diff options
| author | Conrad Meyer <cem@FreeBSD.org> | 2017-10-06 18:27:55 +0000 |
|---|---|---|
| committer | Conrad Meyer <cem@FreeBSD.org> | 2017-10-06 18:27:55 +0000 |
| commit | 58900beed3bee86c2ecb567d63481187a14b3499 (patch) | |
| tree | 75d0a884be94a0e175cad70b225db3bd478920c8 /sys/dev/random | |
| parent | 2116f70705618492759021f108fb29477d61614e (diff) | |
Notes
Diffstat (limited to 'sys/dev/random')
| -rw-r--r-- | sys/dev/random/fortuna.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c index e300c6ffb4ca..98473a1b08ef 100644 --- a/sys/dev/random/fortuna.c +++ b/sys/dev/random/fortuna.c @@ -1,4 +1,5 @@ /*- + * Copyright (c) 2017 W. Dean Freeman * Copyright (c) 2013-2015 Mark R V Murray * All rights reserved. * @@ -87,7 +88,7 @@ __FBSDID("$FreeBSD$"); * and too small may compromise initial security but get faster reseeds. */ #define RANDOM_FORTUNA_MINPOOLSIZE 16 -#define RANDOM_FORTUNA_MAXPOOLSIZE UINT_MAX +#define RANDOM_FORTUNA_MAXPOOLSIZE INT_MAX CTASSERT(RANDOM_FORTUNA_MINPOOLSIZE <= RANDOM_FORTUNA_DEFPOOLSIZE); CTASSERT(RANDOM_FORTUNA_DEFPOOLSIZE <= RANDOM_FORTUNA_MAXPOOLSIZE); @@ -232,17 +233,29 @@ random_fortuna_process_event(struct harvest_event *event) * during accumulation/reseeding and reading/regating. */ pl = event->he_destination % RANDOM_FORTUNA_NPOOLS; - randomdev_hash_iterate(&fortuna_state.fs_pool[pl].fsp_hash, event, sizeof(*event)); + /* + * We ignore low entropy static/counter fields towards the end of the + * he_event structure in order to increase measurable entropy when + * conducting SP800-90B entropy analysis measurements of seed material + * fed into PRNG. + * -- wdf + */ + KASSERT(event->he_size <= sizeof(event->he_entropy), + ("%s: event->he_size: %hhu > sizeof(event->he_entropy): %zu\n", + __func__, event->he_size, sizeof(event->he_entropy))); + randomdev_hash_iterate(&fortuna_state.fs_pool[pl].fsp_hash, + &event->he_somecounter, sizeof(event->he_somecounter)); + randomdev_hash_iterate(&fortuna_state.fs_pool[pl].fsp_hash, + event->he_entropy, event->he_size); + /*- - * Don't wrap the length. Doing this the hard way so as not to wrap at MAXUINT. - * This is a "saturating" add. + * Don't wrap the length. This is a "saturating" add. * XXX: FIX!!: We don't actually need lengths for anything but fs_pool[0], * but it's been useful debugging to see them all. */ - if (RANDOM_FORTUNA_MAXPOOLSIZE - fortuna_state.fs_pool[pl].fsp_length > event->he_size) - fortuna_state.fs_pool[pl].fsp_length += event->he_size; - else - fortuna_state.fs_pool[pl].fsp_length = RANDOM_FORTUNA_MAXPOOLSIZE; + fortuna_state.fs_pool[pl].fsp_length = MIN(RANDOM_FORTUNA_MAXPOOLSIZE, + fortuna_state.fs_pool[pl].fsp_length + + sizeof(event->he_somecounter) + event->he_size); explicit_bzero(event, sizeof(*event)); RANDOM_RESEED_UNLOCK(); } |