Differential D19944 Diff 56309 sys/dev/random/random_infra.c

Changeset View

Standalone View

sys/dev/random/random_infra.c

	Show All 37 Lines
	#if defined(RANDOM_LOADABLE)			#if defined(RANDOM_LOADABLE)
	#include <sys/lock.h>			#include <sys/lock.h>
	#include <sys/sx.h>			#include <sys/sx.h>
	#endif			#endif

	#include <dev/random/randomdev.h>			#include <dev/random/randomdev.h>

	/* Set up the sysctl root node for the entropy device */			/* Set up the sysctl root node for the entropy device */
	SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Cryptographically Secure Random Number Generator");			SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0,
				"Cryptographically Secure Random Number Generator");
				SYSCTL_NODE(_kern_random, OID_AUTO, initial_seeding, CTLFLAG_RW, 0,
				"Initial seeding control and information");

				/*
				* N.B., this is a dangerous default, but it matches the behavior prior to
				* r346250 (and, say, OpenBSD -- although they get some guaranteed saved
				* entropy from the prior boot because of their KARL system, on RW media).
				*/
				bool random_bypass_before_seeding = true;
				SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
				bypass_before_seeding, CTLFLAG_RDTUN, &random_bypass_before_seeding,
				0, "If set non-zero, bypass the random device in requests for random "
				"data when the random device is not yet seeded. This is considered "
				"dangerous. Ordinarily, the random device will block requests until "
				"sufficient entropy seeds it.");
				rpokalaUnsubmitted Done Inline Actions Perhaps `"it is seeded by sufficient entropy."`? rpokala: Perhaps `"it is seeded by sufficient entropy."`?
				cemAuthorUnsubmitted Done Inline Actions Sure, that's better. Will fix. cem: Sure, that's better. Will fix.

				/*
				* This is a read-only diagnostic that reports the combination of the former
				* tunable and actual bypass. It is intended for programmatic inspection by
				* userspace administrative utilities after boot.
				*/
				bool read_random_bypassed_before_seeding = false;
				SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
				read_random_bypassed_before_seeding, CTLFLAG_RD,
				&read_random_bypassed_before_seeding, 0, "If non-zero, the random device "
				impUnsubmitted Done Inline Actions non-zero is a good description for an int sysctl, but should this be 'true' since it's a bool? imp: non-zero is a good description for an int sysctl, but should this be 'true' since it's a bool?
				cemAuthorUnsubmitted Done Inline Actions Unfortunately, none of the tooling actually groks assigning true/false yet. Internally, sysctl/tune bools are just `U8` type with a `sysctl_handle_bool` handler. sysctl(8) doesn't understand "true" and "false" literals for `uint8_t`, although that would be fairly easy to add. I think loader just shoves the raw value into the kernel environment, and `sysctl_register_oid` -> `sysctl_load_tunable_by_oid_locked` eventually invokes `sysctl_handle_bool` on whatever U8 value came from loader; any non-zero value is coerced to `true`. That one is harder to fix, unless we hack up loader to translate true/false to 1/0, or actually add a distinct type for BOOL. In other words, I think a numeric value is still required; we could specify "one" in particular, but any non-zero U8-sized value will be coerced to true. Let me know if you feel strongly about "one" instead of "non-zero;" I'm happy to change the text. cem: Unfortunately, none of the tooling actually groks assigning true/false yet. Internally…
				impUnsubmitted Done Inline Actions OK. Then the original wording is fine. I thought we did export that way, but I see now that I'm mistaken. imp: OK. Then the original wording is fine. I thought we did export that way, but I see now that I'm…
				"was bypassed because the 'bypass_before_seeding' knob was enabled and a "
				"request was submitted prior to initial seeding.");

				/*
				* This is a read-only diagnostic that reports the combination of the former
				* tunable and actual bypass for arc4random initial seeding. It is intended
				* for programmatic inspection by userspace administrative utilities after
				* boot.
				*/
				bool arc4random_bypassed_before_seeding = false;
				SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
				arc4random_bypassed_before_seeding, CTLFLAG_RD,
				&arc4random_bypassed_before_seeding, 0, "If non-zero, the random device "
				impUnsubmitted Not Done Inline Actions same here. imp: same here.
				"was bypassed when initially seeding the kernel arc4random(9), because "
				"the 'bypass_before_seeding' knob was enabled and a request was submitted "
				"prior to initial seeding.");

				/*
				* This knob is for users who do not want additional warnings in their logs
				* because they intend to handle bypass by inspecting the status of the
				* diagnostic sysctls.
				*/
				bool random_bypass_disable_warnings = false;
				SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
				disable_bypass_warnings, CTLFLAG_RDTUN,
				&random_bypass_disable_warnings, 0, "If non-zero, do not log a warning "
				"if the 'bypass_before_seeding' knob is enabled and a request is "
				"submitted prior to initial seeding.");

	MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures");			MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures");

	struct sources_head source_list = LIST_HEAD_INITIALIZER(source_list);			struct sources_head source_list = LIST_HEAD_INITIALIZER(source_list);

	#if defined(RANDOM_LOADABLE)			#if defined(RANDOM_LOADABLE)
	struct random_algorithm *p_random_alg_context = NULL;			struct random_algorithm *p_random_alg_context = NULL;
	#else /* !defined(RANDOM_LOADABLE) */			#else /* !defined(RANDOM_LOADABLE) */
	▲ Show 20 Lines • Show All 99 Lines • Show Last 20 Lines