| History log of /src/sbin/rndctl/rndctl.c |
| Revision | | Date | Author | Comments |
| 1.41 |
| 11-Apr-2023 |
riastradh | rndctl(8): Take omitted name/type as empty device name.
This can now be used to change flags for all sources at once.
XXX pullup-10
|
| 1.40 |
| 04-Apr-2021 |
nia | branches: 1.40.6;
rndctl(8): to -l, add a "samples" column separate to "bits"
rename the "bits" column to "estimated bits".
this provides a clear indication when a source is being used, but
not increasing the entropy counter.
this commit fixes an unrelated bug where verbose output functioned
incorrectly when a class of device was specified with -t.
while here, reduce code duplication.
"gofer it" riastradh@
|
| 1.39 |
| 04-Apr-2021 |
nia | rndctl(8): remove no-longer-useful stats from -s
these are always 0 now.
"gofer it" riastradh@
|
| 1.38 |
| 02-Apr-2021 |
nia | rndctl: make -l's "Flags" field reflect current reality
don't print "legacy options" RND_FLAG_ESTIMATE_TIME and
"RND_FLAG_ESTIMATE_VALUE"
only print "estimate" if we have actually counted any bits from
something, since it's no longer really possible to "enable estimation".
ideally, there should also be a "samples" field so it's clear
collected bits are not being counted.
|
| 1.37 |
| 12-May-2020 |
simonb | Whitespace alignment nits.
|
| 1.36 |
| 07-May-2020 |
riastradh | Trigger entropy consolidation before saving seed.
This way, whenever /etc/security runs infrequently (daily), or the
operator manually issues rndctl -S, we ensure that all samples taken
during the entire boot are hashed together in the seed for the next
boot.
This should be infrequent enough that it's unlikely to enable the
iterative-guessing attacks that we try to mitigate by not frequently
consolidating entropy.
|
| 1.35 |
| 07-May-2020 |
riastradh | Rework rndctl seed load sequence again.
Go back to the book's order, now that writing to /dev/random
guarantees to consolidate entropy -- this way the _next_ boot is no
less secure than the current boot, in the event that entropy sources
like interrupt timings provided any security that we just don't know
how to measure honestly.
Make sure to open the old seed to overwrite and the new seed to write
anew first so that we can determine whether the medium is read-only
before accepting the file's entropy estimate.
|
| 1.34 |
| 06-May-2020 |
riastradh | Tweak logic to decide whether a medium is safe for an rndseed.
- Teach rndctl to load the seed, but treat it as zero entropy, if the
medium is read-only or if the update fails.
- Teach rndctl to accept `-i' flag instructing it to ignore the
entropy estimate in the seed.
- Teach /etc/rc.d/random_seed to:
(a) assume nonlocal file systems are unsafe, and use -i, but
(b) assume / is safe, even if it is nonlocal.
If the medium is nonwritable, leave it to rndctl to detect that.
(Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
already implemented it this way.)
Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.
|
| 1.33 |
| 30-Apr-2020 |
riastradh | Sort includes.
|
| 1.32 |
| 30-Apr-2020 |
riastradh | Accept both byte orders for random seed in `rndctl -L'.
The file format was defined with a machine-dependent 32-bit integer
field (the estimated number of bits of entropy in the process that
generated it). Take whichever byte order gives a number that is
reasonable, i.e. lower than the number of bits in the buffer.
Continue to have `rndctl -S' generate it in machine-dependent byte
order for now, so that if you roll back to an older rndctl(8) then
`rndctl -L' on the same machine will still be able to load it with
the right entropy estimate. In a future revision, perhaps we can
change it to be little-endian.
|
| 1.31 |
| 06-Dec-2019 |
riastradh | Teach `rndctl -L' to update the seed file, not just delete it.
The seed file is updated by entering the old seed into the system and
then hashing the old seed together with data from /dev/urandom, and
writing it atomically with write-to-temporary/rename-to-permanent.
This way, interruption by crash or power loss does not obliterate
your persistent entropy (unless it causes file system corruption).
|
| 1.30 |
| 13-Apr-2015 |
riastradh | branches: 1.30.16; 1.30.18;
Use <sys/rndio.h> instead of <sys/rnd.h>.
|
| 1.29 |
| 10-Aug-2014 |
wiz | Sync usage with manpage a bit more.
|
| 1.28 |
| 10-Aug-2014 |
tls | Merge tls-earlyentropy branch into HEAD.
|
| 1.27 |
| 15-Jan-2014 |
apb | branches: 1.27.2;
Overwrite the seed file from the beginning, using pwrite(2).
|
| 1.26 |
| 15-Jan-2014 |
joerg | Fix arguments for write.
|
| 1.25 |
| 14-Aug-2012 |
jruoho | branches: 1.25.2;
Use _PATH_URANDOM from paths(3).
|
| 1.24 |
| 02-Feb-2012 |
tls | Entropy-pool implementation move and cleanup.
