the device would report its= elf as unseeded, even though it already have enough entropy to proceed. (By the way, r346292 should be reverted now that r346358 is landed). It looks like is_random_seeded should do something like: if (__predict_false(!p_random_alg_context->ra_seeded())) { p_random_alg_context->ra_pre_read(); return (p_random_alg_context->ra_seeded()); } return (true); Instead of its current form. Note that random_infra.c needs similar treatment as well; the current form = is broken by the way. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237869-227>