Page MenuHomeFreeBSD
Differential D51155

random: Treat writes to /dev/random as separate from /entropy
ClosedPublic
Actions

Authored by markj on Jul 3 2025, 5:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jul 29, 7:22 AM
Unknown Object (File)
Tue, Jul 29, 2:57 AM
Unknown Object (File)
Mon, Jul 28, 4:14 PM
Unknown Object (File)
Mon, Jul 28, 3:51 AM
Unknown Object (File)
Fri, Jul 25, 1:52 PM
Unknown Object (File)
Fri, Jul 18, 9:12 PM
Unknown Object (File)
Jul 9 2025, 12:03 AM
Unknown Object (File)
Jul 8 2025, 11:46 PM
View All 12 Files
Subscribers
cem
imp
obrien

Details

Reviewers
cse_cem_gmail_com
cem
Group Reviewers
csprng
Commits
rGfa8db724ae6e: random: Treat writes to /dev/random as separate from /entropy
Summary

RANDOM_CACHED is overloaded to refer both to entropy obtained from files
loaded by the boot loader, and entropy obtained via writes to
/dev/random. Introduce a new source, RANDOM_RANDOMDEV, to refer to the
latter. This is to enable treating RANDOM_CACHED as a special case in
the NIST health test implementation.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 65256
Build 62139: arc lint + arc unit

Event Timeline

markj created this revision.Jul 3 2025, 5:39 PM
Herald added a subscriber: imp. · View Herald TranscriptJul 3 2025, 5:39 PM
markj requested review of this revision.Jul 3 2025, 5:39 PM
Herald added a subscriber: obrien. · View Herald TranscriptJul 3 2025, 5:39 PM
Harbormaster completed remote builds in B65197: Diff 157900.Jul 3 2025, 5:39 PM
markj added a parent revision: D51154: random: Add NIST SP 800-90B entropy source health test implementations.Jul 3 2025, 5:39 PM
cem added a subscriber: cem.Jul 4 2025, 1:15 AM

Seems reasonable.

libexec/rc/rc.conf
697

I'm not totally sure I understand the mask change here, can you explain it?

sys/dev/random/random_harvestq.c
588–591

Does this have ABI implications for loadable modules?

markj added inline comments.Jul 4 2025, 2:13 AM
libexec/rc/rc.conf
697

I'll update the description later too, but: this setting disables all environmental sources except SWI, INTERRUPT, NET_NG, NET_TUN, MOUSE, KEYBOARD, ATTACH, CACHED. That corresponds to a mask of 0x1ff (511). To avoid changing any behaviour with this patch, I changed this to 0x11ff so that RANDOMDEV is included too.

sys/dev/random/random_harvestq.c
588–591

Yes, I should bump __FreeBSD_version for this change. I believe the userspace ABI is unaffected so long as we don't change the ordering of "environmental" sources. That's because user_immutable_mask in random_check_uint_harvestmask() disallows enabling or disabling non-environmental sources, and I don't think there are any other userspace-facing interfaces which are affected.

markj updated this revision to Diff 158110.Jul 7 2025, 4:34 PM

Bump __FreeBSD_version.

Harbormaster completed remote builds in B65256: Diff 158110.Jul 7 2025, 4:34 PM
cse_cem_gmail_com accepted this revision.Jul 7 2025, 4:50 PM
This revision is now accepted and ready to land.Jul 7 2025, 4:50 PM
cem accepted this revision.Jul 7 2025, 4:51 PM

Oops. :-)

Closed by commit rGfa8db724ae6e: random: Treat writes to /dev/random as separate from /entropy (authored by markj). · Explain WhyFri, Jul 18, 8:35 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGfa8db724ae6e: random: Treat writes to /dev/random as separate from /entropy.

Revision Contents
Changeset List

PathSize
libexec/
rc/
2 lines
sys/
dev/
random/
3 lines
2 lines
sys/
2 lines
3 lines

Diff 158110

View Options

libexec/rc/rc.conf

Loading...
View Options

sys/dev/random/random_harvestq.c

Loading...
View Options

sys/dev/random/randomdev.c

Loading...
View Options

sys/sys/param.h

Loading...
View Options

sys/sys/random.h

Loading...