That's information is not a secret.
> Some functions in rnd have a timespec; make sure to zero it
> as already done with other buffers. Also do buf in
> dequeue_randomness().
>
> - Michael
>
>
> Index: src/sys/dev/rnd.c
> ===================================================================
> RCS file: /cvs/src/sys/dev/rnd.c,v
> retrieving revision 1.191
> diff -u -p -u -r1.191 rnd.c
> --- src/sys/dev/rnd.c 8 Dec 2016 05:32:49 -0000 1.191
> +++ src/sys/dev/rnd.c 13 Dec 2016 04:49:24 -0000
> @@ -312,6 +312,7 @@ enqueue_randomness(u_int state, u_int va
> timeout_add(&rnd_timeout, 1);
>
> mtx_leave(&entropylock);
> + explicit_bzero(&ts, sizeof(ts));
> }
>
> /*
> @@ -388,6 +389,7 @@ dequeue_randomness(void *v)
> mtx_enter(&entropylock);
> }
> mtx_leave(&entropylock);
> + explicit_bzero(buf, sizeof(buf));
> }
>
> /*
> @@ -458,6 +460,7 @@ suspend_randomness(void)
> dequeue_randomness(NULL);
> rs_count = 0;
> arc4random_buf(entropy_pool, sizeof(entropy_pool));
> + explicit_bzero(&ts, sizeof(ts));
> }
>
> void
> @@ -473,6 +476,7 @@ resume_randomness(char *buf, size_t bufl
>
> dequeue_randomness(NULL);
> rs_count = 0;
> + explicit_bzero(&ts, sizeof(ts));
> }
>
> static inline void _rs_rekey(u_char *dat, size_t datlen);
> @@ -523,6 +527,7 @@ _rs_stir(int do_lock)
> mtx_leave(&rndlock);
>
> explicit_bzero(buf, sizeof(buf));
> + explicit_bzero(&ts, sizeof(ts));
> }
>
> static inline void
>
