Changeset View
Standalone View
sys/dev/random/random_infra.c
Show All 37 Lines | |||||
#if defined(RANDOM_LOADABLE) | #if defined(RANDOM_LOADABLE) | ||||
#include <sys/lock.h> | #include <sys/lock.h> | ||||
#include <sys/sx.h> | #include <sys/sx.h> | ||||
#endif | #endif | ||||
#include <dev/random/randomdev.h> | #include <dev/random/randomdev.h> | ||||
/* Set up the sysctl root node for the entropy device */ | /* Set up the sysctl root node for the entropy device */ | ||||
SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Cryptographically Secure Random Number Generator"); | SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, | ||||
"Cryptographically Secure Random Number Generator"); | |||||
SYSCTL_NODE(_kern_random, OID_AUTO, initial_seeding, CTLFLAG_RW, 0, | |||||
"Initial seeding control and information"); | |||||
/* | |||||
* N.B., this is a dangerous default, but it matches the behavior prior to | |||||
* r346250 (and, say, OpenBSD -- although they get some guaranteed saved | |||||
* entropy from the prior boot because of their KARL system, on RW media). | |||||
*/ | |||||
bool random_bypass_before_seeding = true; | |||||
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, | |||||
bypass_before_seeding, CTLFLAG_RDTUN, &random_bypass_before_seeding, | |||||
0, "If set non-zero, bypass the random device in requests for random " | |||||
"data when the random device is not yet seeded. This is considered " | |||||
"dangerous. Ordinarily, the random device will block requests until " | |||||
"sufficient entropy seeds it."); | |||||
rpokala: Perhaps `"it is seeded by sufficient entropy."`? | |||||
Done Inline ActionsSure, that's better. Will fix. cem: Sure, that's better. Will fix. | |||||
/* | |||||
* This is a read-only diagnostic that reports the combination of the former | |||||
* tunable and actual bypass. It is intended for programmatic inspection by | |||||
* userspace administrative utilities after boot. | |||||
*/ | |||||
bool read_random_bypassed_before_seeding = false; | |||||
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, | |||||
read_random_bypassed_before_seeding, CTLFLAG_RD, | |||||
&read_random_bypassed_before_seeding, 0, "If non-zero, the random device " | |||||
Done Inline Actionsnon-zero is a good description for an int sysctl, but should this be 'true' since it's a bool? imp: non-zero is a good description for an int sysctl, but should this be 'true' since it's a bool? | |||||
Done Inline ActionsUnfortunately, none of the tooling actually groks assigning true/false yet. Internally, sysctl/tune bools are just U8 type with a sysctl_handle_bool handler. I think loader just shoves the raw value into the kernel environment, and sysctl_register_oid -> sysctl_load_tunable_by_oid_locked eventually invokes sysctl_handle_bool on whatever U8 value came from loader; any non-zero value is coerced to true. That one is harder to fix, unless we hack up loader to translate true/false to 1/0, or actually add a distinct type for BOOL. In other words, I think a numeric value is still required; we could specify "one" in particular, but any non-zero U8-sized value will be coerced to true. Let me know if you feel strongly about "one" instead of "non-zero;" I'm happy to change the text. cem: Unfortunately, none of the tooling actually groks assigning true/false yet.
Internally… | |||||
Done Inline ActionsOK. Then the original wording is fine. I thought we did export that way, but I see now that I'm mistaken. imp: OK. Then the original wording is fine. I thought we did export that way, but I see now that I'm… | |||||
"was bypassed because the 'bypass_before_seeding' knob was enabled and a " | |||||
"request was submitted prior to initial seeding."); | |||||
/* | |||||
* This is a read-only diagnostic that reports the combination of the former | |||||
* tunable and actual bypass for arc4random initial seeding. It is intended | |||||
* for programmatic inspection by userspace administrative utilities after | |||||
* boot. | |||||
*/ | |||||
bool arc4random_bypassed_before_seeding = false; | |||||
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, | |||||
arc4random_bypassed_before_seeding, CTLFLAG_RD, | |||||
&arc4random_bypassed_before_seeding, 0, "If non-zero, the random device " | |||||
Not Done Inline Actionssame here. imp: same here. | |||||
"was bypassed when initially seeding the kernel arc4random(9), because " | |||||
"the 'bypass_before_seeding' knob was enabled and a request was submitted " | |||||
"prior to initial seeding."); | |||||
/* | |||||
* This knob is for users who do not want additional warnings in their logs | |||||
* because they intend to handle bypass by inspecting the status of the | |||||
* diagnostic sysctls. | |||||
*/ | |||||
bool random_bypass_disable_warnings = false; | |||||
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, | |||||
disable_bypass_warnings, CTLFLAG_RDTUN, | |||||
&random_bypass_disable_warnings, 0, "If non-zero, do not log a warning " | |||||
"if the 'bypass_before_seeding' knob is enabled and a request is " | |||||
"submitted prior to initial seeding."); | |||||
MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures"); | MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures"); | ||||
struct sources_head source_list = LIST_HEAD_INITIALIZER(source_list); | struct sources_head source_list = LIST_HEAD_INITIALIZER(source_list); | ||||
#if defined(RANDOM_LOADABLE) | #if defined(RANDOM_LOADABLE) | ||||
struct random_algorithm *p_random_alg_context = NULL; | struct random_algorithm *p_random_alg_context = NULL; | ||||
#else /* !defined(RANDOM_LOADABLE) */ | #else /* !defined(RANDOM_LOADABLE) */ | ||||
▲ Show 20 Lines • Show All 99 Lines • Show Last 20 Lines |
Perhaps "it is seeded by sufficient entropy."?