11 files changed, 57 insertions, 485 deletions

diff --git a/sys/dev/random/build.sh b/sys/dev/random/build.sh
index 326f8a6c12e40..08e033f844bae 100755
--- a/sys/dev/random/build.sh
+++ b/sys/dev/random/build.sh
@@ -28,23 +28,23 @@
 #
 # Basic script to build crude unit tests.
 #
-# Diff-reduction checking between Yarrow and fortuna is done like so:
+# Diff-reduction checking between fortuna and the other algorithm is done like so:
 #
-# $ diff -u -B <(sed -e 's/yarrow/wombat/g' \
-#                    -e 's/YARROW/WOMBAT/g' yarrow.c) \
-#              <(sed -e 's/fortuna/wombat/g' \
-#                    -e 's/FORTUNA/WOMBAT/g' fortuna.c) | less
+# $ diff -u -B <(sed -e 's/random_other/random_wombat/g' \
+#                    -e 's/RANDOM_OTHER/RANDOM_WOMBAT/g' other_algorithm.c) \
+#              <(sed -e 's/random_fortuna/random_wombat/g' \
+#                    -e 's/RANDOM_FORTUNA/RANDOM_WOMBAT/g' fortuna.c) | less
 #
 cc -g -O0 -pthread \
 	-I../.. -lstdthreads -Wall \
 	unit_test.c \
-	yarrow.c \
+	other_algorithm.c \
 	hash.c \
 	../../crypto/rijndael/rijndael-api-fst.c \
 	../../crypto/rijndael/rijndael-alg-fst.c \
 	../../crypto/sha2/sha256c.c \
 	-lz \
-	-o yunit_test
+	-o other_unit_test
 cc -g -O0 -pthread \
 	-I../.. -lstdthreads -Wall \
 	unit_test.c \
@@ -54,4 +54,4 @@ cc -g -O0 -pthread \
 	../../crypto/rijndael/rijndael-alg-fst.c \
 	../../crypto/sha2/sha256c.c \
 	-lz \
-	-o funit_test
+	-o fortuna_unit_test
diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c
index 17ebbd833c9af..c20cea2f21ae5 100644
--- a/sys/dev/random/fortuna.c
+++ b/sys/dev/random/fortuna.c
@@ -59,6 +59,7 @@ __FBSDID("$FreeBSD$");
 #include <dev/random/uint128.h>
 #include <dev/random/fortuna.h>
 #else /* !_KERNEL */
+#include <sys/param.h>
 #include <inttypes.h>
 #include <stdbool.h>
 #include <stdio.h>
@@ -97,9 +98,11 @@ CTASSERT(RANDOM_BLOCKSIZE == sizeof(uint128_t));
 CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE);
 
 /* Probes for dtrace(1) */
+#ifdef _KERNEL
 SDT_PROVIDER_DECLARE(random);
 SDT_PROVIDER_DEFINE(random);
 SDT_PROBE_DEFINE2(random, fortuna, event_processor, debug, "u_int", "struct fs_pool *");
+#endif /* _KERNEL */
 
 /*
  * This is the beastie that needs protecting. It contains all of the
@@ -398,7 +401,9 @@ random_fortuna_pre_read(void)
 			} else
 				break;
 		}
+#ifdef _KERNEL
 		SDT_PROBE2(random, fortuna, event_processor, debug, fortuna_state.fs_reseedcount, fortuna_state.fs_pool);
+#endif
 		/* FS&K */
 		random_fortuna_reseed_internal(s, i < RANDOM_FORTUNA_NPOOLS ? i + 1 : RANDOM_FORTUNA_NPOOLS);
 		/* Clean up and secure */
diff --git a/sys/dev/random/other_algorithm.c b/sys/dev/random/other_algorithm.c
index 0c73ef5421dfb..57679f53a7dae 100644
--- a/sys/dev/random/other_algorithm.c
+++ b/sys/dev/random/other_algorithm.c
@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2015 Mark R V Murray
+ * Copyright (c) 2015-2018 Mark R V Murray
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,19 +30,21 @@
  * containing an alternative entropy-processing algorithm for random(4).
  *
  * The functions below should be completed with the appropriate code,
- * and the nearby yarrow.c and fortuna.c may be consulted for examples
- * of working code.
+ * and the nearby fortuna.c may be consulted for examples of working code.
  *
  * The author is willing to provide reasonable help to those wishing to
  * write such a module for themselves. Please use the markm@ FreeBSD
  * email address, and ensure that you are developing this on a suitably
- * supported branch (This is currently 11-CURRENT, and will be no
- * older than 11-STABLE in the future).
+ * supported branch (This is currently 12-CURRENT, and may be no
+ * older than 12-STABLE in the future).
  */
 
