svn commit: r185254 - head/sys/dev/random releng/6.3
releng/6.3/sys/conf releng/6.3/sys/dev/random releng/6.4
releng/6.4/sys/dev/random releng/7.0 releng/7.0/sys/conf
releng/7.0/sys/dev/random stab...
Colin Percival
cperciva at FreeBSD.org
Mon Nov 24 09:39:41 PST 2008
Author: cperciva
Date: Mon Nov 24 17:39:39 2008
New Revision: 185254
URL: http://svn.freebsd.org/changeset/base/185254
Log:
Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom returns.
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-08:11.arc4random
Modified:
releng/6.3/UPDATING
releng/6.3/sys/conf/newvers.sh
releng/6.3/sys/dev/random/randomdev.c
releng/6.3/sys/dev/random/randomdev_soft.c
releng/6.4/UPDATING
releng/6.4/sys/dev/random/randomdev.c
releng/6.4/sys/dev/random/randomdev_soft.c
releng/7.0/UPDATING
releng/7.0/sys/conf/newvers.sh
releng/7.0/sys/dev/random/randomdev.c
releng/7.0/sys/dev/random/randomdev_soft.c
Changes in other areas also in this revision:
Modified:
head/sys/dev/random/randomdev.c
head/sys/dev/random/randomdev_soft.c
stable/6/sys/dev/random/randomdev.c
stable/6/sys/dev/random/randomdev_soft.c
stable/7/sys/dev/random/randomdev.c
stable/7/sys/dev/random/randomdev_soft.c
Modified: releng/6.3/UPDATING
==============================================================================
--- releng/6.3/UPDATING Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/6.3/UPDATING Mon Nov 24 17:39:39 2008 (r185254)
@@ -8,6 +8,10 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20081124: p6 FreeBSD-SA-08:11.arc4random
+ Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom
+ returns.
+
20081002: p5 FreeBSD-SA-08:10.nd6
Default to ignoring potentially evil IPv6 Neighbor Solicitation
messages.
Modified: releng/6.3/sys/conf/newvers.sh
==============================================================================
--- releng/6.3/sys/conf/newvers.sh Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/6.3/sys/conf/newvers.sh Mon Nov 24 17:39:39 2008 (r185254)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="6.3"
-BRANCH="RELEASE-p5"
+BRANCH="RELEASE-p6"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/6.3/sys/dev/random/randomdev.c
==============================================================================
--- releng/6.3/sys/dev/random/randomdev.c Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/6.3/sys/dev/random/randomdev.c Mon Nov 24 17:39:39 2008 (r185254)
@@ -89,6 +89,7 @@ random_close(struct cdev *dev __unused,
&& (securelevel_gt(td->td_ucred, 0) == 0)) {
(*random_systat.reseed)();
random_systat.seeded = 1;
+ arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */
}
return (0);
Modified: releng/6.3/sys/dev/random/randomdev_soft.c
==============================================================================
--- releng/6.3/sys/dev/random/randomdev_soft.c Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/6.3/sys/dev/random/randomdev_soft.c Mon Nov 24 17:39:39 2008 (r185254)
@@ -61,6 +61,7 @@ random_harvest_internal(u_int64_t, const
u_int, u_int, enum esource);
static int random_yarrow_poll(int event,struct thread *td);
static int random_yarrow_block(int flag);
+static void random_yarrow_flush_reseed(void);
struct random_systat random_yarrow = {
.ident = "Software, Yarrow",
@@ -70,7 +71,7 @@ struct random_systat random_yarrow = {
.read = random_yarrow_read,
.write = random_yarrow_write,
.poll = random_yarrow_poll,
- .reseed = random_yarrow_reseed,
+ .reseed = random_yarrow_flush_reseed,
.seeded = 1,
};
@@ -96,7 +97,7 @@ static struct entropyfifo emptyfifo;
/* Harvested entropy */
static struct entropyfifo harvestfifo[ENTROPYSOURCE];
-/* <0 to end the kthread, 0 to let it run */
+/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */
static int random_kthread_control = 0;
static struct proc *random_kthread_proc;
@@ -247,7 +248,7 @@ random_kthread(void *arg __unused)
local_count = 0;
/* Process until told to stop */
- for (; random_kthread_control == 0;) {
+ for (; random_kthread_control >= 0;) {
active = 0;
@@ -282,6 +283,13 @@ random_kthread(void *arg __unused)
KASSERT(local_count == 0, ("random_kthread: local_count %d",
local_count));
+ /*
+ * If a queue flush was commanded, it has now happened,
+ * and we can mark this by resetting the command.
