#
11d7d9a2 |
| 11-Apr-2023 |
riastradh <riastradh@NetBSD.org> |
rndctl(8): Take omitted name/type as empty device name.
This can now be used to change flags for all sources at once.
XXX pullup-10
|
#
17063971 |
| 04-Apr-2021 |
nia <nia@NetBSD.org> |
rndctl(8): to -l, add a "samples" column separate to "bits"
rename the "bits" column to "estimated bits".
this provides a clear indication when a source is being used, but not increasing the entrop
rndctl(8): to -l, add a "samples" column separate to "bits"
rename the "bits" column to "estimated bits".
this provides a clear indication when a source is being used, but not increasing the entropy counter.
this commit fixes an unrelated bug where verbose output functioned incorrectly when a class of device was specified with -t.
while here, reduce code duplication.
"gofer it" riastradh@
show more ...
|
#
b49b1c2d |
| 04-Apr-2021 |
nia <nia@NetBSD.org> |
rndctl(8): remove no-longer-useful stats from -s
these are always 0 now.
"gofer it" riastradh@
|
#
0bd3ee5d |
| 02-Apr-2021 |
nia <nia@NetBSD.org> |
rndctl: make -l's "Flags" field reflect current reality
don't print "legacy options" RND_FLAG_ESTIMATE_TIME and "RND_FLAG_ESTIMATE_VALUE"
only print "estimate" if we have actually counted any bits
rndctl: make -l's "Flags" field reflect current reality
don't print "legacy options" RND_FLAG_ESTIMATE_TIME and "RND_FLAG_ESTIMATE_VALUE"
only print "estimate" if we have actually counted any bits from something, since it's no longer really possible to "enable estimation".
ideally, there should also be a "samples" field so it's clear collected bits are not being counted.
show more ...
|
#
6267bed2 |
| 12-May-2020 |
simonb <simonb@NetBSD.org> |
Whitespace alignment nits.
|
#
161f68b9 |
| 07-May-2020 |
riastradh <riastradh@NetBSD.org> |
Trigger entropy consolidation before saving seed.
This way, whenever /etc/security runs infrequently (daily), or the operator manually issues rndctl -S, we ensure that all samples taken during the e
Trigger entropy consolidation before saving seed.
This way, whenever /etc/security runs infrequently (daily), or the operator manually issues rndctl -S, we ensure that all samples taken during the entire boot are hashed together in the seed for the next boot.
This should be infrequent enough that it's unlikely to enable the iterative-guessing attacks that we try to mitigate by not frequently consolidating entropy.
show more ...
|
#
f0f6ce33 |
| 07-May-2020 |
riastradh <riastradh@NetBSD.org> |
Rework rndctl seed load sequence again.
Go back to the book's order, now that writing to /dev/random guarantees to consolidate entropy -- this way the _next_ boot is no less secure than the current
Rework rndctl seed load sequence again.
Go back to the book's order, now that writing to /dev/random guarantees to consolidate entropy -- this way the _next_ boot is no less secure than the current boot, in the event that entropy sources like interrupt timings provided any security that we just don't know how to measure honestly.
Make sure to open the old seed to overwrite and the new seed to write anew first so that we can determine whether the medium is read-only before accepting the file's entropy estimate.
show more ...
|
#
bb59fab4 |
| 06-May-2020 |
riastradh <riastradh@NetBSD.org> |
Tweak logic to decide whether a medium is safe for an rndseed.
- Teach rndctl to load the seed, but treat it as zero entropy, if the medium is read-only or if the update fails.
- Teach rndctl to
Tweak logic to decide whether a medium is safe for an rndseed.
- Teach rndctl to load the seed, but treat it as zero entropy, if the medium is read-only or if the update fails.
- Teach rndctl to accept `-i' flag instructing it to ignore the entropy estimate in the seed.
- Teach /etc/rc.d/random_seed to: (a) assume nonlocal file systems are unsafe, and use -i, but (b) assume / is safe, even if it is nonlocal. If the medium is nonwritable, leave it to rndctl to detect that. (Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I already implemented it this way.)
Treating nonlocal / as safe is a compromise: it's up to the operator to secure the network for (e.g.) nfs mounts, but that's true whether we're talking entropy or not -- if the adversary has access to the network that you've mounted / from, they can do a lot more damage anyway; this reduces warning fatigue for diskless systems, e.g. test racks.
show more ...
|
#
4db7c98c |
| 30-Apr-2020 |
riastradh <riastradh@NetBSD.org> |
Sort includes.
|
#
7a9fc9f9 |
| 30-Apr-2020 |
riastradh <riastradh@NetBSD.org> |
Accept both byte orders for random seed in `rndctl -L'.