1) Move core entropy-pool code and source/sink/sample management code
to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout
source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to
avoid expensive operations on disabled entropy sources; make the
rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might
have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM
system events, and skew between clocks, with a sample implementation
for each.
ok releng to go in before the branch due to the difficulty of later
pullup (widespread #ifdef removal and moved files). Tested with release
builds on amd64 and evbarm and live testing on amd64.
|
| 1.23 |
| 17-Dec-2011 |
apb | Make "rndctl -L" overwrite the file with zeros, not with the
same data that was just read from the file.
|
| 1.22 |
| 26-Nov-2011 |
tls | Make the rndsave structure public -- the kernel will learn to read it
and sysinst may learn to write it (since, on some systems, most of
the keyboard input they ever get happens to be during install). Fix a
couple of minor problems with the random_seed rc script addition.
|
| 1.21 |
| 23-Nov-2011 |
tls | Load entropy at system boot (only works at securelevel < 1); save
at system shutdown. Disable with random_seed=NO in rc.conf if desired.
Goes to some trouble to never load or save to network filesystems.
Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.
|
| 1.20 |
| 27-Aug-2011 |
joerg | branches: 1.20.2;
static + const + __dead
|
| 1.19 |
| 05-Apr-2009 |
lukem | fix sign-compare issues
|
| 1.18 |
| 06-Nov-2008 |
apb | branches: 1.18.2;
* Instead of silently ignoring extra args, print a usage error. This
adddresses the silent failure reported in PR 39862 by Brian A. Seklecki
* Adjust usage message to match the synopsis in the man page.
|
| 1.17 |
| 27-Jun-2005 |
christos | branches: 1.17.4; 1.17.20; 1.17.28;
Move WARNS=3 to the Makefile.inc, and add a little const to the remaining
programs that did not compile before.
|
| 1.16 |
| 13-Jul-2003 |
itojun | strlcat
|
| 1.15 |
| 23-Jun-2003 |
agc | Add NetBSD RCS Ids.
|
| 1.14 |
| 17-May-2003 |
itojun | do not hardcode buffer size
|
| 1.13 |
| 18-Aug-2002 |
gmcgarry | Type 'network' was an alias for 'net' and was changed to "net" in
rev 1.5. Remove duplicate. Reported by Christian Biere in PR17976.
|
| 1.12 |
| 19-May-2002 |
enami | Since all members in rndpoolstat_t are unsigned, print them so. PR#14584.
|
| 1.11 |
| 11-Sep-2001 |
enami | - Recognize new type `rng'.
- Use getprogname().
|
| 1.10 |
| 08-Sep-2001 |
enami | Don't punt on really unknown type of device when fetching name of it.
Instead, warn and just print it as ???.
|
| 1.9 |
| 08-Sep-2001 |
enami | Cosmetic changes.
|
| 1.8 |
| 28-Aug-2000 |
joda | document -s
|
| 1.7 |
| 25-Aug-2000 |
joda | initialize sflag to zero; discovered on Digital UNIX, where I got
random (no pun intended) functionality
|
| 1.6 |
| 20-Jun-2000 |
sommerfeld | branches: 1.6.2;
revised rndctl which can display pool statistics.
|
| 1.5 |
| 30-Mar-1999 |
mycroft | branches: 1.5.8;
Make the usage string match the man page.
|
| 1.4 |
| 28-Feb-1999 |
explorer | flags and type are seperate now
|
| 1.3 |
| 09-Jan-1998 |
perry | RCS Id Police.
