tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

x86 CPU RNG support, take 2



I've cleaned it up a little and hooked it up as a standard entropy source
per Taylor's comments.  To avoid a pile of largely pointless config glue,
it is an internal source in kern_rndq.c just like the "callout" source.
I think this can probably be used for the onboard RNG on other CPUs as well.

I've also modified the VIA backend -- we now enable the dual noise sources on
newer CPUs, and grab a single RNG buffer without copying.  These ideas
came from http://tech.openbsd.narkive.com/F5TDMblw/via-c7-dual-rng .  I've
asked for testers for that part of the patch on port-i386 and port-amd64.

I would appreciate comments from anyone who has time to read the code.

Thor
Index: arch/amd64/include/Makefile
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/amd64/include/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- arch/amd64/include/Makefile	23 Jul 2014 18:19:43 -0000	1.18
+++ arch/amd64/include/Makefile	19 Dec 2015 22:17:36 -0000
@@ -4,7 +4,7 @@ INCSDIR= /usr/include/amd64
 
 INCS=	ansi.h aout_machdep.h asm.h \
 	bootinfo.h bswap.h byte_swap.h \
-	cdefs.h cpu.h \
+	cdefs.h cpu.h cpu_rng.h\
 	disklabel.h \
 	elf_machdep.h endian.h endian_machdep.h \
 	float.h fpu.h frame.h frame_regs.h \
Index: arch/amd64/include/types.h
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/amd64/include/types.h,v
retrieving revision 1.48
diff -u -p -r1.48 types.h
--- arch/amd64/include/types.h	27 Aug 2015 12:30:50 -0000	1.48
+++ arch/amd64/include/types.h	19 Dec 2015 21:39:37 -0000
@@ -93,6 +93,7 @@ typedef	unsigned char		__cpu_simple_lock
 #define	__HAVE_TLS_VARIANT_II
 #define	__HAVE_COMMON___TLS_GET_ADDR
 #define	__HAVE_INTR_CONTROL
+#define __HAVE_CPU_RNG
 
 #ifdef _KERNEL_OPT
 #define	__HAVE_RAS
Index: arch/i386/include/Makefile
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/i386/include/Makefile,v
retrieving revision 1.43
diff -u -p -r1.43 Makefile
--- arch/i386/include/Makefile	23 Jul 2014 18:19:44 -0000	1.43
+++ arch/i386/include/Makefile	19 Dec 2015 22:16:58 -0000
@@ -4,7 +4,7 @@ INCSDIR= /usr/include/i386
 
 INCS=	ansi.h aout_machdep.h apmvar.h asm.h \
 	bioscall.h bootinfo.h bswap.h byte_swap.h \
-	cdefs.h cpu.h cputypes.h \
+	cdefs.h cpu.h cpu_rng.h cputypes.h \
 	disklabel.h \
 	elf_machdep.h endian.h endian_machdep.h \
 	fenv.h float.h frame.h freebsd_machdep.h \
Index: arch/i386/include/types.h
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/i386/include/types.h,v
retrieving revision 1.83
diff -u -p -r1.83 types.h
--- arch/i386/include/types.h	27 Aug 2015 12:30:51 -0000	1.83
+++ arch/i386/include/types.h	19 Dec 2015 21:40:33 -0000
@@ -109,6 +109,8 @@ typedef	unsigned char		__cpu_simple_lock
 #define	__HAVE_SYSCALL_INTERN
 #define	__HAVE_MINIMAL_EMUL
 #define	__HAVE_OLD_DISKLABEL
+#define __HAVE_CPU_RNG
+
 #if defined(_KERNEL)
 /*
  * Processors < i586 do not have cmpxchg8b, and we compile for i486
Index: arch/x86/conf/files.x86
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/x86/conf/files.x86,v
retrieving revision 1.85
diff -u -p -r1.85 files.x86
--- arch/x86/conf/files.x86	11 Nov 2015 08:20:22 -0000	1.85
+++ arch/x86/conf/files.x86	25 Dec 2015 22:32:35 -0000
@@ -27,6 +27,7 @@ define  ipmibus {}
 device	cpu: cpufeaturebus
 attach	cpu at cpubus
 file 	arch/x86/x86/cpu.c 		cpu
+file	arch/x86/x86/cpu_rng.c		cpu
 
