OpenAFS Master Repository branch, master, updated. openafs-devel-1_5_76-4357-g0d67b00
Gerrit Code Review
Wed, 10 Sep 2014 15:05:25 -0400
The following commit has been merged in the master branch:
Author: Ben Kaduk <firstname.lastname@example.org>
Date: Wed Mar 27 17:02:55 2013 -0400
Export heimdal's rand-fortuna PRNG to the kernel
Some systems (e.g., AIX, SGI, DFBSD, HPUX) do not supply a useful
implementation of osi_readRandom(), in some cases because the kernel
does not expose a random-number interface to kernel modules. We want
real random numbers on all systems, because we want to use the for
setting the RX epoch and connection ID in the kernel.
Build hcrypto's rand-fortuna PRNG into the rand-kernel interface we expose,
and implement RAND_bytes using rand-fortuna when osi_ReadRandom()
is not useful.
Add stub routines to config.h as needed, and add a heim_threads.h
with the necessary locking for rand-fortuna. The rand-fortuna algorithm
requires some measure of time's passage, so provide a stub gettimeofday()
with single-second resolution. We use a single (global) mutex for the
hcrypto kernel code, so that we can statically declare an initializer to
be the address of that mutex. Otherwise the locking is taken essentially
wholesale from rx_kmutex.
rand-fortuna requires the sha256 code for its hashing, and also
requires a stub rand-fortuna to satisfy linker symbol visibility.
Since the rand-fortuna code does not have any actual sources of entropy
available to it during its initialization routines, we must explicitly
seed the in-kernel rand-fortuna using entropy passed in from userland.
(Userland will always have at least /dev/random available, so the
userland hcrypto should always have usable entropy.) Be sure to do so
early in the afsd startup sequence, before any daemons are started, so
that entropy is available to the core rx code for generating the epoch
and cid -- the rand-fortuna code will (erroneously) always claim that
it has startup entropy even though in this case it may not actually
have any entropy. The rand-fortuna code does not consider itself
fully seeded until it has 128 bytes of entropy, so be sure to pass
more than that in from userspace.
It is preferrable to always build this code into the kernel, even on
systems when it is not going to be used, to help prevent bitrot. This
also avoids the possibility of a new system being supported that would
attempt to use the rand-fortuna code but fail to supply any seed entropy,
which would not necessarily be readily apparent.
Reviewed-by: D Brashear <email@example.com>
Tested-by: BuildBot <firstname.lastname@example.org>
Reviewed-by: Jeffrey Altman <email@example.com>
src/afs/afs_call.c | 25 +++++++++++++
src/afsd/Makefile.in | 2 +-
src/afsd/afsd.c | 12 ++++++
src/config/afs_args.h | 1 +
src/crypto/hcrypto/kernel/config.h | 33 +++++++++++++++++
src/crypto/hcrypto/kernel/heim_threads.h | 12 ++++++
src/crypto/hcrypto/kernel/rand-timer.c | 58 ++++++++++++++++++++++++++++++
src/crypto/hcrypto/kernel/rand.c | 27 ++++++++++++++
src/crypto/hcrypto/kernel/strcasecmp.c | 32 ++++++++++++++++
src/libafs/Makefile.common.in | 29 +++++++++++++++
src/libafs/MakefileProto.LINUX.in | 4 ++
11 files changed, 234 insertions(+), 1 deletions(-)
OpenAFS Master Repository