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/limits.h>
+
+#ifdef _KERNEL
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
@@ -62,6 +64,24 @@ __FBSDID("$FreeBSD$");
 #include <dev/random/random_harvestq.h>
 #include <dev/random/uint128.h>
 #include <dev/random/other_algorithm.h>
+#else /* !_KERNEL */
+#include <inttypes.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <threads.h>
+
+#include "unit_test.h"
+
+#include <crypto/rijndael/rijndael-api-fst.h>
+#include <crypto/sha2/sha256.h>
+
+#include <dev/random/hash.h>
+#include <dev/random/randomdev.h>
+#include <dev/random/uint128.h>
+#include <dev/random/other_algorithm.h>
+#endif /* _KERNEL */
 
 static void random_other_pre_read(void);
 static void random_other_read(uint8_t *, u_int);
@@ -73,9 +93,7 @@ static void random_other_deinit_alg(void *);
 /*
  * RANDOM_OTHER_NPOOLS is used when reading hardware random
  * number sources to ensure that each pool gets one read sample
- * per loop iteration. Yarrow has 2 such pools (FAST and SLOW),
- * and fortuna has 32 (0-31). The RNG used prior to Yarrow and
- * ported from Linux had just 1 pool.
+ * per loop iteration. Fortuna has 32 (0-31).
  */
 #define RANDOM_OTHER_NPOOLS 1
 
diff --git a/sys/dev/random/other_algorithm.h b/sys/dev/random/other_algorithm.h
index 8ca2bb89b39e4..8486401daca77 100644
--- a/sys/dev/random/other_algorithm.h
+++ b/sys/dev/random/other_algorithm.h
@@ -31,14 +31,13 @@
  * containing an alternative entropy-processing algorithm for random(4).
  *
  * The functions below should be completed with the appropriate code,
- * and the nearby yarrow.c and fortuna.c may be consulted for examples
- * of working code.
+ * and the nearby fortuna.c may be consulted for examples of working code.
  *
  * The author is willing to provide reasonable help to those wishing to
  * write such a module for themselves. Please use the markm@ FreeBSD
  * email address, and ensure that you are developing this on a suitably
- * supported branch (This is currently 11-CURRENT, and will be no
- * older than 11-STABLE in the future).
+ * supported branch (This is currently 12-CURRENT, and may be no
+ * older than 12-STABLE in the future).
  */
 
 #ifndef SYS_DEV_RANDOM_OTHER_H_INCLUDED
diff --git a/sys/dev/random/random_harvestq.c b/sys/dev/random/random_harvestq.c
index d8620c84f1d6e..934464e185c17 100644
--- a/sys/dev/random/random_harvestq.c
+++ b/sys/dev/random/random_harvestq.c
@@ -140,7 +140,7 @@ static struct kproc_desc random_proc_kp = {
 	&harvest_context.hc_kthread_proc,
 };
 