 device	acpicpu: acpi
 attach	acpicpu at cpufeaturebus
Index: arch/x86/include/Makefile
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/x86/include/Makefile,v
retrieving revision 1.19
diff -u -p -r1.19 Makefile
--- arch/x86/include/Makefile	11 Feb 2014 20:17:16 -0000	1.19
+++ arch/x86/include/Makefile	19 Dec 2015 21:46:23 -0000
@@ -7,6 +7,7 @@ INCS=	aout_machdep.h \
 	cacheinfo.h \
 	cpu.h \
 	cpu_extended_state.h \
+	cpu_rng.h \
 	cpu_ucode.h \
 	cputypes.h \
 	cpuvar.h \
Index: arch/x86/include/cpu_rng.h
===================================================================
RCS file: arch/x86/include/cpu_rng.h
diff -N arch/x86/include/cpu_rng.h
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ arch/x86/include/cpu_rng.h	25 Dec 2015 22:57:30 -0000
@@ -0,0 +1,49 @@
+/* $NetBSD: $ */
+
+#ifndef _X86_CPURNG_H_
+#define _X86_CPURNG_H_
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Thor Lancelot Simon.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/systm.h>
+#include <sys/cpu.h>
+
+#include <x86/specialreg.h>
+
+#include <machine/cpufunc.h>
+#include <machine/cpuvar.h>
+
+typedef uint64_t cpu_rng_t;
+
+void cpu_rng_init(void);
+size_t cpu_rng(cpu_rng_t *);
+
+#endif
Index: arch/x86/include/via_padlock.h
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/x86/include/via_padlock.h,v
retrieving revision 1.8
diff -u -p -r1.8 via_padlock.h
--- arch/x86/include/via_padlock.h	13 Apr 2015 16:03:51 -0000	1.8
+++ arch/x86/include/via_padlock.h	25 Dec 2015 22:10:56 -0000
@@ -59,11 +59,6 @@ struct via_padlock_softc {
 	uint8_t	op_iv[16];	/* 128 bit aligned */
 	void		*op_buf;
 
-	int			sc_rnd_hz;
-	struct callout		sc_rnd_co;
-	krndsource_t	sc_rnd_source;
-	bool			sc_rnd_attached;
-
 	/* normal softc stuff */
 	int32_t		sc_cid;
 	bool		sc_cid_attached;
@@ -74,8 +69,6 @@ struct via_padlock_softc {
 #define VIAC3_SESSION(sid)	((sid) & 0x0fffffff)
 #define VIAC3_SID(crd,ses)	(((crd) << 28) | ((ses) & 0x0fffffff))
 
