Now
MAIN commitmail json YAML
x86/pmap: Feed entropy_extract output through nist_hash_drbg.
The entropy pool algorithm is NOT designed to provide backtracking
resistance on its own -- it MUST be combined with a PRNG/DRBG that
provides that.
The only reason we use entropy_extract here is that cprng(9) is not
available yet (which in turn is because kmem and other basic kernel
facilities aren't available yet), but nist_hash_drbg doesn't have any
initialization order requirements, so we'll just use it directly.
The entropy pool algorithm is NOT designed to provide backtracking
resistance on its own -- it MUST be combined with a PRNG/DRBG that
provides that.
The only reason we use entropy_extract here is that cprng(9) is not
available yet (which in turn is because kmem and other basic kernel
facilities aren't available yet), but nist_hash_drbg doesn't have any
initialization order requirements, so we'll just use it directly.