svn commit: r330897 - in stable/11: bin/cat bin/chflags bin/chmod bin/cp bin/date bin/dd bin/df bin/domainname bin/echo bin/ed bin/hostname bin/kill bin/ln bin/ls bin/mkdir bin/mv bin/pax bin/ps bi...

Oliver Pinter oliver.pinter at hardenedbsd.org
Wed Mar 28 18:34:17 UTC 2018 

On 3/28/18, Oliver Pinter <oliver.pinter at hardenedbsd.org> wrote:
> On 3/28/18, Oliver Pinter <oliver.pinter at hardenedbsd.org> wrote:
>> Hi!
>>
>> This part of the MFC is wrong:
>>
>> https://svnweb.freebsd.org/base/stable/11/sys/sys/random.h?limit_changes=0&r1=330897&r2=330896&pathrev=330897
>>
>> Could you please MFC back the other random related changes too? Some
>> of them made by cem at .
>
> Namely these commits:
>
> commit b95744ba0ac2f46a95ecbe423a4d8dd7c9513da0
> Author: Oliver Pinter <oliver.pinter at hardenedbsd.org>
> Date:   Sun Oct 15 17:15:48 2017 +0200
>
>     opBSD MFC r324394: random(4): Gather entropy from Pure sources
>
>     At initialization, hc_source_mask only includes non-Pure sources.
>
>     The patch changes source registration to enable the registered source in
> the
>     hc_source_mask bitmask. This mask governs which sources are harvested.
>
>     This patch also disallows userspace from disabling such sources.
>
>     PR:             222807
>     Submitted by:   W. Dean Freeman <badfilemagic AT gmail.com>
>     Reviewed by:    jmg (earlier version), delphij
>     Approved by:    secteam (delphij)
>     Obtained from:  HBSD 0054e3e170e083811acc9f3b637f8be8a86c03e7
>     Security:       yes
>     Differential Revision:  https://reviews.freebsd.org/D12611
>
>     (cherry picked from commit 1c36667f647c87c89227b495e8a79ff1d38a2d31)
>
>     Author: cem <cem at FreeBSD.org>
>     Original-commit-date: Sat Oct 7 19:02:03 2017 +0000
>     svn-commit-id: /head/ r324394
>     Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>
>
> commit 6c94c5ce8a5b3ed5dec3bb0437da293de1da22fc
> Author: Oliver Pinter <oliver.pinter at hardenedbsd.org>
> Date:   Sun Oct 15 17:15:43 2017 +0200
>
>     opBSD MFC r324393: random(4): Add missing source descriptions
>
>     Add source descriptions missed in r260847, r303035.
>
>     While here, convert the array to C99 initializers.
>
>     Reviewed by:    delphij
>     Approved by:    secteam (delphij)
>     Sponsored by:   Dell EMC Isilon
>     Differential Revision:  https://reviews.freebsd.org/D12618
>
>     (cherry picked from commit 25edb3fc554994c75b6282d88b1dd960fd476737)
>
>     Adopted to 11-STABLE since arm/broadcom/bcm2835/bcm2835_rng.c
>     does not exists here.
>
>     Author: cem <cem at FreeBSD.org>
>     Original-commit-date: Sat Oct 7 18:59:29 2017 +0000
>     svn-commit-id: /head/ r324393
>     Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>
>
> commit 28fc9178aca64f2fec46e2753187b35bcab8e962
> Author: Oliver Pinter <oliver.pinter at hardenedbsd.org>
> Date:   Sun Oct 15 17:15:37 2017 +0200
>
>     opBSD MFC r324372: random(4): Discard low entropy inputs
>
>     The later fields of the harvest_event structure are predictable and
> provide
>     little value to the entropy pool.  Only feed in the relatively high
> entropy
>     counter and explicit entropy buffer to increase measured input entropy.
>
>     See also:
>     https://people.freebsd.org/~jmg/vbsdcon_2017_ddfreebsdrng_slides.pdf
>
>     PR:             222807
>     Submitted by:   W. Dean Freeman <badfilemagic AT gmail.com>
>     Reviewed by:    jmg (earlier version), delphij
>     Approved by:    secteam (delphij)
>     Obtained from:  HBSD 8d809124d563937edd84c9c9d5494406e359c55c
>     Security:       no -- low entropy marginal input has no known
> negative affect on pool quality
>     Differential Revision:  https://reviews.freebsd.org/D12610
>
>     (cherry picked from commit 1d234c562d594d49fd330eef90cd1b8f0e73f8fa)
>
>     Author: cem <cem at FreeBSD.org>
>     Original-commit-date: Fri Oct 6 18:27:55 2017 +0000
>     svn-commit-id: /head/ r324372
>     Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>
>

Or please apply the attached patch.