-#define VIAC3_RNG_BUFSIZ	16
-
 #endif /* _KERNEL */
 
 #if defined(_KERNEL) || defined(_KMEMUSER)
Index: arch/x86/x86/cpu_rng.c
===================================================================
RCS file: arch/x86/x86/cpu_rng.c
diff -N arch/x86/x86/cpu_rng.c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ arch/x86/x86/cpu_rng.c	25 Dec 2015 22:58:39 -0000
@@ -0,0 +1,166 @@
+/* $NetBSD: $ */
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Thor Lancelot Simon.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The VIA RNG code in this file is inspired by Jason Wright and
+ * Theo de Raadt's OpenBSD version but has been rewritten in light of
+ * comments from Henric Jungheim on the tech%openbsd.org@localhost mailing list.
+ */
+
+#include <machine/cpu_rng.h>
+
+static enum { CPU_RNG_NONE = 0,
+	      CPU_RNG_RDRAND,
+	      CPU_RNG_RDSEED,
+	      CPU_RNG_VIA } cpu_rng_mode = CPU_RNG_NONE;
+
+void
+cpu_rng_init(void)
+{
+	if (cpu_feature[5] & CPUID_SEF_RDSEED) {
+		cpu_rng_mode = CPU_RNG_RDSEED;
+		aprint_normal("cpu_rng: RDSEED\n");
+	} else
+
+	if (cpu_feature[1] & CPUID2_RDRAND) {
+		cpu_rng_mode = CPU_RNG_RDRAND;
+		aprint_normal("cpu_rng: RDRAND\n");
+	} else
+
+	if (cpu_feature[4] & CPUID_VIA_HAS_RNG) {
+		cpu_rng_mode = CPU_RNG_VIA;
+		aprint_normal("cpu_rng: VIA\n");
+	}
+}
+
+static inline size_t
+cpu_rng_rdrand(cpu_rng_t *out)
+{
+	uint8_t rndsts;
+#ifndef __x86_64__
+	uint32_t outword[2] = out;
+	int i;
+
+	for (i = 0; i < 2; i++) {
+		__asm __volatile("rdrand %0; setc %1":"=r"(outword + i),
+				 "=qm"(rndsts));
+		if (rndsts != 1) return 0;
+	}
+#else
+	__asm __volatile("rdrand %0; setc %1":"=r"(out),
+			 "=qm"(rndsts));
+	if (rndsts != 1) return 0;
+#endif
+	return sizeof(*out) * NBBY;
+}
+
+static inline size_t
+cpu_rng_rdseed(cpu_rng_t *out)
+{
+	uint8_t rndsts;
+
+#ifndef __x86_64__
+	uint32_t outword[2] = out;
+	int i;
+
+	for (i = 0; i < 2; i++) {
+		__asm __volatile("rdseed %0; setc %1":"=r"(outword + i),
+				 "=qm"(rndsts));
+
+		/*
+		 * Userspace could have exhausted RDSEED, but the
+		 * CPU-internal generator feeding RDRAND is guaranteed
+		 * to be seeded even in this case.
+		 */
+		if (rndsts != 1) return cpu_rng_rdrand(out);
+	}
+#else
+	__asm __volatile("rdseed %0; setc %1":"=r"(out),
+			 "=qm"(rndsts));
+	if (rndsts != 1) return cpu_rng_rdrand(out);
+#endif
+	return sizeof(*out) * NBBY;
+}
+
+static size_t
+cpu_rng_via(cpu_rng_t *out)
+{
+	uint32_t creg0, rndsts;
+
+	/*
+	 * Sadly, we have to monkey with the coprocessor enable and fault
+	 * registers, which are really for the FPU, in order to read
+	 * from the RNG.
+	 *
+	 * Don't remove CR0_TS from the call below -- comments in the Linux
+	 * driver indicate that the xstorerng instruction can generate
+	 * spurious DNA faults though no FPU or SIMD state is changed
+	 * even if such a fault is generated.
+	 *
+	 */
+	kpreempt_disable();
+	x86_disable_intr();
+	creg0 = rcr0();
+	lcr0(creg0 & ~(CR0_EM|CR0_TS)); /* Permit access to SIMD/FPU path */
+	/*
+	 * Read one 8-byte buffer from the VIA RNG.
+	 */
+	__asm __volatile("xstorerng"
+			 : "=a" (rndsts), "+D" (out) : "d" (0) : "memory");
+	/* Put CR0 back how it was */
+	lcr0(creg0);
+	x86_enable_intr();
+	kpreempt_enable();
+
+	/*
+	 * The Cryptography Research paper on the VIA RNG estimates
+	 * 0.75 bits of entropy per output bit and advises users to
+	 * be "even more conservative".
+	 */
+	return rndsts & 0xf ? 0 : sizeof(cpu_rng_t) * NBBY / 2;
+}
+
+size_t
+cpu_rng(cpu_rng_t *out)
+{
+	switch (cpu_rng_mode) {
+	    case CPU_RNG_NONE:
+		return 0;
+	    case CPU_RNG_RDSEED:
+		return cpu_rng_rdseed(out);
+	    case CPU_RNG_RDRAND:
+		return cpu_rng_rdrand(out);
+	    case CPU_RNG_VIA:
+		return cpu_rng_via(out);
+	    default:
+		panic("cpu_rng: unknown mode %d", (int)cpu_rng_mode);
+	}
+}
Index: arch/x86/x86/identcpu.c
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/x86/x86/identcpu.c,v
retrieving revision 1.49
diff -u -p -r1.49 identcpu.c
--- arch/x86/x86/identcpu.c	13 Dec 2015 15:02:19 -0000	1.49
+++ arch/x86/x86/identcpu.c	25 Dec 2015 22:35:37 -0000
@@ -554,8 +554,15 @@ cpu_probe_c3(struct cpu_info *ci)
 		    /* Actually do the enables. */
 		    if (rng_enable) {
 			msr = rdmsr(MSR_VIA_RNG);
-			wrmsr(MSR_VIA_RNG, msr | MSR_VIA_RNG_ENABLE);
+			/* C7 stepping 8 and subsequent CPUs have dual RNG */
+			if (model > 0xA || (model == 0xA && stepping > 0x7)) {
+				wrmsr(MSR_VIA_RNG, msr | MSR_VIA_RNG_ENABLE |
+						   MSR_VIA_RNG_2NOISE);
+			} else {
+				wrmsr(MSR_VIA_RNG, msr | MSR_VIA_RNG_ENABLE);
+			}
 		    }
+
 		    if (ace_enable) {
 			msr = rdmsr(MSR_VIA_ACE);
 			wrmsr(MSR_VIA_ACE, msr | MSR_VIA_ACE_ENABLE);
Index: arch/x86/x86/via_padlock.c
===================================================================
RCS file: /Volumes/NB/repo/src/sys/arch/x86/x86/via_padlock.c,v
retrieving revision 1.24
diff -u -p -r1.24 via_padlock.c
--- arch/x86/x86/via_padlock.c	13 Apr 2015 16:03:51 -0000	1.24
+++ arch/x86/x86/via_padlock.c	25 Dec 2015 22:09:52 -0000
@@ -28,7 +28,6 @@ __KERNEL_RCSID(0, "$NetBSD: via_padlock.
 #include <sys/kernel.h>
 #include <sys/device.h>
 #include <sys/module.h>
-#include <sys/rndsource.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/cpu.h>
@@ -72,64 +71,6 @@ static	__inline void via_padlock_cbc(voi
 	    void *);
 