-/* Pass the given event straight through to Fortuna/Yarrow/Whatever. */
+/* Pass the given event straight through to Fortuna/Whatever. */
 static __inline void
 random_harvestq_fast_process_event(struct harvest_event *event)
 {
@@ -178,7 +178,7 @@ random_kthread(void)
 		/* XXX: FIX!! Increase the high-performance data rate? Need some measurements first. */
 		for (i = 0; i < RANDOM_ACCUM_MAX; i++) {
 			if (harvest_context.hc_entropy_fast_accumulator.buf[i]) {
-				random_harvest_direct(harvest_context.hc_entropy_fast_accumulator.buf + i, sizeof(harvest_context.hc_entropy_fast_accumulator.buf[0]), 4, RANDOM_UMA);
+				random_harvest_direct(harvest_context.hc_entropy_fast_accumulator.buf + i, sizeof(harvest_context.hc_entropy_fast_accumulator.buf[0]), RANDOM_UMA);
 				harvest_context.hc_entropy_fast_accumulator.buf[i] = 0;
 			}
 		}
@@ -197,8 +197,7 @@ SYSINIT(random_device_h_proc, SI_SUB_KICK_SCHEDULER, SI_ORDER_ANY, kproc_start,
 /*
  * Run through all fast sources reading entropy for the given
  * number of rounds, which should be a multiple of the number
- * of entropy accumulation pools in use; 2 for Yarrow and 32
- * for Fortuna.
+ * of entropy accumulation pools in use; it is 32 for Fortuna.
  */
 static void
 random_sources_feed(void)
@@ -234,7 +233,7 @@ random_sources_feed(void)
 				printf("%s: rs_read for hardware device '%s' returned no entropy.\n", __func__, rrs->rrs_source->rs_ident);
 				continue;
 			}
-			random_harvest_direct(entropy, n, (n*8)/2, rrs->rrs_source->rs_source);
+			random_harvest_direct(entropy, n, rrs->rrs_source->rs_source);
 		}
 	}
 	explicit_bzero(entropy, sizeof(entropy));
@@ -380,7 +379,7 @@ SYSINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_SECOND, random_harvestq_in
 /*
  * This is used to prime the RNG by grabbing any early random stuff
  * known to the kernel, and inserting it directly into the hashing
- * module, e.g. Fortuna or Yarrow.
+ * module, currently Fortuna.
  */
 /* ARGSUSED */
 static void
@@ -414,7 +413,6 @@ random_harvestq_prime(void *unused __unused)
 				count = sizeof(event.he_entropy);
 				event.he_somecounter = (uint32_t)get_cyclecount();
 				event.he_size = count;
-				event.he_bits = count/4; /* Underestimate the size for Yarrow */
 				event.he_source = RANDOM_CACHED;
 				event.he_destination = harvest_context.hc_destination[0]++;
 				memcpy(event.he_entropy, data + i, sizeof(event.he_entropy));
@@ -459,8 +457,7 @@ SYSUNINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_SECOND, random_harvestq_
  * read which can be quite expensive.
  */
 void
-random_harvest_queue_(const void *entropy, u_int size, u_int bits,
-	enum random_entropy_source origin)
+random_harvest_queue_(const void *entropy, u_int size, enum random_entropy_source origin)
 {
 	struct harvest_event *event;
 	u_int ring_in;
@@ -474,7 +471,6 @@ random_harvest_queue_(const void *entropy, u_int size, u_int bits,
 		event->he_somecounter = (uint32_t)get_cyclecount();
 		event->he_source = origin;
 		event->he_destination = harvest_context.hc_destination[origin]++;
-		event->he_bits = bits;
 		if (size <= sizeof(event->he_entropy)) {
 			event->he_size = size;
 			memcpy(event->he_entropy, entropy, size);
@@ -496,7 +492,7 @@ random_harvest_queue_(const void *entropy, u_int size, u_int bits,
  * This is the right place for high-rate harvested data.
  */
 void
-random_harvest_fast_(const void *entropy, u_int size, u_int bits)
+random_harvest_fast_(const void *entropy, u_int size)
 {
 	u_int pos;
 
@@ -512,7 +508,7 @@ random_harvest_fast_(const void *entropy, u_int size, u_int bits)
  * (e.g.) booting when initial entropy is being gathered.
  */
 void
-random_harvest_direct_(const void *entropy, u_int size, u_int bits, enum random_entropy_source origin)
+random_harvest_direct_(const void *entropy, u_int size, enum random_entropy_source origin)
 {
 	struct harvest_event event;
 
@@ -520,7 +516,6 @@ random_harvest_direct_(const void *entropy, u_int size, u_int bits, enum random_
 	size = MIN(size, sizeof(event.he_entropy));
 	event.he_somecounter = (uint32_t)get_cyclecount();
 	event.he_size = size;
-	event.he_bits = bits;
 	event.he_source = origin;
 	event.he_destination = harvest_context.hc_destination[origin]++;
 	memcpy(event.he_entropy, entropy, size);
diff --git a/sys/dev/random/random_harvestq.h b/sys/dev/random/random_harvestq.h
index d58a4940bb737..c7005cde4f22e 100644
--- a/sys/dev/random/random_harvestq.h
+++ b/sys/dev/random/random_harvestq.h
@@ -38,10 +38,9 @@ struct harvest_event {
 	uint32_t	he_somecounter;		/* fast counter for clock jitter */
 	uint32_t	he_entropy[HARVESTSIZE];/* some harvested entropy */
 	uint8_t		he_size;		/* harvested entropy byte count */
-	uint8_t		he_bits;		/* stats about the entropy */
 	uint8_t		he_destination;		/* destination pool of this entropy */
 	uint8_t		he_source;		/* origin of the entropy */
-} __packed;
+};
 
 void read_rate_increment(u_int);
 
diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c
index 51c25ba408a37..c7bb97c3a0fe8 100644
--- a/sys/dev/random/randomdev.c
+++ b/sys/dev/random/randomdev.c
@@ -166,7 +166,7 @@ READ_RANDOM_UIO(struct uio *uio, bool nonblock)
 			 * Belt-and-braces.
 			 * Round up the read length to a crypto block size multiple,
 			 * which is what the underlying generator is expecting.
-			 * See the random_buf size requirements in the Yarrow/Fortuna code.
+			 * See the random_buf size requirements in the Fortuna code.
 			 */
 			read_len = roundup(read_len, RANDOM_BLOCKSIZE);
 			/* Work in chunks page-sized or less */
@@ -250,7 +250,6 @@ randomdev_accumulate(uint8_t *buf, u_int count)
 	for (i = 0; i < RANDOM_KEYSIZE_WORDS; i += sizeof(event.he_entropy)/sizeof(event.he_entropy[0])) {
 		event.he_somecounter = (uint32_t)get_cyclecount();
 		event.he_size = sizeof(event.he_entropy);
-		event.he_bits = event.he_size/8;
 		event.he_source = RANDOM_CACHED;
 		event.he_destination = destination++; /* Harmless cheating */
 		memcpy(event.he_entropy, entropy_data + i, sizeof(event.he_entropy));
diff --git a/sys/dev/random/unit_test.c b/sys/dev/random/unit_test.c
index aec2f1d2837ec..b93eb092b92b3 100644
--- a/sys/dev/random/unit_test.c
+++ b/sys/dev/random/unit_test.c
@@ -31,7 +31,6 @@
 
 cc -g -O0 -pthread -DRANDOM_<alg> -I../.. -lstdthreads -Wall \
 	unit_test.c \
-	yarrow.c \
 	fortuna.c \
 	hash.c \
 	../../crypto/rijndael/rijndael-api-fst.c \
@@ -41,7 +40,9 @@ cc -g -O0 -pthread -DRANDOM_<alg> -I../.. -lstdthreads -Wall \
 	-o unit_test
 ./unit_test
 
-Where <alg> is YARROW or FORTUNA.
+Where <alg> is FORTUNA. The parameterisation is a leftover from
+when Yarrow was an option, and remains to enable the testing of
+possible future algorithms.
 */
 
