Date: Thu, 15 Aug 2013 12:09:52 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: obrien@freebsd.org Cc: Arthur Mesh <arthurmesh@gmail.com>, freebsd-arch@freebsd.org, secteam@freebsd.org, Philip Paeps <philip@freebsd.org> Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion Message-ID: <86pptfnu33.fsf@nine.des.no> In-Reply-To: <20130807183112.GA79319@dragon.NUXI.org> (David O'Brien's message of "Wed, 7 Aug 2013 11:31:12 -0700") References: <20130807183112.GA79319@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
"David O'Brien" <obrien@FreeBSD.org> writes:
> 20120913:
> The random(4) support for the VIA hardware random number
> generator (`PADLOCK') is no longer enabled unconditionally.
> Add the PADLOCK_RNG option in the custom kernel config if
> needed. The GENERIC kernels on i386 and amd64 do include the
> option, so the change only affects the custom kernel
> configurations.
I still haven't received an answer to my question about options vs
devices. AFAICT there is no reason whatsoever to have padlock or yarrow
as kernel options rather than devices. The fact that they are available
as modules is be a big hint that they should be devices, not options.
The fact that we haven't been consistent in the past is not an excuse to
continue making the same mistake in the present and future.
I also believe that randomness is sufficiently important that we should
have yarrow (or fortuna, when it materializes) in DEFAULTS. Users who
don't want it (or prefer to load it as a module) can disable it with a
nodevice entry in their kernel config.
Also, rc scripts for services which require a PRNG (such as sshd) should
complain and abort if kern.random.adaptors is empty.
BTW, I see that the sysctl was changed (per my request) to return an
empty string if no adaptors are present:
if (LIST_EMPTY(&adaptors))
error =3D SYSCTL_OUT(req, "", strlen(""));
LIST_FOREACH(rpp, &adaptors, entries) {
if (0 !=3D SYSCTL_OUT(req, rpp->name, strlen(rpp->name)))
break;
}
but if I read the code correctly, if multiple adaptors are present,
their names will be concatenated with no separator. You probably want
something like this:
int comma =3D 0;
/* ... */
LIST_FOREACH(rpp, &adaptors, entries) {
if (!comma) {
if (0 !=3D SYSCTL_OUT(req, ",", 1))
break;
comma =3D 1;
}
if (0 !=3D SYSCTL_OUT(req, rpp->name, strlen(rpp->name)))
break;
}
(and a minor nit: strlen("") is a strange way to spell 0...)
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86pptfnu33.fsf>