 static void
-via_c3_rnd(void *arg)
-{
-	struct via_padlock_softc *sc = arg;
-
-	uint32_t creg0, len = VIAC3_RNG_BUFSIZ;
-	uint32_t buffer[VIAC3_RNG_BUFSIZ/4 + 1]; /* CPU goes 3 bytes beyond */
-	uint32_t eax, ecx, edi; /* XXX write-only, but necessary it seems */
-
-	/*
-	 * Sadly, we have to monkey with the coprocessor enable and fault
-	 * registers, which are really for the FPU, in order to read
-	 * from the RNG.
-	 *
-	 * Don't remove CR0_TS from the call below -- comments in the Linux
-	 * driver indicate that the xstorerng instruction can generate
-	 * spurious DNA faults though no FPU or SIMD state is changed
-	 * even if such a fault is generated.
-	 *
-	 */
-	kpreempt_disable();
-	x86_disable_intr();
-	creg0 = rcr0();
-	lcr0(creg0 & ~(CR0_EM|CR0_TS));	/* Permit access to SIMD/FPU path */
-	/*
-	 * Collect the random data from the C3 RNG into our buffer.
-	 * We turn on maximum whitening (is this actually desirable
-	 * if we will feed the data to SHA1?) (%edx[0,1] = "11").
-	 */
-	__asm __volatile("rep xstorerng"
-			 : "=a" (eax), "=c" (ecx), "=D" (edi)
-			 : "d" (3), "D" (buffer), "c" (len)
-			 : "memory", "cc");
-	/* Put CR0 back how it was */
-	lcr0(creg0);
-	x86_enable_intr();
-	kpreempt_enable();
-	rnd_add_data(&sc->sc_rnd_source, buffer, len, len * NBBY);
-	callout_reset(&sc->sc_rnd_co, sc->sc_rnd_hz, via_c3_rnd, sc);
-}
-
-static void
-via_c3_rnd_init(struct via_padlock_softc *sc)
-{
-	sc->sc_rnd_attached = true;
-
-	if (hz >= 100) {
-	    sc->sc_rnd_hz = 10 * hz / 100;
-	} else {
-	    sc->sc_rnd_hz = 10;
-	}
-	rnd_attach_source(&sc->sc_rnd_source, device_xname(sc->sc_dev),
-			  RND_TYPE_RNG, RND_FLAG_COLLECT_VALUE);
-	callout_init(&sc->sc_rnd_co, 0);
-	/* Call once to prime the pool early and set callout. */
-	via_c3_rnd(sc);
-}
-
-static void
 via_c3_ace_init(struct via_padlock_softc *sc)
 {
 	/*
@@ -608,7 +549,6 @@ via_padlock_attach_intr(device_t self)
 