 #include <sys/types.h>
@@ -157,7 +158,6 @@ RunHarvester(void *arg __unused)
 		e.he_somecounter = i;
 		*((uint64_t *)e.he_entropy) = random();
 		e.he_size = 8;
-		e.he_bits = random()%4;
 		e.he_destination = i;
 		e.he_source = (i + 3)%7;
 		e.he_next = NULL;
diff --git a/sys/dev/random/unit_test.h b/sys/dev/random/unit_test.h
index 3c05ad0bf0f66..adca19efeadd2 100644
--- a/sys/dev/random/unit_test.h
+++ b/sys/dev/random/unit_test.h
@@ -74,9 +74,8 @@ enum random_entropy_source {
 struct harvest_event {
 	uintmax_t			he_somecounter;		/* fast counter for clock jitter */
 	uint32_t			he_entropy[HARVESTSIZE];/* some harvested entropy */
-	u_int				he_size;		/* harvested entropy byte count */
-	u_int				he_bits;		/* stats about the entropy */
-	u_int				he_destination;		/* destination pool of this entropy */
+	uint8_t				he_size;		/* harvested entropy byte count */
+	uint8_t				he_destination;		/* destination pool of this entropy */
 	enum random_entropy_source	he_source;		/* origin of the entropy */
 	void *				he_next;		/* next item on the list */
 };
diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c
deleted file mode 100644
index 40fc6cd9162e2..0000000000000
--- a/sys/dev/random/yarrow.c
+++ /dev/null
@@ -1,395 +0,0 @@
-/*-
- * Copyright (c) 2000-2015 Mark R V Murray
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#ifdef _KERNEL
-#include <sys/param.h>
-#include <sys/lock.h>
-#include <sys/malloc.h>
-#include <sys/mutex.h>
-#include <sys/random.h>
-#include <sys/sdt.h>
-#include <sys/sysctl.h>
-#include <sys/systm.h>
-
-#include <machine/cpu.h>
-
-#include <crypto/rijndael/rijndael-api-fst.h>
-#include <crypto/sha2/sha256.h>
-
-#include <dev/random/hash.h>
-#include <dev/random/randomdev.h>
-#include <dev/random/random_harvestq.h>
-#include <dev/random/uint128.h>
-#include <dev/random/yarrow.h>
-#else /* !_KERNEL */
-#include <inttypes.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-#include <threads.h>
-
-#include "unit_test.h"
-
-#include <crypto/rijndael/rijndael-api-fst.h>
-#include <crypto/sha2/sha256.h>
-
-#include <dev/random/hash.h>
-#include <dev/random/randomdev.h>
-#include <dev/random/uint128.h>
-#include <dev/random/yarrow.h>
-#endif /* _KERNEL */
-
-#define	RANDOM_YARROW_TIMEBIN	16	/* max value for Pt/t */
-
-#define	RANDOM_YARROW_FAST	0
-#define	RANDOM_YARROW_SLOW	1
-#define	RANDOM_YARROW_NPOOLS	2
-
-/* This algorithm (and code) presumes that RANDOM_KEYSIZE is twice as large as RANDOM_BLOCKSIZE */
-CTASSERT(RANDOM_BLOCKSIZE == sizeof(uint128_t));
-CTASSERT(RANDOM_KEYSIZE == 2*RANDOM_BLOCKSIZE);
-
-/* Probes for dtrace(1) */
-SDT_PROVIDER_DECLARE(random);
-SDT_PROVIDER_DEFINE(random);
-SDT_PROBE_DEFINE3(random, yarrow, event_processor, debug, "boolean", "u_int", "struct ys_pool *");
-
-/*
- * This is the beastie that needs protecting. It contains all of the
- * state that we are excited about. Exactly one is instantiated.
- */
-static struct yarrow_state {
-	uint128_t ys_counter;		/* C */
-	struct randomdev_key ys_key;	/* K */
-	u_int ys_gengateinterval;	/* Pg */
-	u_int ys_bins;			/* Pt/t */
-	u_int ys_outputblocks;		/* count output blocks for gates */
-	u_int ys_slowoverthresh;	/* slow pool overthreshhold reseed count */
-	struct ys_pool {
-		u_int ysp_source_bits[ENTROPYSOURCE];	/* estimated bits of entropy per source */
-		u_int ysp_thresh;	/* pool reseed threshold */
-		struct randomdev_hash ysp_hash;	/* accumulated entropy */
-	} ys_pool[RANDOM_YARROW_NPOOLS];/* pool[0] is fast, pool[1] is slow */
-	bool ys_seeded;
-	/* Reseed lock */
-	mtx_t ys_mtx;
-} yarrow_state;
-
-#ifdef _KERNEL
-static struct sysctl_ctx_list random_clist;
-RANDOM_CHECK_UINT(gengateinterval, 4, 64);
-RANDOM_CHECK_UINT(bins, RANDOM_YARROW_NPOOLS, 16);
-RANDOM_CHECK_UINT(fastthresh, (RANDOM_BLOCKSIZE*8)/4, (RANDOM_BLOCKSIZE*8)); /* Bit counts */
