CVS commit: src/sys/kern

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/kern
From: "Taylor R Campbell" <riastradh%netbsd.org@localhost>
Date: Wed, 6 May 2020 18:31:05 +0000

Module Name:    src
Committed By:   riastradh
Date:           Wed May  6 18:31:05 UTC 2020

Modified Files:
        src/sys/kern: kern_entropy.c

Log Message:
Don't reject seed file entropy estimates, until one is nonzero.

We try to avoid counting the seed file's entropy twice, e.g. once
from the boot loader and once from rndctl via /etc/rc.d/random_seed.

But previously, if you had a /var/db/entropy-file that was deemed to
have zero entropy, that would prevent rndctl -L from _ever_ setting a
nonzero entropy estimate, even if you (say) copy a seed file over
from another machine (over a non-eavesdroppable medium) and try to
load it in with rndctl -L, e.g. via `/etc/rc.d/random_seed start'.

Now we accept the first _nonzero_ entropy estimate from a seed file.

The operator can still always trick the kernel into believing there's
entropy in the system by writing data to /dev/random, if the operator
knows something the kernel doesn't; this only affects the _automated_
seed file loading.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sys/kern/kern_entropy.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/bin/rcp
Next by Date: CVS commit: src/share/man/man4
Previous by Thread: CVS commit: src/bin/rcp
Next by Thread: CVS commit: src/share/man/man4
Indexes:

Home | Main Index | Thread Index | Old Index