 	aprint_normal("%s:", device_xname(self));
 	if (cpu_feature[4] & CPUID_VIA_HAS_RNG) {
-		via_c3_rnd_init(sc);
 		aprint_normal(" RNG");
 	}
 	if (cpu_feature[4] & CPUID_VIA_HAS_ACE) {
@@ -623,12 +563,6 @@ via_padlock_detach(device_t self, int fl
 {
 	struct via_padlock_softc *sc = device_private(self);
 
-	if (sc->sc_rnd_attached) {
-		callout_halt(&sc->sc_rnd_co, NULL);
-		callout_destroy(&sc->sc_rnd_co);
-		rnd_detach_source(&sc->sc_rnd_source);
-		sc->sc_rnd_attached = false;
-	}
 	if (sc->sc_cid_attached) {
 		crypto_unregister(sc->sc_cid, CRYPTO_AES_CBC);
 		crypto_unregister(sc->sc_cid, CRYPTO_MD5_HMAC_96);
Index: kern/kern_rndq.c
===================================================================
RCS file: /Volumes/NB/repo/src/sys/kern/kern_rndq.c,v
retrieving revision 1.73
diff -u -p -r1.73 kern_rndq.c
--- kern/kern_rndq.c	29 Aug 2015 10:00:19 -0000	1.73
+++ kern/kern_rndq.c	25 Dec 2015 20:04:08 -0000
@@ -59,6 +59,10 @@ __KERNEL_RCSID(0, "$NetBSD: kern_rndq.c,
 #include <compat/sys/rnd.h>
 #endif
 
+#if defined(__HAVE_CPU_RNG)
+#include <machine/cpu_rng.h>
+#endif
+
 #if defined(__HAVE_CPU_COUNTER)
 #include <machine/cpu_counter.h>
 #endif
@@ -404,6 +408,31 @@ rnd_dv_estimate(krndsource_t *rs, uint32
 	return ret;
 }
 
+#if defined(__HAVE_CPU_RNG)
+krndsource_t rnd_cpu_source;
+
+static void
+rnd_cpu_get(size_t bytes, void *priv)
+{
+        krndsource_t *cpusrcp = priv;
+	size_t entropy = 0, cnt  = RND_POOLBITS / 2 / NBBY / sizeof(cpu_rng_t);
+	cpu_rng_t buf[cnt];
+
+        KASSERT(cpusrcp == &rnd_cpu_source);
+        if (RND_ENABLED(cpusrcp)) {
+		cpu_rng_t *bufp = buf;
+		for (bufp = buf; bufp < buf + cnt; bufp++) {
+			entropy += cpu_rng(bufp);
+		}
+		if (__predict_true(entropy)) {
+			rnd_add_data(cpusrcp, buf, sizeof(buf), entropy);
+		}
+	explicit_memset(buf, 0, sizeof(buf));
+        }
+}
+
+#endif
+
 #if defined(__HAVE_CPU_COUNTER)
 static struct {
 	kmutex_t	lock;
@@ -550,6 +579,27 @@ rnd_init(void)
 	}
 
 	/*
+	 * Attach CPU RNG if available.
+	 */
+#if defined(__HAVE_CPU_RNG)
+	{
+		cpu_rng_t test;
+
+		cpu_rng_init();
+		if (cpu_rng(&test)) {
+			rndsource_setcb(&rnd_cpu_source, rnd_cpu_get,
+					&rnd_cpu_source);
+			rnd_attach_source(&rnd_cpu_source, "cpurng",
+					  RND_TYPE_RNG,
+					  RND_FLAG_COLLECT_VALUE|
+					  RND_FLAG_HASCB|RND_FLAG_HASENABLE);
+			rnd_cpu_get(RND_POOLBITS / NBBY, &rnd_cpu_source);
+		}
+		explicit_memset(&test, 0, sizeof(test));
+	}
+#endif
+
+	/*
 	 * If we have a cycle counter, take its error with respect
 	 * to the callout mechanism as a source of entropy, ala
 	 * TrueRand.


Home | Main Index | Thread Index | Old Index