Changeset View
Changeset View
Standalone View
Standalone View
head/sys/dev/random/random_infra.c
Show All 37 Lines | |||||
#if defined(RANDOM_LOADABLE) | #if defined(RANDOM_LOADABLE) | ||||
#include <sys/lock.h> | #include <sys/lock.h> | ||||
#include <sys/sx.h> | #include <sys/sx.h> | ||||
#endif | #endif | ||||
#include <dev/random/randomdev.h> | #include <dev/random/randomdev.h> | ||||
/* Set up the sysctl root node for the entropy device */ | /* Set up the sysctl root node for the entropy device */ | ||||
SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Cryptographically Secure Random Number Generator"); | SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, | ||||
"Cryptographically Secure Random Number Generator"); | |||||
SYSCTL_NODE(_kern_random, OID_AUTO, initial_seeding, CTLFLAG_RW, 0, | |||||
"Initial seeding control and information"); | |||||
/* | |||||
* N.B., this is a dangerous default, but it matches the behavior prior to | |||||
* r346250 (and, say, OpenBSD -- although they get some guaranteed saved | |||||
* entropy from the prior boot because of their KARL system, on RW media). | |||||
*/ | |||||
bool random_bypass_before_seeding = true; | |||||
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, | |||||
bypass_before_seeding, CTLFLAG_RDTUN, &random_bypass_before_seeding, | |||||
0, "If set non-zero, bypass the random device in requests for random " | |||||
"data when the random device is not yet seeded. This is considered " | |||||
"dangerous. Ordinarily, the random device will block requests until " | |||||
"it is seeded by sufficient entropy."); | |||||
/* | |||||
* This is a read-only diagnostic that reports the combination of the former | |||||
* tunable and actual bypass. It is intended for programmatic inspection by | |||||
* userspace administrative utilities after boot. | |||||
*/ | |||||
bool read_random_bypassed_before_seeding = false; | |||||
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, | |||||
read_random_bypassed_before_seeding, CTLFLAG_RD, | |||||
&read_random_bypassed_before_seeding, 0, "If non-zero, the random device " | |||||
"was bypassed because the 'bypass_before_seeding' knob was enabled and a " | |||||
"request was submitted prior to initial seeding."); | |||||
/* | |||||
* This is a read-only diagnostic that reports the combination of the former | |||||
* tunable and actual bypass for arc4random initial seeding. It is intended | |||||
* for programmatic inspection by userspace administrative utilities after | |||||
* boot. | |||||
*/ | |||||
bool arc4random_bypassed_before_seeding = false; | |||||
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, | |||||
arc4random_bypassed_before_seeding, CTLFLAG_RD, | |||||
&arc4random_bypassed_before_seeding, 0, "If non-zero, the random device " | |||||
"was bypassed when initially seeding the kernel arc4random(9), because " | |||||
"the 'bypass_before_seeding' knob was enabled and a request was submitted " | |||||
"prior to initial seeding."); | |||||
/* | |||||
* This knob is for users who do not want additional warnings in their logs | |||||
* because they intend to handle bypass by inspecting the status of the | |||||
* diagnostic sysctls. | |||||
*/ | |||||
bool random_bypass_disable_warnings = false; | |||||
SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO, | |||||
disable_bypass_warnings, CTLFLAG_RDTUN, | |||||
&random_bypass_disable_warnings, 0, "If non-zero, do not log a warning " | |||||
"if the 'bypass_before_seeding' knob is enabled and a request is " | |||||
"submitted prior to initial seeding."); | |||||
MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures"); | MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures"); | ||||
struct sources_head source_list = LIST_HEAD_INITIALIZER(source_list); | struct sources_head source_list = LIST_HEAD_INITIALIZER(source_list); | ||||
#if defined(RANDOM_LOADABLE) | #if defined(RANDOM_LOADABLE) | ||||
struct random_algorithm *p_random_alg_context = NULL; | struct random_algorithm *p_random_alg_context = NULL; | ||||
#else /* !defined(RANDOM_LOADABLE) */ | #else /* !defined(RANDOM_LOADABLE) */ | ||||
▲ Show 20 Lines • Show All 99 Lines • Show Last 20 Lines |