FreeBSD random number generator broken for last 4 months

As several LWN readers have pointed out, John-Mark Gurney posted a message to the freebsd-current mailing list on February 17 noting that the random number generator (RNG) in the FreeBSD "current" kernel has been broken for the last four months. "If you are running a current kernel r273872 or later, please upgradeyour kernel to r278907 or later immediately and regenerate keys. I discovered an issue where the new framework code was not callingrandomdev_init_reader, which means that read_random(9) was not returninggood random data. read_random(9) is used by arc4random(9) which isthe primary method that arc4random(3) is seeded from.This means most/all keys generated may be predictable and must beregenerated. This includes, but not limited to, ssh keys and keysgenerated by openssl. This is purely a kernel issue, and a simplekernel upgrade w/ the patch is sufficient to fix the issue."