svn commit: r330897 - in stable/11: bin/cat bin/chflags bin/chmod bin/cp bin/date bin/dd bin/df bin/domainname bin/echo bin/ed bin/hostname bin/kill bin/ln bin/ls bin/mkdir bin/mv bin/pax bin/ps bi...
Oliver Pinter
oliver.pinter at hardenedbsd.org
Wed Mar 28 18:34:17 UTC 2018
On 3/28/18, Oliver Pinter <oliver.pinter at hardenedbsd.org> wrote:
> On 3/28/18, Oliver Pinter <oliver.pinter at hardenedbsd.org> wrote:
>> Hi!
>>
>> This part of the MFC is wrong:
>>
>> https://svnweb.freebsd.org/base/stable/11/sys/sys/random.h?limit_changes=0&r1=330897&r2=330896&pathrev=330897
>>
>> Could you please MFC back the other random related changes too? Some
>> of them made by cem at .
>
> Namely these commits:
>
> commit b95744ba0ac2f46a95ecbe423a4d8dd7c9513da0
> Author: Oliver Pinter <oliver.pinter at hardenedbsd.org>
> Date: Sun Oct 15 17:15:48 2017 +0200
>
> opBSD MFC r324394: random(4): Gather entropy from Pure sources
>
> At initialization, hc_source_mask only includes non-Pure sources.
>
> The patch changes source registration to enable the registered source in
> the
> hc_source_mask bitmask. This mask governs which sources are harvested.
>
> This patch also disallows userspace from disabling such sources.
>
> PR: 222807
> Submitted by: W. Dean Freeman <badfilemagic AT gmail.com>
> Reviewed by: jmg (earlier version), delphij
> Approved by: secteam (delphij)
> Obtained from: HBSD 0054e3e170e083811acc9f3b637f8be8a86c03e7
> Security: yes
> Differential Revision: https://reviews.freebsd.org/D12611
>
> (cherry picked from commit 1c36667f647c87c89227b495e8a79ff1d38a2d31)
>
> Author: cem <cem at FreeBSD.org>
> Original-commit-date: Sat Oct 7 19:02:03 2017 +0000
> svn-commit-id: /head/ r324394
> Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>
>
> commit 6c94c5ce8a5b3ed5dec3bb0437da293de1da22fc
> Author: Oliver Pinter <oliver.pinter at hardenedbsd.org>
> Date: Sun Oct 15 17:15:43 2017 +0200
>
> opBSD MFC r324393: random(4): Add missing source descriptions
>
> Add source descriptions missed in r260847, r303035.
>
> While here, convert the array to C99 initializers.
>
> Reviewed by: delphij
> Approved by: secteam (delphij)
> Sponsored by: Dell EMC Isilon
> Differential Revision: https://reviews.freebsd.org/D12618
>
> (cherry picked from commit 25edb3fc554994c75b6282d88b1dd960fd476737)
>
> Adopted to 11-STABLE since arm/broadcom/bcm2835/bcm2835_rng.c
> does not exists here.
>
> Author: cem <cem at FreeBSD.org>
> Original-commit-date: Sat Oct 7 18:59:29 2017 +0000
> svn-commit-id: /head/ r324393
> Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>
>
> commit 28fc9178aca64f2fec46e2753187b35bcab8e962
> Author: Oliver Pinter <oliver.pinter at hardenedbsd.org>
> Date: Sun Oct 15 17:15:37 2017 +0200
>
> opBSD MFC r324372: random(4): Discard low entropy inputs
>
> The later fields of the harvest_event structure are predictable and
> provide
> little value to the entropy pool. Only feed in the relatively high
> entropy
> counter and explicit entropy buffer to increase measured input entropy.