-RANDOM_CHECK_UINT(slowthresh, (RANDOM_BLOCKSIZE*8)/4, (RANDOM_BLOCKSIZE*8)); /* Bit counts */
-RANDOM_CHECK_UINT(slowoverthresh, 1, 5);
-#endif /* _KERNEL */
-
-static void random_yarrow_pre_read(void);
-static void random_yarrow_read(uint8_t *, u_int);
-static bool random_yarrow_seeded(void);
-static void random_yarrow_process_event(struct harvest_event *);
-static void random_yarrow_init_alg(void *);
-static void random_yarrow_deinit_alg(void *);
-
-static void random_yarrow_reseed_internal(u_int);
-
-struct random_algorithm random_alg_context = {
-	.ra_ident = "Yarrow",
-	.ra_init_alg = random_yarrow_init_alg,
-	.ra_deinit_alg = random_yarrow_deinit_alg,
-	.ra_pre_read = random_yarrow_pre_read,
-	.ra_read = random_yarrow_read,
-	.ra_seeded = random_yarrow_seeded,
-	.ra_event_processor = random_yarrow_process_event,
-	.ra_poolcount = RANDOM_YARROW_NPOOLS,
-};
-
-/* ARGSUSED */
-static void
-random_yarrow_init_alg(void *unused __unused)
-{
-	int i, j;
-#ifdef _KERNEL
-	struct sysctl_oid *random_yarrow_o;
-#endif
-
-	RANDOM_RESEED_INIT_LOCK();
-	/* Start unseeded, therefore blocked. */
-	yarrow_state.ys_seeded = false;
-#ifdef _KERNEL
-	/*
-	 * Yarrow parameters. Do not adjust these unless you have
-	 * have a very good clue about what they do!
-	 */
-	random_yarrow_o = SYSCTL_ADD_NODE(&random_clist,
-		SYSCTL_STATIC_CHILDREN(_kern_random),
-		OID_AUTO, "yarrow", CTLFLAG_RW, 0,
-		"Yarrow Parameters");
-	SYSCTL_ADD_PROC(&random_clist,
-		SYSCTL_CHILDREN(random_yarrow_o), OID_AUTO,
-		"gengateinterval", CTLTYPE_UINT | CTLFLAG_RWTUN,
-		&yarrow_state.ys_gengateinterval, 0,
-		random_check_uint_gengateinterval, "UI",
-		"Generation gate interval");
-	SYSCTL_ADD_PROC(&random_clist,
-		SYSCTL_CHILDREN(random_yarrow_o), OID_AUTO,
-		"bins", CTLTYPE_UINT | CTLFLAG_RWTUN,
-		&yarrow_state.ys_bins, 0,
-		random_check_uint_bins, "UI",
-		"Execution time tuner");
-	SYSCTL_ADD_PROC(&random_clist,
-		SYSCTL_CHILDREN(random_yarrow_o), OID_AUTO,
-		"fastthresh", CTLTYPE_UINT | CTLFLAG_RWTUN,
-		&yarrow_state.ys_pool[0].ysp_thresh, 0,
-		random_check_uint_fastthresh, "UI",
-		"Fast reseed threshold");
-	SYSCTL_ADD_PROC(&random_clist,
-		SYSCTL_CHILDREN(random_yarrow_o), OID_AUTO,
-		"slowthresh", CTLTYPE_UINT | CTLFLAG_RWTUN,
-		&yarrow_state.ys_pool[1].ysp_thresh, 0,
-		random_check_uint_slowthresh, "UI",
-		"Slow reseed threshold");
-	SYSCTL_ADD_PROC(&random_clist,
-		SYSCTL_CHILDREN(random_yarrow_o), OID_AUTO,
-		"slowoverthresh", CTLTYPE_UINT | CTLFLAG_RWTUN,
-		&yarrow_state.ys_slowoverthresh, 0,
-		random_check_uint_slowoverthresh, "UI",
-		"Slow over-threshold reseed");
-#endif /* _KERNEL */
-	yarrow_state.ys_gengateinterval = 10;
-	yarrow_state.ys_bins = 10;
-	yarrow_state.ys_pool[RANDOM_YARROW_FAST].ysp_thresh = (3*(RANDOM_BLOCKSIZE*8))/4;
-	yarrow_state.ys_pool[RANDOM_YARROW_SLOW].ysp_thresh = (RANDOM_BLOCKSIZE*8);
-	yarrow_state.ys_slowoverthresh = 2;
-	/* Ensure that the first time we read, we are gated. */
-	yarrow_state.ys_outputblocks = yarrow_state.ys_gengateinterval;
-	/* Initialise the fast and slow entropy pools */
-	for (i = RANDOM_YARROW_FAST; i <= RANDOM_YARROW_SLOW; i++) {
-		randomdev_hash_init(&yarrow_state.ys_pool[i].ysp_hash);
-		for (j = RANDOM_START; j < ENTROPYSOURCE; j++)
-			yarrow_state.ys_pool[i].ysp_source_bits[j] = 0;
-	}
-	/* Clear the counter */
-	yarrow_state.ys_counter = UINT128_ZERO;
-}
-
-/* ARGSUSED */
-static void
-random_yarrow_deinit_alg(void *unused __unused)
-{
-
-	RANDOM_RESEED_DEINIT_LOCK();
-	explicit_bzero(&yarrow_state, sizeof(yarrow_state));
-#ifdef _KERNEL
-	sysctl_ctx_free(&random_clist);
-#endif
-}
-
-/* Process a single stochastic event off the harvest queue */
-static void
-random_yarrow_process_event(struct harvest_event *event)
-{
-	u_int pl, overthreshhold[RANDOM_YARROW_NPOOLS];
-	enum random_entropy_source src;
-
-	RANDOM_RESEED_LOCK();
-	/*
-	 * Accumulate the event into the appropriate pool
