| Age | Commit message (Collapse) | Author |
|---|
|
sections, such as __attribute__((section(".openbsd.randomdata"))), may be
non-zero. In combination with "const" or "static" the compiler becomes even
more sure nothing can influence the object and assumes the value will be 0.
A few optimizations later, a security requirement has been removed.
Until a better annotation arrives in compilers, be warned: Do not mix
const or static with these random objects, you won't get what you want.
Spotted in a regression test by bluhm, long discussion with kettenis.
|
|
|
|
|
|
too late, leading to poor rng in the kernel early on. a behavioural
artifact in vmm spotted the issue.
ok tedu guenther mlarkin
|
|
|
|
remove it another relic of the superstitious past.
ok deraadt millert mikeb
|
|
from rob pierce
|
|
known and we rely on the bootpath to prime us anyways.
This also solves the issue raised by kettenis, of version potentially
being non-word aligned
ok kettenis djm
|
|
beyond the end of .text/.rodata.
ok deraadt@
|
|
the alias mapping when clearing it, since there is no guarantee the pool is
page aligned.
ok deraadt@
|
|
also do so in the kernel, which gains us RO ssp cookie, which will prevent
spraying attacks.
The random layer was openbsd.randomdata annotating working entropy/chacha
buffers which in turn required them to be RW. To make that work again,
so we need to copy RO seeds to RW working buffers, and later clear the
RO seed buffers afterwards using a temporary RW mapping.
help & ok kettenis, ok guenther
|
|
"another leftover of the bean counter"
od tedu@ deraadt@
|
|
ones are capable of giving valuable works vs does-not-work evidence.
ok tedu
|
|
we don't drop any events when the queue is full. They are instead mixed
into previous events.
The mixing function selected is addition instead of xor to reduce the
possibility that new values effectively erase existing ones.
Convert some types to u_int to ensure defined overflow.
ok deraadt djm
|
|
Pointed out by Martin Natano, slightly tweaked by me.
ok deraadt@
|
|
Diff from Martin Natano, thanks!
ok kettenis@, deraadt@
|
|
from Martin Natano (and also reported by Stefan Kempf)
|
|
specify custom counter value when setting up Chacha context.
ok reyk djm
|
|
|
|
ok djm@ miod@ deraadt@
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
failure to fire the collection timeout. discovered by markus.
the order of events here doesn't actually matter, so switch to a simple
stack, which is easier to understand. ok markus
|
|
- rename uiomove() to uiomovei() and update all its users.
- introduce uiomove(), which is similar to uiomovei() but with a size_t.
- rewrite uiomovei() as an uiomove() wrapper.
ok kettenis@
|
|
boot.
ok mlarkin
|
|
when workqs were introduced, we provided a second argument so you
could pass a thing and some context to work on it in. there were
very few things that took advantage of the second argument, so when
i introduced pools i suggested removing it. since tasks were meant
to replace workqs, it was requested that we keep the second argument
to make porting from workqs to tasks easier.
now that workqs are gone, i had a look at the use of the second
argument again and found only one good use of it (vdsp(4) on sparc64
if you're interested) and a tiny handful of questionable uses. the
vast majority of tasks only used a single argument. i have since
modified all tasks that used two args to only use one, so now we
can remove the second argument.
so this is a mechanical change. all tasks only passed NULL as their
second argument, so we can just remove it.
ok krw@
|
|
|
|
|
|
|
|
ok deraadt djm
|
|
process all queued entropy and create a brand new pool to prevent
backtracking upon resume. At resume time, process the entropy queue
(since other resume code paths which run earlier can enqueue entropy)
and force all higher to reseed.
ok reyk djm
|
|
|
|
|
|
|
|
|
|
|
|
after discussions with beck deraadt kettenis.
|
|
buffersize is enforced strictly, this supplies sufficient entropy
payload to act as seed material. Discourage general use of this
API, but lock down this function name as the go-to for userland
PRNG seeding. Improve documentation.
ok miod matthew
|
|
I accepted that he's right (again) to seperate this out from heavy
sysctl API and this will simply a variety of things. Functionname
is not used by anyone in the ports tree, so we guess we can use it.
Shocking that no application has a function called this.
ok matthew & others who pushed him to start this early on
|
|
|
|
ok deraadt@
|
|
on first call, very early on, from boot-supplied entropy, then feed from
that. Later when we have more subsystems ready, the main() can properly
initialize the entropy-driven model. Lots of discussion with mikeb.
ok kettenis markus mikeb
|
|
is no longer providing significant value. The random subsystem is in
pretty good state, and moments later userland will feed the dmesg.
ok jsing
|
|
it at startup, or in cpu_startup(). Improve comments to explain what is
happening here.
ok kettenis jsing
|
|
Also allow random_init() to be called later, by moving a few
entropy control initializions into the lower-level _rs_seed() layer.
tested by jsing, phessler and a few others
|
|
|
|
conf/files change isn't enough due to size limits
|
|
|
|
|
|
|
|
this guarantees the reliability of the arc4_reinit task being run by not
relying on a pool to give us memory in an interrupt context.
ok mpi@
|