+ */
+ if (random_kthread_control == 1)
+ random_kthread_control = 0;
+
/* Found nothing, so don't belabour the issue */
if (!active)
tsleep(&harvestfifo, 0, "-", hz / 10);
@@ -406,3 +414,15 @@ random_yarrow_block(int flag)
return error;
}
+
+/* Helper routine to perform explicit reseeds */
+static void
+random_yarrow_flush_reseed(void)
+{
+ /* Command a entropy queue flush and wait for it to finish */
+ random_kthread_control = 1;
+ while (random_kthread_control)
+ tsleep(&harvestfifo, 0, "-", hz / 10);
+
+ random_yarrow_reseed();
+}
Modified: releng/6.4/UPDATING
==============================================================================
--- releng/6.4/UPDATING Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/6.4/UPDATING Mon Nov 24 17:39:39 2008 (r185254)
@@ -8,6 +8,10 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20081124: FreeBSD-SA-08:11.arc4random
+ Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom
+ returns.
+
20080904:
ntpd upgraded to 4.2.4p5.
Modified: releng/6.4/sys/dev/random/randomdev.c
==============================================================================
--- releng/6.4/sys/dev/random/randomdev.c Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/6.4/sys/dev/random/randomdev.c Mon Nov 24 17:39:39 2008 (r185254)
@@ -89,6 +89,7 @@ random_close(struct cdev *dev __unused,
&& (securelevel_gt(td->td_ucred, 0) == 0)) {
(*random_systat.reseed)();
random_systat.seeded = 1;
+ arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */
}
return (0);
Modified: releng/6.4/sys/dev/random/randomdev_soft.c
==============================================================================
--- releng/6.4/sys/dev/random/randomdev_soft.c Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/6.4/sys/dev/random/randomdev_soft.c Mon Nov 24 17:39:39 2008 (r185254)
@@ -61,6 +61,7 @@ random_harvest_internal(u_int64_t, const
u_int, u_int, enum esource);
static int random_yarrow_poll(int event,struct thread *td);
static int random_yarrow_block(int flag);
+static void random_yarrow_flush_reseed(void);
struct random_systat random_yarrow = {
.ident = "Software, Yarrow",
@@ -70,7 +71,7 @@ struct random_systat random_yarrow = {
.read = random_yarrow_read,
.write = random_yarrow_write,
.poll = random_yarrow_poll,
- .reseed = random_yarrow_reseed,
+ .reseed = random_yarrow_flush_reseed,
.seeded = 1,
};
@@ -96,7 +97,7 @@ static struct entropyfifo emptyfifo;
/* Harvested entropy */
static struct entropyfifo harvestfifo[ENTROPYSOURCE];
-/* <0 to end the kthread, 0 to let it run */
+/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */
static int random_kthread_control = 0;
static struct proc *random_kthread_proc;
@@ -247,7 +248,7 @@ random_kthread(void *arg __unused)
local_count = 0;
/* Process until told to stop */
- for (; random_kthread_control == 0;) {
+ for (; random_kthread_control >= 0;) {
active = 0;
@@ -282,6 +283,13 @@ random_kthread(void *arg __unused)
KASSERT(local_count == 0, ("random_kthread: local_count %d",
local_count));
+ /*
+ * If a queue flush was commanded, it has now happened,
+ * and we can mark this by resetting the command.
