Thu Jul 30 17:26:24 2020 UTC ()
Cite Cryptography Research evaluation of VIA RNG and give live URL.

(URL verified to be archived in the Internet Archive for posterity)


(riastradh)
diff -r1.18 -r1.19 src/sys/arch/x86/x86/cpu_rng.c
cvs diff -r1.18 -r1.19 src/sys/arch/x86/x86/cpu_rng.c (expand / switch to unified diff)

--- src/sys/arch/x86/x86/cpu_rng.c 2020/07/25 22:10:34 1.18
+++ src/sys/arch/x86/x86/cpu_rng.c 2020/07/30 17:26:23 1.19
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: cpu_rng.c,v 1.18 2020/07/25 22:10:34 riastradh Exp $ */ 1/* $NetBSD: cpu_rng.c,v 1.19 2020/07/30 17:26:23 riastradh Exp $ */
2 2
3/*- 3/*-
4 * Copyright (c) 2015 The NetBSD Foundation, Inc. 4 * Copyright (c) 2015 The NetBSD Foundation, Inc.
5 * All rights reserved. 5 * All rights reserved.
6 * 6 *
7 * This code is derived from software contributed to The NetBSD Foundation 7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Thor Lancelot Simon. 8 * by Thor Lancelot Simon.
9 * 9 *
10 * Redistribution and use in source and binary forms, with or without 10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions 11 * modification, are permitted provided that the following conditions
12 * are met: 12 * are met:
13 * 1. Redistributions of source code must retain the above copyright 13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer. 14 * notice, this list of conditions and the following disclaimer.
@@ -218,26 +218,31 @@ cpu_rng_via(uint64_t *out) @@ -218,26 +218,31 @@ cpu_rng_via(uint64_t *out)
218 : "memory"); 218 : "memory");
219 219
220 /* Restore CR0 and interrupts. */ 220 /* Restore CR0 and interrupts. */
221 lcr0(cr0); 221 lcr0(cr0);
222 x86_write_psl(psl); 222 x86_write_psl(psl);
223 223
224 /* Get the number of bytes stored. (Should always be 8 or 0.) */ 224 /* Get the number of bytes stored. (Should always be 8 or 0.) */
225 nbytes = __SHIFTOUT(status, VIA_RNG_STATUS_NBYTES); 225 nbytes = __SHIFTOUT(status, VIA_RNG_STATUS_NBYTES);
226 226
227 /* 227 /*
228 * The Cryptography Research paper on the VIA RNG estimates 228 * The Cryptography Research paper on the VIA RNG estimates
229 * 0.75 bits of entropy per output bit and advises users to 229 * 0.75 bits of entropy per output bit and advises users to
230 * be "even more conservative". 230 * be "even more conservative".
 231 *
 232 * `Evaluation of VIA C3 Nehemiah Random Number
 233 * Generator', Cryptography Research, Inc., February 27,
 234 * 2003.
 235 * https://www.rambus.com/wp-content/uploads/2015/08/VIA_rng.pdf
231 */ 236 */
232 return nbytes * NBBY/2; 237 return nbytes * NBBY/2;
233} 238}
234 239
235static size_t 240static size_t
236cpu_rng(enum cpu_rng_mode mode, uint64_t *out) 241cpu_rng(enum cpu_rng_mode mode, uint64_t *out)
237{ 242{
238 243
239 switch (mode) { 244 switch (mode) {
240 case CPU_RNG_NONE: 245 case CPU_RNG_NONE:
241 return 0; 246 return 0;
242 case CPU_RNG_RDSEED: 247 case CPU_RNG_RDSEED:
243 return cpu_rng_rdseed(out); 248 return cpu_rng_rdseed(out);