-	 * where each event carries the destination information.
-	 * We lock against pool state modification which can happen
-	 * during accumulation/reseeding and reading/regating
-	 */
-	pl = event->he_destination % RANDOM_YARROW_NPOOLS;
-	randomdev_hash_iterate(&yarrow_state.ys_pool[pl].ysp_hash, event, sizeof(*event));
-	yarrow_state.ys_pool[pl].ysp_source_bits[event->he_source] += event->he_bits;
-	/* Count the over-threshold sources in each pool */
-	for (pl = RANDOM_YARROW_FAST; pl <= RANDOM_YARROW_SLOW; pl++) {
-		overthreshhold[pl] = 0;
-		for (src = RANDOM_START; src < ENTROPYSOURCE; src++) {
-			if (yarrow_state.ys_pool[pl].ysp_source_bits[src] > yarrow_state.ys_pool[pl].ysp_thresh)
-				overthreshhold[pl]++;
-		}
-	}
-	/*
-	 * If enough slow sources are over threshold, then slow reseed
-	 * else if any fast source over threshold, then fast reseed.
-	 */
-	if (overthreshhold[RANDOM_YARROW_SLOW] >= yarrow_state.ys_slowoverthresh)
-		random_yarrow_reseed_internal(RANDOM_YARROW_SLOW);
-	else if (overthreshhold[RANDOM_YARROW_FAST] > 0 && yarrow_state.ys_seeded)
-		random_yarrow_reseed_internal(RANDOM_YARROW_FAST);
-	explicit_bzero(event, sizeof(*event));
-	RANDOM_RESEED_UNLOCK();
-}
-
-static void
-random_yarrow_reseed_internal(u_int fastslow)
-{
-	/*
-	 * Interrupt-context stack is a limited resource; make large
-	 * structures static.
-	 */
-	static uint8_t v[RANDOM_YARROW_TIMEBIN][RANDOM_KEYSIZE];	/* v[i] */
-	static uint128_t temp;
-	static struct randomdev_hash context;
-	u_int i;
-	enum random_entropy_source j;
-
-	KASSERT(yarrow_state.ys_pool[RANDOM_YARROW_FAST].ysp_thresh > 0, ("random: Yarrow fast threshold = 0"));
-	KASSERT(yarrow_state.ys_pool[RANDOM_YARROW_SLOW].ysp_thresh > 0, ("random: Yarrow slow threshold = 0"));
-	RANDOM_RESEED_ASSERT_LOCK_OWNED();
-	SDT_PROBE3(random, yarrow, event_processor, debug, yarrow_state.ys_seeded, yarrow_state.ys_slowoverthresh, yarrow_state.ys_pool);
-	/* 1. Hash the accumulated entropy into v[0] */
-	randomdev_hash_init(&context);
-	/* Feed the slow pool hash in if slow */
-	if (fastslow == RANDOM_YARROW_SLOW) {
-		randomdev_hash_finish(&yarrow_state.ys_pool[RANDOM_YARROW_SLOW].ysp_hash, &temp);
-		randomdev_hash_iterate(&context, &temp, sizeof(temp));
-	}
-	randomdev_hash_finish(&yarrow_state.ys_pool[RANDOM_YARROW_FAST].ysp_hash, &temp);
-	randomdev_hash_iterate(&context, &temp, sizeof(temp));
-	randomdev_hash_finish(&context, v[0]);
-	/*-
-	 * 2. Compute hash values for all v. _Supposed_ to be computationally
-	 *    intensive.
-	 */
-	if (yarrow_state.ys_bins > RANDOM_YARROW_TIMEBIN)
-		yarrow_state.ys_bins = RANDOM_YARROW_TIMEBIN;
-	for (i = 1; i < yarrow_state.ys_bins; i++) {
-		randomdev_hash_init(&context);
-		/* v[i] #= h(v[i - 1]) */
-		randomdev_hash_iterate(&context, v[i - 1], RANDOM_KEYSIZE);
-		/* v[i] #= h(v[0]) */
-		randomdev_hash_iterate(&context, v[0], RANDOM_KEYSIZE);
-		/* v[i] #= h(i) */
-		randomdev_hash_iterate(&context, &i, sizeof(i));
-		/* Return the hashval */
-		randomdev_hash_finish(&context, v[i]);
-	}
-	/*-
-	 * 3. Compute a new key; h' is the identity function here;
-	 *    it is not being ignored!
-	 */
-	randomdev_hash_init(&context);
-	randomdev_hash_iterate(&context, &yarrow_state.ys_key, RANDOM_KEYSIZE);
-	for (i = 1; i < yarrow_state.ys_bins; i++)
-		randomdev_hash_iterate(&context, v[i], RANDOM_KEYSIZE);
-	randomdev_hash_finish(&context, &temp);
-	randomdev_encrypt_init(&yarrow_state.ys_key, &temp);
-	/* 4. Recompute the counter */
-	yarrow_state.ys_counter = UINT128_ZERO;
-	randomdev_encrypt(&yarrow_state.ys_key, &yarrow_state.ys_counter, &temp, RANDOM_BLOCKSIZE);
-	yarrow_state.ys_counter = temp;
-	/* 5. Reset entropy estimate accumulators to zero */
-	for (i = 0; i <= fastslow; i++)
-		for (j = RANDOM_START; j < ENTROPYSOURCE; j++)
-			yarrow_state.ys_pool[i].ysp_source_bits[j] = 0;
