From: Matthew Dillon Date: Tue, 25 Feb 2014 22:44:49 +0000 (-0800) Subject: kernel - Change add_buffer_randomness() a little X-Git-Tag: v3.9.0~465 X-Git-Url: https://gitweb.dragonflybsd.org/~tuxillo/dragonfly.git/commitdiff_plain/cf9961f7f4ec50a50716c84bb9b9a86cffe4caee kernel - Change add_buffer_randomness() a little * Move the securelevel and seedenable stuff to the /dev/random code, remove it from add_buffer_randomness(). * Adjust GENERIC and X86_64_GENERIC to include the chip RNGs by default. --- diff --git a/sys/config/GENERIC b/sys/config/GENERIC index 8f0d21e2e9..faaa51f200 100644 --- a/sys/config/GENERIC +++ b/sys/config/GENERIC @@ -375,3 +375,10 @@ device fwe # Ethernet over FireWire (non-standard!) device mmc device mmcsd device sdhci + +# RNG +# +device aesni # hardware crypto/RNG for AES-NI +#device glxsb # Geode LX Security Block +device padlock # hardware crypto/RNG for VIA C3/C7/Eden +device rdrand # hardware RNG for RdRand diff --git a/sys/config/X86_64_GENERIC b/sys/config/X86_64_GENERIC index 79a63a9f17..7066422dd2 100644 --- a/sys/config/X86_64_GENERIC +++ b/sys/config/X86_64_GENERIC @@ -351,3 +351,10 @@ device fwe # Ethernet over FireWire (non-standard!) device mmc device mmcsd device sdhci + +# RNG +# +device aesni # hardware crypto/RNG for AES-NI +#device glxsb # Geode LX Security Block +device padlock # hardware crypto/RNG for VIA C3/C7/Eden +device rdrand # hardware RNG for RdRand diff --git a/sys/kern/kern_memio.c b/sys/kern/kern_memio.c index bdf358fa2b..af98f0352e 100644 --- a/sys/kern/kern_memio.c +++ b/sys/kern/kern_memio.c @@ -56,6 +56,7 @@ #include #include #include +#include #include #include @@ -95,6 +96,8 @@ static int random_ioctl (cdev_t, u_long, caddr_t, int, struct ucred *); struct mem_range_softc mem_range_softc; +static int seedenable; +SYSCTL_INT(_kern, OID_AUTO, seedenable, CTLFLAG_RW, &seedenable, 0, ""); static int mmopen(struct dev_open_args *ap) @@ -235,8 +238,13 @@ mmrw(cdev_t dev, struct uio *uio, int flags) c = min(iov->iov_len, PAGE_SIZE); if (uio->uio_rw == UIO_WRITE) { error = uiomove(buf, (int)c, uio); - if (error == 0) + if (error == 0 && + seedenable && + securelevel <= 0) { error = add_buffer_randomness(buf, c); + } else if (error == 0) { + error = EPERM; + } } else { poolsize = read_random(buf, c); if (poolsize == 0) { diff --git a/sys/kern/kern_nrandom.c b/sys/kern/kern_nrandom.c index cc40e3c7ac..0eb9ef097e 100644 --- a/sys/kern/kern_nrandom.c +++ b/sys/kern/kern_nrandom.c @@ -407,8 +407,6 @@ static int sysctl_kern_random(SYSCTL_HANDLER_ARGS); static int nrandevents; SYSCTL_INT(_kern, OID_AUTO, nrandevents, CTLFLAG_RD, &nrandevents, 0, ""); -static int seedenable; -SYSCTL_INT(_kern, OID_AUTO, seedenable, CTLFLAG_RW, &seedenable, 0, ""); SYSCTL_PROC(_kern, OID_AUTO, random, CTLFLAG_RD | CTLFLAG_ANYBODY, 0, 0, sysctl_kern_random, "I", "Acquire random data"); @@ -487,26 +485,21 @@ add_true_randomness(int val) int add_buffer_randomness(const char *buf, int bytes) { - int error; int i; - if (seedenable && securelevel <= 0) { - while (bytes >= sizeof(int)) { - add_true_randomness(*(const int *)buf); - buf += sizeof(int); - bytes -= sizeof(int); - } - error = 0; - - /* - * Warm up the generator to get rid of weak initial states. - */ - for (i = 0; i < 10; ++i) - IBAA_Call(); - } else { - error = EPERM; + while (bytes >= sizeof(int)) { + add_true_randomness(*(const int *)buf); + buf += sizeof(int); + bytes -= sizeof(int); } - return (error); + + /* + * Warm up the generator to get rid of weak initial states. + */ + for (i = 0; i < 10; ++i) + IBAA_Call(); + + return 0; } /*