>
>>
>> On 3/14/18, Eitan Adler <eadler at freebsd.org> wrote:
>>> Author: eadler
>>> Date: Wed Mar 14 03:19:51 2018
>>> New Revision: 330897
>>> URL: https://svnweb.freebsd.org/changeset/base/330897
>>>
>
> [... trim ...]
>
-------------- next part --------------
From 38d9b670806c64c31f49f425707d59aad89b6246 Mon Sep 17 00:00:00 2001
From: Oliver Pinter <oliver.pinter at hardenedbsd.org>
Date: Wed, 28 Mar 2018 20:26:30 +0200
Subject: [PATCH] opBSD: revert misMFCd parts of sys/sys/random.h

Signed-off-by: Oliver Pinter <oliver.pinter at hardenedbsd.org>

diff --git a/sys/sys/random.h b/sys/sys/random.h
index 9e03e5ef6527..26764851d00c 100644
--- a/sys/sys/random.h
+++ b/sys/sys/random.h
@@ -60,9 +60,9 @@ read_random(void *a __unused, u_int b __unused)
 #endif
 
 /*
- * Note: if you add or remove members of random_entropy_source, remember to
- * also update the strings in the static array random_source_descr[] in
- * random_harvestq.c.
+ * Note: if you add or remove members of random_entropy_source, remember to also update the
+ * KASSERT regarding what valid members are in random_harvest_internal(), and remember the
+ * strings in the static array random_source_descr[] in random_harvestq.c.
  *
  * NOTE: complain loudly to markm@ or on the lists if this enum gets more than 32
  * distinct values (0-31)! ENTROPYSOURCE may be == 32, but not > 32.
@@ -83,8 +83,7 @@ enum random_entropy_source {
 	RANDOM_UMA,	/* Special!! UMA/SLAB Allocator */
 	RANDOM_ENVIRONMENTAL_END = RANDOM_UMA,
 	/* Fast hardware random-number sources from here on. */
-	RANDOM_PURE_START,
-	RANDOM_PURE_OCTEON = RANDOM_PURE_START,
+	RANDOM_PURE_OCTEON,
 	RANDOM_PURE_SAFE,
 	RANDOM_PURE_GLXSB,
 	RANDOM_PURE_UBSEC,
@@ -93,29 +92,19 @@ enum random_entropy_source {
 	RANDOM_PURE_NEHEMIAH,
 	RANDOM_PURE_RNDTEST,
 	RANDOM_PURE_VIRTIO,
-	RANDOM_PURE_BROADCOM,
 	ENTROPYSOURCE
 };
 
 #define RANDOM_HARVEST_EVERYTHING_MASK ((1 << (RANDOM_ENVIRONMENTAL_END + 1)) - 1)
-#define RANDOM_HARVEST_PURE_MASK (((1 << ENTROPYSOURCE) - 1) & (-1UL << RANDOM_PURE_START))
-
-#define RANDOM_LEGACY_BOOT_ENTROPY_MODULE	"/boot/entropy"
-#define RANDOM_CACHED_BOOT_ENTROPY_MODULE	"boot_entropy_cache"
-#define	RANDOM_CACHED_SKIP_START	256
 
 #if defined(DEV_RANDOM)
 void random_harvest_queue(const void *, u_int, u_int, enum random_entropy_source);
 void random_harvest_fast(const void *, u_int, u_int, enum random_entropy_source);
 void random_harvest_direct(const void *, u_int, u_int, enum random_entropy_source);
-void random_harvest_register_source(enum random_entropy_source);
-void random_harvest_deregister_source(enum random_entropy_source);
 #else
 #define random_harvest_queue(a, b, c, d) do {} while (0)
 #define random_harvest_fast(a, b, c, d) do {} while (0)
 #define random_harvest_direct(a, b, c, d) do {} while (0)
-#define random_harvest_register_source(a) do {} while (0)
-#define random_harvest_deregister_source(a) do {} while (0)
 #endif
 
 #if defined(RANDOM_ENABLE_UMA)

More information about the svn-src-stable-11 mailing list