-	/* 6. Wipe memory of intermediate values */
-	explicit_bzero(v, sizeof(v));
-	explicit_bzero(&temp, sizeof(temp));
-	explicit_bzero(&context, sizeof(context));
-/* Not defined so writes ain't gonna happen. Kept for documenting. */
-#ifdef RANDOM_RWFILE_WRITE_IS_OK
-	/*-
-         * 7. Dump to seed file.
-	 * This pseudo-code is documentation. Please leave it alone.
-	 */
-	seed_file = "<some file>";
-	error = randomdev_write_file(seed_file, <generated entropy>, PAGE_SIZE);
-	if (error == 0)
-		printf("random: entropy seed file '%s' successfully written\n", seed_file);
-#endif
-	/* Unblock the device if it was blocked due to being unseeded */
-	if (!yarrow_state.ys_seeded) {
-		yarrow_state.ys_seeded = true;
-		randomdev_unblock();
-	}
-}
-
-static __inline void
-random_yarrow_generator_gate(void)
-{
-	u_int i;
-	uint8_t temp[RANDOM_KEYSIZE];
-
-	RANDOM_RESEED_ASSERT_LOCK_OWNED();
-	uint128_increment(&yarrow_state.ys_counter);
-	for (i = 0; i < RANDOM_KEYSIZE; i += RANDOM_BLOCKSIZE)
-		randomdev_encrypt(&yarrow_state.ys_key, &yarrow_state.ys_counter, temp + i, RANDOM_BLOCKSIZE);
-	randomdev_encrypt_init(&yarrow_state.ys_key, temp);
-	explicit_bzero(temp, sizeof(temp));
-}
-
-/*-
- * Used to return processed entropy from the PRNG. There is a pre_read
- * required to be present (but it can be a stub) in order to allow
- * specific actions at the begin of the read.
- * Yarrow does its reseeding in its own thread; _pre_read() is not used
- * by Yarrow but must be kept for completeness.
- */
-void
-random_yarrow_pre_read(void)
-{
-}
-
-/*-
- * Main read from Yarrow.
- * The supplied buf MUST be a multiple (>=0) of RANDOM_BLOCKSIZE in size.
- * Lots of code presumes this for efficiency, both here and in other
- * routines. You are NOT allowed to break this!
- */
-void
-random_yarrow_read(uint8_t *buf, u_int bytecount)
-{
-	u_int blockcount, i;
-
-	KASSERT((bytecount % RANDOM_BLOCKSIZE) == 0, ("%s(): bytecount (= %d) must be a multiple of %d", __func__, bytecount, RANDOM_BLOCKSIZE ));
-	RANDOM_RESEED_LOCK();
-	blockcount = howmany(bytecount, RANDOM_BLOCKSIZE);
-	for (i = 0; i < blockcount; i++) {
-		if (yarrow_state.ys_outputblocks++ >= yarrow_state.ys_gengateinterval) {
-			random_yarrow_generator_gate();
-			yarrow_state.ys_outputblocks = 0;
-		}
-		uint128_increment(&yarrow_state.ys_counter);
-		randomdev_encrypt(&yarrow_state.ys_key, &yarrow_state.ys_counter, buf, RANDOM_BLOCKSIZE);
-		buf += RANDOM_BLOCKSIZE;
-	}
-	RANDOM_RESEED_UNLOCK();
-}
-
-bool
-random_yarrow_seeded(void)
-{
-
-	return (yarrow_state.ys_seeded);
-}
diff --git a/sys/dev/random/yarrow.h b/sys/dev/random/yarrow.h
deleted file mode 100644
index a08d1070e89bd..0000000000000
--- a/sys/dev/random/yarrow.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*-
- * Copyright (c) 2000-2015 Mark R V Murray
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer
- *    in this position and unchanged.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#ifndef SYS_DEV_RANDOM_YARROW_H_INCLUDED
-#define	SYS_DEV_RANDOM_YARROW_H_INCLUDED
-
-#ifdef _KERNEL
-typedef struct mtx mtx_t;
-#define	RANDOM_RESEED_INIT_LOCK(x)		mtx_init(&yarrow_state.ys_mtx, "reseed mutex", NULL, MTX_DEF)
-#define	RANDOM_RESEED_DEINIT_LOCK(x)		mtx_destroy(&yarrow_state.ys_mtx)
-#define	RANDOM_RESEED_LOCK(x)			mtx_lock(&yarrow_state.ys_mtx)
-#define	RANDOM_RESEED_UNLOCK(x)			mtx_unlock(&yarrow_state.ys_mtx)
-#define	RANDOM_RESEED_ASSERT_LOCK_OWNED(x)	mtx_assert(&yarrow_state.ys_mtx, MA_OWNED)
-#else
-#define	RANDOM_RESEED_INIT_LOCK(x)		mtx_init(&yarrow_state.ys_mtx, mtx_plain)
-#define	RANDOM_RESEED_DEINIT_LOCK(x)		mtx_destroy(&yarrow_state.ys_mtx)
-#define	RANDOM_RESEED_LOCK(x)			mtx_lock(&yarrow_state.ys_mtx)
-#define	RANDOM_RESEED_UNLOCK(x)			mtx_unlock(&yarrow_state.ys_mtx)
-#define	RANDOM_RESEED_ASSERT_LOCK_OWNED(x)
-#endif
-
-#endif /* SYS_DEV_RANDOM_YARROW_H_INCLUDED */