diff options
author | das <das@FreeBSD.org> | 2012-01-16 20:18:10 +0000 |
---|---|---|
committer | das <das@FreeBSD.org> | 2012-01-16 20:18:10 +0000 |
commit | 3d0182b53d95999dabeea9b1e384b615eeceeba4 (patch) | |
tree | 5ab1f48fc135b6be0e4dd604fc1f26e3129707ef /sys/dev/random | |
parent | 48c614390e5098cc45490e5f29ac3795fd7b929d (diff) | |
download | FreeBSD-src-3d0182b53d95999dabeea9b1e384b615eeceeba4.zip FreeBSD-src-3d0182b53d95999dabeea9b1e384b615eeceeba4.tar.gz |
Generate a warning if the kernel's arc4random() is seeded with bogus entropy.
Diffstat (limited to 'sys/dev/random')
-rw-r--r-- | sys/dev/random/harvest.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/dev/random/harvest.c b/sys/dev/random/harvest.c index aacba32..a1ff8dd 100644 --- a/sys/dev/random/harvest.c +++ b/sys/dev/random/harvest.c @@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$"); #include <sys/queue.h> #include <sys/random.h> #include <sys/selinfo.h> +#include <sys/syslog.h> #include <sys/systm.h> #include <sys/sysctl.h> @@ -48,6 +49,7 @@ static int read_random_phony(void *, int); /* Structure holding the desired entropy sources */ struct harvest_select harvest = { 1, 1, 1, 0 }; +static int warned = 0; /* hold the address of the routine which is actually called if * the randomdev is loaded @@ -71,6 +73,7 @@ random_yarrow_deinit_harvester(void) { reap_func = NULL; read_func = read_random_phony; + warned = 0; } /* Entropy harvesting routine. This is supposed to be fast; do @@ -108,6 +111,11 @@ read_random_phony(void *buf, int count) u_long randval; int size, i; + if (!warned) { + log(LOG_WARNING, "random device not loaded; using insecure entropy\n"); + warned = 1; + } + /* srandom() is called in kern/init_main.c:proc0_post() */ /* Fill buf[] with random(9) output */ |