|
| 1.2 |
| 13-Oct-1997 |
explorer | clean up warnings, gads
|
| 1.1 |
| 13-Oct-1997 |
explorer | Add rndctl(8) and man page
|
| 1.5.8.1 |
| 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.6.2.2 |
| 18-Sep-2002 |
itojun | pullup 1.7 (hash@iij.ad.jp)
initialize sflag to zero; discovered on Digital UNIX, where I got
random (no pun intended) functionality
|
| 1.6.2.1 |
| 20-Jun-2000 |
itojun | file rndctl.c was added on branch netbsd-1-5 on 2002-09-18 15:56:19 +0000
|
| 1.17.28.1 |
| 08-Jan-2009 |
snj | Pull up following revision(s) (requested by apb in ticket #231):
sbin/rndctl/rndctl.c: revision 1.18
* Instead of silently ignoring extra args, print a usage error. This
adddresses the silent failure reported in PR 39862 by Brian A. Seklecki
* Adjust usage message to match the synopsis in the man page.
|
| 1.17.20.1 |
| 17-Jan-2009 |
mjf | Sync with HEAD.
|
| 1.17.4.1 |
| 11-Feb-2009 |
ober | Pull up following revision(s) (requested by dholland in ticket #1274):
sbin/rndctl/rndctl.c: revision 1.18
* Instead of silently ignoring extra args, print a usage error. This
adddresses the silent failure reported in PR 39862 by Brian A. Seklecki
* Adjust usage message to match the synopsis in the man page.
|
| 1.18.2.1 |
| 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.20.2.3 |
| 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.20.2.2 |
| 30-Oct-2012 |
yamt | sync with head
|
| 1.20.2.1 |
| 17-Apr-2012 |
yamt | sync with head
|
| 1.25.2.1 |
| 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.27.2.2 |
| 17-Jul-2014 |
tls | Adjustments to the "earlyentropy" branch in response to the various
discussions beginning with my initial proposal
http://mail-index.netbsd.org/tech-kern/2014/04/08/msg016876.html and
particularly the long discussion of cprng_fast() performance (e.g.
https://mail-index.netbsd.org/tech-crypto/2014/04/21/msg000642.html).
In particular:
* Per-CPU, lockless cprng_fast replacement using Dennis Ferguson's
"ccrand" implementation of ChaCha8.
* libkern arc4random() is gone, gone, gone.
* Entropy estimator reverted to 32-bit recordkeeping and timestamps
per Dennis' comments and analysis.
* LZF entropy estimator removed: it required a great deal of state,
and rejected only truly pathological input.
I have not yet reverted the changes that provide LZF in the kernel
as generic functionality; I will likely revert those changes prior
to any merge of this branch to HEAD.
|
| 1.27.2.1 |
| 07-Apr-2014 |
tls | Update rndctl(8) to add the -v option, which gives us more robust information
on entropy collection and estimation.
|
| 1.30.18.2 |
| 15-Jul-2020 |
martin | Pull up following revision(s) (requested by riastradh in ticket #1006):
sbin/rndctl/rndctl.c: revision 1.32
sbin/rndctl/rndctl.c: revision 1.33
Accept both byte orders for random seed in `rndctl -L'.
The file format was defined with a machine-dependent 32-bit integer
field (the estimated number of bits of entropy in the process that
generated it). Take whichever byte order gives a number that is
reasonable, i.e. lower than the number of bits in the buffer.
Continue to have `rndctl -S' generate it in machine-dependent byte
order for now, so that if you roll back to an older rndctl(8) then
`rndctl -L' on the same machine will still be able to load it with
the right entropy estimate. In a future revision, perhaps we can
change it to be little-endian.
Sort includes.
|
| 1.30.18.1 |
| 17-Dec-2019 |
martin | Pull up following revision(s) (requested by riastradh in ticket #563):
sbin/rndctl/rndctl.c: revision 1.31
sbin/rndctl/rndctl.8: revision 1.23
sbin/rndctl/Makefile: revision 1.4 (adapted)
sbin/rndctl/namespace.h: revision 1.1
Teach `rndctl -L' to update the seed file, not just delete it.
The seed file is updated by entering the old seed into the system and
then hashing the old seed together with data from /dev/urandom, and
writing it atomically with write-to-temporary/rename-to-permanent.
This way, interruption by crash or power loss does not obliterate
your persistent entropy (unless it causes file system corruption).
|
| 1.30.16.1 |
| 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.40.6.1 |
| 31-Jul-2023 |
martin | Pull up following revision(s) (requested by riastradh in ticket #273):
sys/kern/kern_entropy.c: revision 1.59
sbin/rndctl/rndctl.c: revision 1.41
entropy(9): Allow changing flags on all entropy sources at once.
Entropy sources should all have nonempty names, and this will enable
an operator to, for example, disable all but a specific entropy
source.
rndctl(8): Take omitted name/type as empty device name.
This can now be used to change flags for all sources at once.
|
