From e3892ee8a03eede28caeaddeca67f168de6a7c92 Mon Sep 17 00:00:00 2001 From: deraadt Date: Thu, 18 Dec 2014 16:27:30 +0000 Subject: [PATCH] Create a suspend/resume infrastructure for the RNG. At suspend time, process all queued entropy and create a brand new pool to prevent backtracking upon resume. At resume time, process the entropy queue (since other resume code paths which run earlier can enqueue entropy) and force all higher to reseed. ok reyk djm --- sys/dev/rnd.c | 29 ++++++++++++++++++++++++++++- sys/dev/rndvar.h | 4 +++- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/sys/dev/rnd.c b/sys/dev/rnd.c index 0fa701a009b..b14470ecece 100644 --- a/sys/dev/rnd.c +++ b/sys/dev/rnd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rnd.c,v 1.163 2014/10/24 20:02:07 tedu Exp $ */ +/* $OpenBSD: rnd.c,v 1.164 2014/12/18 16:27:30 deraadt Exp $ */ /* * Copyright (c) 2011 Theo de Raadt. @@ -548,6 +548,33 @@ static u_char rs_buf[RSBUFSZ] __attribute__((section(".openbsd.randomdata"))); static size_t rs_have; /* valid bytes at end of rs_buf */ static size_t rs_count; /* bytes till reseed */ +void +suspend_randomness(void) +{ + struct timespec ts; + + getnanotime(&ts); + add_true_randomness(ts.tv_sec); + add_true_randomness(ts.tv_nsec); + + dequeue_randomness(NULL); + rs_count = 0; + arc4random_buf(entropy_pool, sizeof(entropy_pool)); +} + +void +resume_randomness(void) +{ + struct timespec ts; + + getnanotime(&ts); + add_true_randomness(ts.tv_sec); + add_true_randomness(ts.tv_nsec); + + dequeue_randomness(NULL); + rs_count = 0; +} + static inline void _rs_rekey(u_char *dat, size_t datlen); static inline void diff --git a/sys/dev/rndvar.h b/sys/dev/rndvar.h index 5907e26b10e..8f68e2afe15 100644 --- a/sys/dev/rndvar.h +++ b/sys/dev/rndvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rndvar.h,v 1.34 2014/11/18 02:37:30 tedu Exp $ */ +/* $OpenBSD: rndvar.h,v 1.35 2014/12/18 16:27:30 deraadt Exp $ */ /* * Copyright (c) 1996,2000 Michael Shalayeff. @@ -72,6 +72,8 @@ extern struct rndstats rndstats; void random_start(void); void enqueue_randomness(int, int); +void suspend_randomness(void); +void resume_randomness(void); #endif /* _KERNEL */ -- 2.20.1