Author: das
Date: Mon Jan 16 20:18:10 2012
New Revision: 230230
URL: http://svn.freebsd.org/changeset/base/230230
Log:
Generate a warning if the kernel's arc4random() is seeded with bogus entropy.
Modified:
head/sys/dev/random/harvest.c
Modified: head/sys/dev/random/harvest.c
==============================================================================
--- head/sys/dev/random/harvest.c Mon Jan 16 20:17:51 2012
(r230229)
+++ head/sys/dev/random/harvest.c Mon Jan 16 20:18:10 2012
(r230230)
@@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
#include <sys/queue.h>
#include <sys/random.h>
#include <sys/selinfo.h>
+#include <sys/syslog.h>
#include <sys/systm.h>
#include <sys/sysctl.h>
@@ -48,6 +49,7 @@ static int read_random_phony(void *, int
/* Structure holding the desired entropy sources */
struct harvest_select harvest = { 1, 1, 1, 0 };
+static int warned = 0;
/* hold the address of the routine which is actually called if
* the randomdev is loaded
@@ -71,6 +73,7 @@ random_yarrow_deinit_harvester(void)
{
reap_func = NULL;
read_func = read_random_phony;
+ warned = 0;
}
/* Entropy harvesting routine. This is supposed to be fast; do
@@ -108,6 +111,11 @@ read_random_phony(void *buf, int count)
u_long randval;
int size, i;
+ if (!warned) {
+ log(LOG_WARNING, "random device not loaded; using insecure
entropy\n");
+ warned = 1;
+ }
+
/* srandom() is called in kern/init_main.c:proc0_post() */
/* Fill buf[] with random(9) output */
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