>
> See also:
> https://people.freebsd.org/~jmg/vbsdcon_2017_ddfreebsdrng_slides.pdf
>
> PR: 222807
> Submitted by: W. Dean Freeman <badfilemagic AT gmail.com>
> Reviewed by: jmg (earlier version), delphij
> Approved by: secteam (delphij)
> Obtained from: HBSD 8d809124d563937edd84c9c9d5494406e359c55c
> Security: no -- low entropy marginal input has no known
> negative affect on pool quality
> Differential Revision: https://reviews.freebsd.org/D12610
>
> (cherry picked from commit 1d234c562d594d49fd330eef90cd1b8f0e73f8fa)
>
> Author: cem <cem at FreeBSD.org>
> Original-commit-date: Fri Oct 6 18:27:55 2017 +0000
> svn-commit-id: /head/ r324372
> Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>
>
Or please apply the attached patch.
>
>>
>> On 3/14/18, Eitan Adler <eadler at freebsd.org> wrote:
>>> Author: eadler
>>> Date: Wed Mar 14 03:19:51 2018
>>> New Revision: 330897
>>> URL: https://svnweb.freebsd.org/changeset/base/330897
>>>
>
> [... trim ...]
>
-------------- next part --------------
From 38d9b670806c64c31f49f425707d59aad89b6246 Mon Sep 17 00:00:00 2001
From: Oliver Pinter <oliver.pinter at hardenedbsd.org>
Date: Wed, 28 Mar 2018 20:26:30 +0200
Subject: [PATCH] opBSD: revert misMFCd parts of sys/sys/random.h
Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>
diff --git a/sys/sys/random.h b/sys/sys/random.h
index 9e03e5ef6527..26764851d00c 100644
--- a/sys/sys/random.h
+++ b/sys/sys/random.h
@@ -60,9 +60,9 @@ read_random(void *a __unused, u_int b __unused)
#endif
/*
- * Note: if you add or remove members of random_entropy_source, remember to
- * also update the strings in the static array random_source_descr[] in
- * random_harvestq.c.
+ * Note: if you add or remove members of random_entropy_source, remember to also update the
+ * KASSERT regarding what valid members are in random_harvest_internal(), and remember the
+ * strings in the static array random_source_descr[] in random_harvestq.c.
*
* NOTE: complain loudly to markm@ or on the lists if this enum gets more than 32
* distinct values (0-31)! ENTROPYSOURCE may be == 32, but not > 32.
@@ -83,8 +83,7 @@ enum random_entropy_source {
RANDOM_UMA, /* Special!! UMA/SLAB Allocator */
RANDOM_ENVIRONMENTAL_END = RANDOM_UMA,
/* Fast hardware random-number sources from here on. */
- RANDOM_PURE_START,
- RANDOM_PURE_OCTEON = RANDOM_PURE_START,
+ RANDOM_PURE_OCTEON,
RANDOM_PURE_SAFE,
RANDOM_PURE_GLXSB,
RANDOM_PURE_UBSEC,
@@ -93,29 +92,19 @@ enum random_entropy_source {
RANDOM_PURE_NEHEMIAH,
RANDOM_PURE_RNDTEST,
RANDOM_PURE_VIRTIO,
- RANDOM_PURE_BROADCOM,
ENTROPYSOURCE
};
#define RANDOM_HARVEST_EVERYTHING_MASK ((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1)
-#define RANDOM_HARVEST_PURE_MASK (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START))
-
-#define RANDOM_LEGACY_BOOT_ENTROPY_MODULE "/boot/entropy"
-#define RANDOM_CACHED_BOOT_ENTROPY_MODULE "boot_entropy_cache"
-#define RANDOM_CACHED_SKIP_START 256
#if defined(DEV_RANDOM)
void random_harvest_queue(const void *, u_int, u_int, enum random_entropy_source);
void random_harvest_fast(const void *, u_int, u_int, enum random_entropy_source);
void random_harvest_direct(const void *, u_int, u_int, enum random_entropy_source);
-void random_harvest_register_source(enum random_entropy_source);
-void random_harvest_deregister_source(enum random_entropy_source);
#else
#define random_harvest_queue(a, b, c, d) do {} while (0)
#define random_harvest_fast(a, b, c, d) do {} while (0)
#define random_harvest_direct(a, b, c, d) do {} while (0)
-#define random_harvest_register_source(a) do {} while (0)
-#define random_harvest_deregister_source(a) do {} while (0)
#endif
#if defined(RANDOM_ENABLE_UMA)
More information about the svn-src-stable-11
mailing list