From 773835bf4062892389b94d4f7b3a54223b44e520 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Wed, 4 Dec 2019 16:55:49 +0000
Subject: [PATCH 3/4] Adapt cprng_fast to use entropy_epoch(), not
 rnd_initial_entropy.

This way it has an opportunity to be reseeded after boot.
---
 sys/crypto/cprng_fast/cprng_fast.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/sys/crypto/cprng_fast/cprng_fast.c b/sys/crypto/cprng_fast/cprng_fast.c
index cc17dfe9a88e..5dc17506fa6f 100644
--- a/sys/crypto/cprng_fast/cprng_fast.c
+++ b/sys/crypto/cprng_fast/cprng_fast.c
@@ -37,9 +37,9 @@ __KERNEL_RCSID(0, "$NetBSD: cprng_fast.c,v 1.13 2015/04/13 22:43:41 riastradh Ex
 #include <sys/bitops.h>
 #include <sys/cprng.h>
 #include <sys/cpu.h>
+#include <sys/entropy.h>
 #include <sys/intr.h>
 #include <sys/percpu.h>
-#include <sys/rnd.h>		/* rnd_initial_entropy */
 
 /* ChaCha core */
 
@@ -198,7 +198,7 @@ struct cprng_fast {
 	uint32_t 	buffer[crypto_core_OUTPUTWORDS];
 	uint32_t 	key[crypto_core_KEYWORDS];
 	uint32_t 	nonce[crypto_core_INPUTWORDS];
-	bool		have_initial;
+	unsigned	epoch;
 };
 
 __CTASSERT(sizeof ((struct cprng_fast *)0)->key == CPRNG_FAST_SEED_BYTES);
@@ -233,9 +233,9 @@ cprng_fast_init_cpu(void *p, void *arg __unused, struct cpu_info *ci __unused)
 	struct cprng_fast *const cprng = p;
 	uint8_t seed[CPRNG_FAST_SEED_BYTES];
 
+	cprng->epoch = entropy_epoch();
 	cprng_strong(kern_cprng, seed, sizeof seed, 0);
 	cprng_fast_seed(cprng, seed);
-	cprng->have_initial = rnd_initial_entropy;
 	(void)explicit_memset(seed, 0, sizeof seed);
 }
 
@@ -248,7 +248,7 @@ cprng_fast_get(struct cprng_fast **cprngp)
 	*cprngp = cprng = percpu_getref(cprng_fast_percpu);
 	s = splvm();
 
-	if (__predict_false(!cprng->have_initial))
+	if (__predict_false(cprng->epoch != entropy_epoch()))
 		cprng_fast_schedule_reseed(cprng);
 
 	return s;
@@ -274,6 +274,7 @@ cprng_fast_schedule_reseed(struct cprng_fast *cprng __unused)
 static void
 cprng_fast_intr(void *cookie __unused)
 {
+	unsigned epoch = entropy_epoch();
 	struct cprng_fast *cprng;
 	uint8_t seed[CPRNG_FAST_SEED_BYTES];
 	int s;
@@ -283,7 +284,7 @@ cprng_fast_intr(void *cookie __unused)
 	cprng = percpu_getref(cprng_fast_percpu);
 	s = splvm();
 	cprng_fast_seed(cprng, seed);
-	cprng->have_initial = rnd_initial_entropy;
+	cprng->epoch = epoch;
 	splx(s);
 	percpu_putref(cprng_fast_percpu);
 
-- 
2.19.1