The file format was defined with a machine-dependent 32-bit integer field (the estimated number of bits of entropy in the process that generat
Accept both byte orders for random seed in `rndctl -L'.
The file format was defined with a machine-dependent 32-bit integer field (the estimated number of bits of entropy in the process that generated it). Take whichever byte order gives a number that is reasonable, i.e. lower than the number of bits in the buffer.
Continue to have `rndctl -S' generate it in machine-dependent byte order for now, so that if you roll back to an older rndctl(8) then `rndctl -L' on the same machine will still be able to load it with the right entropy estimate. In a future revision, perhaps we can change it to be little-endian.
show more ...
|
#
9cdaded9 |
| 06-Dec-2019 |
riastradh <riastradh@NetBSD.org> |
Teach `rndctl -L' to update the seed file, not just delete it.
The seed file is updated by entering the old seed into the system and then hashing the old seed together with data from /dev/urandom, a
Teach `rndctl -L' to update the seed file, not just delete it.
The seed file is updated by entering the old seed into the system and then hashing the old seed together with data from /dev/urandom, and writing it atomically with write-to-temporary/rename-to-permanent.
This way, interruption by crash or power loss does not obliterate your persistent entropy (unless it causes file system corruption).
show more ...
|
#
a4130fcc |
| 13-Apr-2015 |
riastradh <riastradh@NetBSD.org> |
Use <sys/rndio.h> instead of <sys/rnd.h>.
|
#
90a55014 |
| 10-Aug-2014 |
wiz <wiz@NetBSD.org> |
Sync usage with manpage a bit more.
|
#
a72ef114 |
| 10-Aug-2014 |
tls <tls@NetBSD.org> |
Merge tls-earlyentropy branch into HEAD.
|
#
1b9d992a |
| 15-Jan-2014 |
apb <apb@NetBSD.org> |
Overwrite the seed file from the beginning, using pwrite(2).
|
#
8da2079c |
| 15-Jan-2014 |
joerg <joerg@NetBSD.org> |
Fix arguments for write.
|
#
b7100458 |
| 14-Aug-2012 |
jruoho <jruoho@NetBSD.org> |
Use _PATH_URANDOM from paths(3).
|
#
cc9ee3de |
| 02-Feb-2012 |
tls <tls@NetBSD.org> |
Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entrop
Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to avoid expensive operations on disabled entropy sources; make the rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM system events, and skew between clocks, with a sample implementation for each.
ok releng to go in before the branch due to the difficulty of later pullup (widespread #ifdef removal and moved files). Tested with release builds on amd64 and evbarm and live testing on amd64.
show more ...
|
#
14e95ca4 |
| 17-Dec-2011 |
apb <apb@NetBSD.org> |
Make "rndctl -L" overwrite the file with zeros, not with the same data that was just read from the file.
|
#
a1bbf8c5 |
| 26-Nov-2011 |
tls <tls@NetBSD.org> |
Make the rndsave structure public -- the kernel will learn to read it and sysinst may learn to write it (since, on some systems, most of the keyboard input they ever get happens to be during install)
Make the rndsave structure public -- the kernel will learn to read it and sysinst may learn to write it (since, on some systems, most of the keyboard input they ever get happens to be during install). Fix a couple of minor problems with the random_seed rc script addition.
show more ...
|
#
10a243e2 |
| 23-Nov-2011 |
tls <tls@NetBSD.org> |
Load entropy at system boot (only works at securelevel < 1); save at system shutdown. Disable with random_seed=NO in rc.conf if desired.
Goes to some trouble to never load or save to network filesy
Load entropy at system boot (only works at securelevel < 1); save at system shutdown. Disable with random_seed=NO in rc.conf if desired.
Goes to some trouble to never load or save to network filesystems.
Entropy should really be loaded by the boot loader but I am still sorting out how to pass it to the kernel.
show more ...
|
#
2073eb03 |
| 27-Aug-2011 |
joerg <joerg@NetBSD.org> |
static + const + __dead
|
#
7b61bfdc |
| 05-Apr-2009 |
lukem <lukem@NetBSD.org> |
fix sign-compare issues
|
#
88ba9267 |
| 06-Nov-2008 |
apb <apb@NetBSD.org> |
* Instead of silently ignoring extra args, print a usage error. This adddresses the silent failure reported in PR 39862 by Brian A. Seklecki * Adjust usage message to match the synopsis in the man
* Instead of silently ignoring extra args, print a usage error. This adddresses the silent failure reported in PR 39862 by Brian A. Seklecki * Adjust usage message to match the synopsis in the man page.
show more ...
|
#
2c6eadc9 |
| 27-Jun-2005 |
christos <christos@NetBSD.org> |
Move WARNS=3 to the Makefile.inc, and add a little const to the remaining programs that did not compile before.
|