From owner-svn-src-all@FreeBSD.ORG Sun Nov 2 09:45:18 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B33D9327; Sun, 2 Nov 2014 09:45:18 +0000 (UTC) Received: from gromit.grondar.org (grandfather.grondar.org [IPv6:2a01:348:0:15:5d59:5c20:0:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7B3BEF9E; Sun, 2 Nov 2014 09:45:18 +0000 (UTC) Received: from [2001:470:9174:1:407c:4bb6:6af1:63e2] by gromit.grondar.org with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84 (FreeBSD)) (envelope-from ) id 1Xkrim-000GKd-JV; Sun, 02 Nov 2014 09:45:17 +0000 Subject: Re: svn commit: r273958 - head/sys/dev/random Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\)) Content-Type: text/plain; charset=utf-8 From: Mark R V Murray In-Reply-To: <201411020201.sA221unt091493@svn.freebsd.org> Date: Sun, 2 Nov 2014 09:45:15 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <720EB74E-094A-43F3-8B1C-47BC7F6FECC3@grondar.org> References: <201411020201.sA221unt091493@svn.freebsd.org> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= X-Mailer: Apple Mail (2.1990.1) X-SA-Score: -1.0 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Nov 2014 09:45:18 -0000 Hi DES, I=E2=80=99m scared witless of this being on-by-default, for the reason = given in the removed comment. I=E2=80=99d much prefer to see it only = turned on if a kernel option is set, and the embedded folks /et al/ can = use that. Please reinstate the #ifdef RANDOM_AUTOSEED, and set a kernel option to = turn it on. Please also leave the comment; summarily turning on an = unprepared generator is not going to be obvious to anyone but an = attacker. Moving the point of the auto-firstseed to where is good, thanks. M > On 2 Nov 2014, at 02:01, Dag-Erling Sm=C3=B8rgrav = wrote: >=20 > Author: des > Date: Sun Nov 2 02:01:55 2014 > New Revision: 273958 > URL: https://svnweb.freebsd.org/changeset/base/273958 >=20 > Log: > Restore the auto-reseed logic, but move it to a much later point, > immediately before kick_init. >=20 > Approved by: so (self) >=20 > Modified: > head/sys/dev/random/random_adaptors.c > head/sys/dev/random/yarrow.c >=20 > Modified: head/sys/dev/random/random_adaptors.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/dev/random/random_adaptors.c Sun Nov 2 01:47:27 2014 = (r273957) > +++ head/sys/dev/random/random_adaptors.c Sun Nov 2 02:01:55 2014 = (r273958) > @@ -447,30 +447,8 @@ random_adaptors_deinit(void) > } >=20 > /* > - * First seed. > - * > - * NB! NB! NB! > - * NB! NB! NB! > - * > - * It turns out this is bloody dangerous. I was fiddling with code = elsewhere > - * and managed to get conditions where a safe (i.e. seeded) entropy = device should > - * not have been possible. This managed to hide that by unblocking = the device anyway. > - * As crap randomness is not directly distinguishable from good = randomness, this > - * could have gone unnoticed for quite a while. > - * > - * NB! NB! NB! > - * NB! NB! NB! > - * > - * Very luckily, the probe-time entropy is very nearly good enough to = cause a > - * first seed all of the time, and the default settings for other = entropy > - * harvesting causes a proper, safe, first seed (unblock) in short = order after that. > - * > - * That said, the below would be useful where folks are more = concerned with > - * a quick start than with extra paranoia in a low-entropy = environment. > - * > - * markm - October 2013. > + * Reseed the active adaptor shortly before starting init(8). > */ > -#ifdef RANDOM_AUTOSEED > /* ARGSUSED */ > static void > random_adaptors_seed(void *unused __unused) > @@ -484,6 +462,5 @@ random_adaptors_seed(void *unused __unus >=20 > arc4rand(NULL, 0, 1); > } > -SYSINIT(random_seed, SI_SUB_INTRINSIC_POST, SI_ORDER_LAST, > - random_adaptors_reseed, NULL); > -#endif /* RANDOM_AUTOSEED */ > +SYSINIT(random_seed, SI_SUB_KTHREAD_INIT, SI_ORDER_FIRST, > + random_adaptors_seed, NULL); >=20 > Modified: head/sys/dev/random/yarrow.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/dev/random/yarrow.c Sun Nov 2 01:47:27 2014 = (r273957) > +++ head/sys/dev/random/yarrow.c Sun Nov 2 02:01:55 2014 = (r273958) > @@ -508,7 +508,9 @@ void > random_yarrow_reseed(void) > { >=20 > + mtx_lock(&random_reseed_mtx); > reseed(SLOW); > + mtx_unlock(&random_reseed_mtx); > } >=20 > int >=20 --=20 Mark R V Murray