+ */
+ if (random_kthread_control == 1)
+ random_kthread_control = 0;
+
/* Found nothing, so don't belabour the issue */
if (!active)
tsleep(&harvestfifo, 0, "-", hz / 10);
@@ -406,3 +414,15 @@ random_yarrow_block(int flag)
return error;
}
+
+/* Helper routine to perform explicit reseeds */
+static void
+random_yarrow_flush_reseed(void)
+{
+ /* Command a entropy queue flush and wait for it to finish */
+ random_kthread_control = 1;
+ while (random_kthread_control)
+ tsleep(&harvestfifo, 0, "-", hz / 10);
+
+ random_yarrow_reseed();
+}
Modified: releng/7.0/UPDATING
==============================================================================
--- releng/7.0/UPDATING Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/7.0/UPDATING Mon Nov 24 17:39:39 2008 (r185254)
@@ -8,6 +8,10 @@ Items affecting the ports and packages s
/usr/ports/UPDATING. Please read that file before running
portupgrade.
+20081124: p6 FreeBSD-SA-08:11.arc4random
+ Make sure arc4random(9) is properly seeded when /etc/rc.d/initrandom
+ returns.
+
20081002: p5 FreeBSD-SA-08:10.nd6
Default to ignoring potentially evil IPv6 Neighbor Solicitation
messages.
Modified: releng/7.0/sys/conf/newvers.sh
==============================================================================
--- releng/7.0/sys/conf/newvers.sh Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/7.0/sys/conf/newvers.sh Mon Nov 24 17:39:39 2008 (r185254)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="7.0"
-BRANCH="RELEASE-p5"
+BRANCH="RELEASE-p6"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/7.0/sys/dev/random/randomdev.c
==============================================================================
--- releng/7.0/sys/dev/random/randomdev.c Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/7.0/sys/dev/random/randomdev.c Mon Nov 24 17:39:39 2008 (r185254)
@@ -90,6 +90,7 @@ random_close(struct cdev *dev __unused,
&& (securelevel_gt(td->td_ucred, 0) == 0)) {
(*random_systat.reseed)();
random_systat.seeded = 1;
+ arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */
}
return (0);
Modified: releng/7.0/sys/dev/random/randomdev_soft.c
==============================================================================
--- releng/7.0/sys/dev/random/randomdev_soft.c Mon Nov 24 17:34:00 2008 (r185253)
+++ releng/7.0/sys/dev/random/randomdev_soft.c Mon Nov 24 17:39:39 2008 (r185254)
@@ -61,6 +61,7 @@ random_harvest_internal(u_int64_t, const
u_int, u_int, enum esource);
static int random_yarrow_poll(int event,struct thread *td);
static int random_yarrow_block(int flag);
+static void random_yarrow_flush_reseed(void);
struct random_systat random_yarrow = {
.ident = "Software, Yarrow",
@@ -70,7 +71,7 @@ struct random_systat random_yarrow = {
.read = random_yarrow_read,
.write = random_yarrow_write,
.poll = random_yarrow_poll,
- .reseed = random_yarrow_reseed,
+ .reseed = random_yarrow_flush_reseed,
.seeded = 1,
};
@@ -96,7 +97,7 @@ static struct entropyfifo emptyfifo;
/* Harvested entropy */
static struct entropyfifo harvestfifo[ENTROPYSOURCE];
-/* <0 to end the kthread, 0 to let it run */
+/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */
static int random_kthread_control = 0;
static struct proc *random_kthread_proc;
@@ -241,7 +242,7 @@ random_kthread(void *arg __unused)
local_count = 0;
/* Process until told to stop */
- for (; random_kthread_control == 0;) {
+ for (; random_kthread_control >= 0;) {
active = 0;
@@ -276,6 +277,13 @@ random_kthread(void *arg __unused)
KASSERT(local_count == 0, ("random_kthread: local_count %d",
local_count));
+ /*
+ * If a queue flush was commanded, it has now happened,
+ * and we can mark this by resetting the command.
+ */
+ if (random_kthread_control == 1)
+ random_kthread_control = 0;
+
/* Found nothing, so don't belabour the issue */
if (!active)
pause("-", hz / 10);
@@ -400,3 +408,15 @@ random_yarrow_block(int flag)
return error;
}
+
+/* Helper routine to perform explicit reseeds */
+static void
+random_yarrow_flush_reseed(void)
+{
+ /* Command a entropy queue flush and wait for it to finish */
+ random_kthread_control = 1;
+ while (random_kthread_control)
+ pause("-", hz / 10);
+
+ random_yarrow_reseed();
+}
More information about the svn-src-all
mailing list