---
- branch: MAIN
  date: Fri May 13 09:39:40 UTC 2022
  files:
  - new: '1.415'
    old: '1.414'
    path: src/sys/arch/x86/x86/pmap.c
    pathrev: src/sys/arch/x86/x86/pmap.c@1.415
    type: modified
  id: 20220513T093940Z.453d264cfb5b16e103ab07d39a9ff712360bbf2d
  log: |
    x86/pmap: Feed entropy_extract output through nist_hash_drbg.

    The entropy pool algorithm is NOT designed to provide backtracking
    resistance on its own -- it MUST be combined with a PRNG/DRBG that
    provides that.

    The only reason we use entropy_extract here is that cprng(9) is not
    available yet (which in turn is because kmem and other basic kernel
    facilities aren't available yet), but nist_hash_drbg doesn't have any
    initialization order requirements, so we'll just use it directly.
  module: src
  subject: 'CVS commit: src/sys/arch/x86/x86'
  unixtime: '1652434780'
  user: riastradh