Differential D19944 Diff 56365 head/sys/dev/random/random_infra.c

Changeset View

Standalone View

head/sys/dev/random/random_infra.c

	Show All 37 Lines
	#if defined(RANDOM_LOADABLE)			#if defined(RANDOM_LOADABLE)
	#include <sys/lock.h>			#include <sys/lock.h>
	#include <sys/sx.h>			#include <sys/sx.h>
	#endif			#endif

	#include <dev/random/randomdev.h>			#include <dev/random/randomdev.h>

	/* Set up the sysctl root node for the entropy device */			/* Set up the sysctl root node for the entropy device */
	SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0, "Cryptographically Secure Random Number Generator");			SYSCTL_NODE(_kern, OID_AUTO, random, CTLFLAG_RW, 0,
				"Cryptographically Secure Random Number Generator");
				SYSCTL_NODE(_kern_random, OID_AUTO, initial_seeding, CTLFLAG_RW, 0,
				"Initial seeding control and information");

				/*
				* N.B., this is a dangerous default, but it matches the behavior prior to
				* r346250 (and, say, OpenBSD -- although they get some guaranteed saved
				* entropy from the prior boot because of their KARL system, on RW media).
				*/
				bool random_bypass_before_seeding = true;
				SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
				bypass_before_seeding, CTLFLAG_RDTUN, &random_bypass_before_seeding,
				0, "If set non-zero, bypass the random device in requests for random "
				"data when the random device is not yet seeded. This is considered "
				"dangerous. Ordinarily, the random device will block requests until "
				"it is seeded by sufficient entropy.");

				/*
				* This is a read-only diagnostic that reports the combination of the former
				* tunable and actual bypass. It is intended for programmatic inspection by
				* userspace administrative utilities after boot.
				*/
				bool read_random_bypassed_before_seeding = false;
				SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
				read_random_bypassed_before_seeding, CTLFLAG_RD,
				&read_random_bypassed_before_seeding, 0, "If non-zero, the random device "
				"was bypassed because the 'bypass_before_seeding' knob was enabled and a "
				"request was submitted prior to initial seeding.");

				/*
				* This is a read-only diagnostic that reports the combination of the former
				* tunable and actual bypass for arc4random initial seeding. It is intended
				* for programmatic inspection by userspace administrative utilities after
				* boot.
				*/
				bool arc4random_bypassed_before_seeding = false;
				SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
				arc4random_bypassed_before_seeding, CTLFLAG_RD,
				&arc4random_bypassed_before_seeding, 0, "If non-zero, the random device "
				"was bypassed when initially seeding the kernel arc4random(9), because "
				"the 'bypass_before_seeding' knob was enabled and a request was submitted "
				"prior to initial seeding.");

				/*
				* This knob is for users who do not want additional warnings in their logs
				* because they intend to handle bypass by inspecting the status of the
				* diagnostic sysctls.
				*/
				bool random_bypass_disable_warnings = false;
				SYSCTL_BOOL(_kern_random_initial_seeding, OID_AUTO,
				disable_bypass_warnings, CTLFLAG_RDTUN,
				&random_bypass_disable_warnings, 0, "If non-zero, do not log a warning "
				"if the 'bypass_before_seeding' knob is enabled and a request is "
				"submitted prior to initial seeding.");

	MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures");			MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers and data structures");

	struct sources_head source_list = LIST_HEAD_INITIALIZER(source_list);			struct sources_head source_list = LIST_HEAD_INITIALIZER(source_list);

	#if defined(RANDOM_LOADABLE)			#if defined(RANDOM_LOADABLE)
	struct random_algorithm *p_random_alg_context = NULL;			struct random_algorithm *p_random_alg_context = NULL;
	#else /* !defined(RANDOM_LOADABLE) */			#else /* !defined(RANDOM_LOADABLE) */
	▲ Show 20 Lines • Show All 99 Lines • Show Last 20 Lines