NetBSD Problem Report #22660

Received: (qmail 28420 invoked by uid 605); 1 Sep 2003 21:36:07 -0000
Message-Id: <20030901213626.7887.qmail@wiredyne.com>
Date: 1 Sep 2003 21:36:26 -0000
From: pdh@wiredyne.com
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: pdh@wiredyne.com
To: gnats-bugs@gnats.netbsd.org
Subject: Max Entropy ioctl() for /dev/random
X-Send-Pr-Version: 3.95

>Number:         22660
>Category:       kern
>Synopsis:       Max Entropy ioctl for /dev/random
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 01 21:37:00 +0000 2003
>Closed-Date:    
>Last-Modified:  
>Originator:     
>Release:        NetBSD 1.6.1
>Organization:
>Environment:
System: NetBSD xxx.xxx 1.6.1 NetBSD 1.6.1 (GENERIC) #1: Thu Aug 28 23:04:55 PST 2003 xxx@xxx.xxx:/usr/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
	/dev/random currently has a RNDGETENTCNT ioctl which returns
	the number of bits available in the entropy pool.

	It would be nice to have an ioctl which also returns the
	maximum number of bits of entropy the pool can hold.

	Currently this information is available at compile time in the
	RND_POOLBITS macro in <sys/rnd.h>.  However, this means that
	an application which is compiled under one kernel may not work
	correctly if copied to another machine.  (This could easily
	happen if somebody used a binary package for an application.)
	For example, an application which restores the entropy pool
	needs to know when to stop restoring.  If it targets the wrong
	level it may never stop.

	(Bitstir is one such application:
	ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/security/bitstir/README.html)

	The maximum pool size is also available through the
	undocumented ioctl RNDGETPOOLSTAT.  However, this ioctl can
	only be used by root.  (And that's a good idea, because it
	returns quite a bit of information.)

	While I've given this a "low" priority, it would be really
	great to get this simple change into the next release.
	The diffs below show how really simple it is.

>How-To-Repeat:

>Fix:
	These diffs are against the 1.6.1 kernel sources.  These changes
	compile, work, and seem to result in a stable kernel.

------------------------------------------------------------------------
*** /usr/src/sys/sys/rnd.h.orig	Sat Sep  8 16:48:33 2001
--- rnd.h	Mon Sep  1 11:50:11 2003
***************
*** 143,148 ****
--- 143,149 ----
  void		rndpool_init __P((rndpool_t *));
  void		rndpool_init_global __P((void));
  u_int32_t	rndpool_get_entropy_count __P((rndpool_t *));
+ u_int32_t	rndpool_get_maxentropy __P((rndpool_t *));
  void		rndpool_get_stats __P((rndpool_t *, void *, int));
  void		rndpool_increment_entropy_count __P((rndpool_t *, u_int32_t));
  u_int32_t	*rndpool_get_pool __P((rndpool_t *));
***************
*** 206,210 ****
--- 207,212 ----
  #define	RNDCTL		_IOW('R',  104, rndctl_t)  /* set/clear source flags */
  #define	RNDADDDATA	_IOW('R',  105, rnddata_t) /* add data to the pool */
  #define	RNDGETPOOLSTAT	_IOR('R',  106, rndpoolstat_t)
+ #define	RNDGETMAXENT	_IOR('R',  107, u_int32_t)

  #endif /* !_SYS_RND_H_ */
------------------------------------------------------------------------
*** /usr/src/sys/dev/rnd.c.orig	Fri Mar  8 12:48:15 2002
--- rnd.c	Thu Aug 28 22:37:51 2003
***************
*** 487,492 ****
--- 487,498 ----
  		splx(s);
  		break;

+ 	case RNDGETMAXENT:
+ 	  	s = splsoftclock();
+ 		*(u_int32_t *)addr = rndpool_get_maxentropy(&rnd_pool);
+ 		splx(s);
+ 		break;
+ 
  	case RNDGETPOOLSTAT:
  		if ((ret = suser(p->p_ucred, &p->p_acflag)) != 0)
  			return (ret);
------------------------------------------------------------------------
*** /usr/src/sys/dev/rndpool.c.orig	Thu Nov 15 01:47:41 2001
--- rndpool.c	Thu Aug 28 22:16:27 2003
***************
*** 81,86 ****
--- 81,93 ----
  	return (rp->stats.curentropy);
  }

+ u_int32_t
+ rndpool_get_maxentropy(rndpool_t *rp)
+ {
+ 
+ 	return (rp->stats.maxentropy);
+ }
+ 
  void rndpool_get_stats(rndpool_t *rp, void *rsp, int size)
  {
>Release-Note:
>Audit-Trail:
>Unformatted:

Home	PR Database Search