[src/netbsd-6]: src/sys Pull up following revision(s) (requested by tls in ti...

[riz <riz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9e1dc1540f54
branches:  netbsd-6
changeset: 775350:9e1dc1540f54
user:      riz <riz%NetBSD.org@localhost>
date:      Wed Oct 17 21:27:12 2012 +0000

description:
Pull up following revision(s) (requested by tls in ticket #558):
        sys/sys/rnd.h: revision 1.33
        sys/kern/subr_cprng.c: revision 1.10
        sys/kern/kern_rndq.c: revision 1.4
        sys/kern/subr_cprng.c: revision 1.11
        sys/kern/kern_rndq.c: revision 1.5
Try to help embedded systems a _little_ bit: stir in the system boot time
as early as possible.  On systems with no cycle counter (or very very
predictable cycle counts early in boot) at least this will cause some
difference across boots.
Don't wait until the pool *fills* to rekey anything that was keyed with
insufficient entropy at boot: key it as soon as it makes any request after
we hit the minimum entropy threshold.
This too should help avoid predictable output at boot time.
Fix kern/46911: note that we rekeyed the cprng so we don't keep doing so.

diffstat:

 sys/kern/kern_rndq.c  |  22 +++++++++++++++-------
 sys/kern/subr_cprng.c |  13 ++++++++++---
 sys/sys/rnd.h         |   3 ++-
 3 files changed, 27 insertions(+), 11 deletions(-)

diffs (129 lines):

diff -r 3cd52e63f2b2 -r 9e1dc1540f54 sys/kern/kern_rndq.c
--- a/sys/kern/kern_rndq.c      Wed Oct 17 21:21:43 2012 +0000
+++ b/sys/kern/kern_rndq.c      Wed Oct 17 21:27:12 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_rndq.c,v 1.1.2.2 2012/04/20 23:35:20 riz Exp $    */
+/*     $NetBSD: kern_rndq.c,v 1.1.2.3 2012/10/17 21:27:12 riz Exp $    */
 
 /*-
  * Copyright (c) 1997-2011 The NetBSD Foundation, Inc.
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.1.2.2 2012/04/20 23:35:20 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,v 1.1.2.3 2012/10/17 21:27:12 riz Exp $");
 
 #include <sys/param.h>
 #include <sys/ioctl.h>
@@ -168,7 +168,7 @@
                                        uint32_t, uint32_t, uint32_t);
 
 int                    rnd_ready = 0;
-static int             rnd_have_entropy = 0;
+int                    rnd_initial_entropy = 0;
 
 #ifdef DIAGNOSTIC
 static int             rnd_tested = 0;
@@ -255,11 +255,11 @@
         */
        if (rndpool_get_entropy_count(&rnd_pool) > RND_ENTROPY_THRESHOLD * 8) {
 #ifdef RND_VERBOSE
-               if (!rnd_have_entropy)
+               if (!rnd_initial_entropy)
                        printf("rnd: have initial entropy (%u)\n",
                               rndpool_get_entropy_count(&rnd_pool));
 #endif
-               rnd_have_entropy = 1;
+               rnd_initial_entropy = 1;
                mutex_spin_exit(&rndpool_mtx);
        } else {
                mutex_spin_exit(&rndpool_mtx);
@@ -447,7 +447,7 @@
                                             RND_POOLBITS / 2));
                if (rndpool_get_entropy_count(&rnd_pool) >
                    RND_ENTROPY_THRESHOLD * 8) {
-                       rnd_have_entropy = 1;
+                       rnd_initial_entropy = 1;
                }
                 mutex_spin_exit(&rndpool_mtx);
 #ifdef RND_VERBOSE
@@ -904,9 +904,17 @@
 u_int32_t
 rnd_extract_data_locked(void *p, u_int32_t len, u_int32_t flags)
 {
+       static int timed_in;
 
        KASSERT(mutex_owned(&rndpool_mtx));
-       if (!rnd_have_entropy) {
+       if (__predict_false(!timed_in)) {
+               if (boottime.tv_sec) {
+                       rndpool_add_data(&rnd_pool, &boottime,
+                                        sizeof(boottime), 0);
+               }
+               timed_in++;
+       }
+       if (__predict_false(!rnd_initial_entropy)) {
                u_int32_t c;
 
 #ifdef RND_VERBOSE
diff -r 3cd52e63f2b2 -r 9e1dc1540f54 sys/kern/subr_cprng.c
--- a/sys/kern/subr_cprng.c     Wed Oct 17 21:21:43 2012 +0000
+++ b/sys/kern/subr_cprng.c     Wed Oct 17 21:27:12 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_cprng.c,v 1.5.2.3 2012/05/21 16:49:54 jdc Exp $ */
+/*     $NetBSD: subr_cprng.c,v 1.5.2.4 2012/10/17 21:27:12 riz Exp $ */
 
 /*-
  * Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -46,7 +46,7 @@
 
 #include <sys/cprng.h>
 
-__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.5.2.3 2012/05/21 16:49:54 jdc Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_cprng.c,v 1.5.2.4 2012/10/17 21:27:12 riz Exp $");
 
 void
 cprng_init(void)
@@ -171,7 +171,7 @@
        c->reseed.state = RSTATE_IDLE;
        c->reseed.cb = cprng_strong_reseed;
        c->reseed.arg = c;
-       c->entropy_serial = rnd_filled;
+       c->entropy_serial = rnd_initial_entropy ? rnd_filled : -1;
        mutex_init(&c->reseed.mtx, MUTEX_DEFAULT, IPL_VM);
        strlcpy(c->reseed.name, name, sizeof(c->reseed.name));
 
@@ -228,8 +228,15 @@
        }
        mutex_enter(&c->mtx);
 
+       /* If we were initialized with the pool empty, rekey ASAP */
+       if (__predict_false(c->entropy_serial == -1) && rnd_initial_entropy) {
+               c->entropy_serial = 0;
+               goto rekeyany;          /* We have _some_ entropy, use it. */
+       }
+               
        if (nist_ctr_drbg_generate(&c->drbg, p, len, &cc, sizeof(cc))) {
                /* A generator failure really means we hit the hard limit. */
+rekeyany:
                if (c->flags & CPRNG_REKEY_ANY) {
                        uint8_t key[NIST_BLOCK_KEYLEN_BYTES];
 
diff -r 3cd52e63f2b2 -r 9e1dc1540f54 sys/sys/rnd.h
--- a/sys/sys/rnd.h     Wed Oct 17 21:21:43 2012 +0000
+++ b/sys/sys/rnd.h     Wed Oct 17 21:27:12 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: rnd.h,v 1.29.2.2 2012/04/20 23:35:20 riz Exp $ */
+/*     $NetBSD: rnd.h,v 1.29.2.3 2012/10/17 21:27:12 riz Exp $ */
 
 /*-
  * Copyright (c) 1997 The NetBSD Foundation, Inc.
@@ -187,6 +187,7 @@
 
 extern int     rnd_full;
 extern int     rnd_filled;
+extern int     rnd_initial_entropy;
 
 #endif /* _KERNEL */