Generate a warning if the kernel's arc4random() is seeded with bogus entropy.

1 files changed, 8 insertions, 0 deletions

diff --git a/sys/dev/random/harvest.c b/sys/dev/random/harvest.c
index aacba32..a1ff8dd 100644
--- a/sys/dev/random/harvest.c
+++ b/sys/dev/random/harvest.c
@@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/queue.h>
 #include <sys/random.h>
 #include <sys/selinfo.h>
+#include <sys/syslog.h>
 #include <sys/systm.h>
 #include <sys/sysctl.h>
 
@@ -48,6 +49,7 @@ static int read_random_phony(void *, int);
 
 /* Structure holding the desired entropy sources */
 struct harvest_select harvest = { 1, 1, 1, 0 };
+static int warned = 0;
 
 /* hold the address of the routine which is actually called if
  * the randomdev is loaded
@@ -71,6 +73,7 @@ random_yarrow_deinit_harvester(void)
 {
 	reap_func = NULL;
 	read_func = read_random_phony;
+	warned = 0;
 }
 
 /* Entropy harvesting routine. This is supposed to be fast; do
@@ -108,6 +111,11 @@ read_random_phony(void *buf, int count)
 	u_long randval;
 	int size, i;
 
+	if (!warned) {
+		log(LOG_WARNING, "random device not loaded; using insecure entropy\n");
+		warned = 1;
+	}
+
 	/* srandom() is called in kern/init_main.c:proc0_post() */
 
 	/* Fill buf[] with random(9) output */