[Bug 237869] is_random_seeded should perform pre_read for unseeded case

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon May 13 07:55:03 UTC 2019


            Bug ID: 237869
           Summary: is_random_seeded should perform pre_read for unseeded
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: delphij at FreeBSD.org

I noticed the following on a recent -CURRENT amd64 system, this message on

arc4random: WARNING: initial seeding bypassed the cryptographic random device
because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.

Despite /boot/entropy is preloaded.  It looks like it was related to r346358.

On my system, the call path is roughly:

vnet_domain_init_inet_vnet_init -> arc4random()

At the time, the entropy device have already seen /boot/entropy through
random_harvestq_prime(), however, because nobody have read from entropy device,
the pre_read method was never called, therefore the device would report itself
as unseeded, even though it already have enough entropy to proceed.

(By the way, r346292 should be reverted now that r346358 is landed).

It looks like is_random_seeded should do something like:

if (__predict_false(!p_random_alg_context->ra_seeded())) {
    return (p_random_alg_context->ra_seeded());
return (true);

Instead of its current form.

Note that random_infra.c needs similar treatment as well; the current form is
broken by the way.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list