random(4) plugin infrastructure for mulitple RNG in a modular fashion

David O'Brien obrien at FreeBSD.org
Wed Aug 7 18:53:33 UTC 2013 

[Choosing one of the "blocking" related emails to reply to]

On Fri, Aug 02, 2013 at 12:00:40AM -0700, Peter Wemm wrote:
> On Wed, Jul 31, 2013 at 11:07 AM, Adrian Chadd <adrian at freebsd.org> wrote:
> > Should David's patch print a louder warning if no hardware RNG is
> > registered?

I don't thing it would improve things -- but only give the false
impression random(4) is working well and secure.  (see below)


> Secure randomness is vital - we've seen other projects take a massive
> hit over this.  I'd be inclined to make this a showstopper.  We
> certainly shouldn't allow things like ssh-keygen or sshd to start up.

While I don't disagree -- this is a major change from today's FreeBSD
kernel.  So I don't feel it should be a road block to making these
infrastructure chagnes.

I don't think folks realize just how bad things are.  I communicated this
last September when I tried to do some things in this area and got
shouted down.  I've seen no one work on this area for the past year.
Thus at $WORK we're trying to improve our random(4).

We are able to fully boot and produce keys without being seeded, and
without generating any entropy.
Try booting a kernel without "device random" and see how the system runs,
doesn't block, nor give any indication of lack of /dev/random.  Apply
the patch below and boot a kernel and see how there is no blocking
or other indication of running in a less secure manner.

This changeset does not address that, nor do I think these issues should
block what is basically an infrastructure change.

-- 
-- David  (obrien at FreeBSD.org)


Index: sys/dev/random/harvest.c
===================================================================
--- sys/dev/random/harvest.c	(revision 253802)
+++ sys/dev/random/harvest.c	(working copy)
@@ -48,7 +48,13 @@ __FBSDID("$FreeBSD$");
 static int read_random_phony(void *, int);
 
 /* Structure holding the desired entropy sources */
-struct harvest_select harvest = { 1, 1, 1, 0 };
+struct harvest_select harvest = {
+	0,	/*ethernet*/
+	0,	/*pt2pt*/
+	0,	/*intr*/
+	0,	/*swi*/
+	/**/
+};
 static int warned = 0;
 
 /* hold the address of the routine which is actually called if

Index: sys/dev/random/randomdev_soft.c
===================================================================
--- sys/dev/random/randomdev_soft.c	(revision 253802)
+++ sys/dev/random/randomdev_soft.c	(working copy)
@@ -74,7 +75,7 @@ struct random_adaptor random_yarrow = {
 	.write = random_yarrow_write,
 	.poll = random_yarrow_poll,
 	.reseed = random_yarrow_flush_reseed,
-	.seeded = 1,
+	.seeded = 0,
 };
 
 MALLOC_DEFINE(M_ENTROPY, "entropy", "Entropy harvesting buffers");
@@ -135,7 +162,7 @@ random_yarrow_init(void)
 	SYSCTL_ADD_PROC(&random_clist,
 	    SYSCTL_CHILDREN(random_sys_o),
 	    OID_AUTO, "seeded", CTLTYPE_INT | CTLFLAG_RW,
-	    &random_yarrow.seeded, 1, random_check_boolean, "I",
+	    &random_yarrow.seeded, 0, random_check_boolean, "I",
 	    "Seeded State");
 
 	random_sys_harvest_o = SYSCTL_ADD_NODE(&random_clist,

More information about the freebsd-arch mailing list