src-test2/sys/modules/random, branch release/5.2.1

src-test2/sys/modules/random, branch release/5.2.1_cvs FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=release%2F5.2.1_cvs 2004-02-23T15:32:56Z This commit was manufactured by cvs2svn to create tag 2004-02-23T15:32:56Z cvs2svn cvs2svn@FreeBSD.org 2004-02-23T15:32:56Z urn:sha1:84a7b99b4e02a260bf7ff9b540032f4cb7bc612a 'RELENG_5_2_1_RELEASE'. This commit was manufactured to restore the state of the 5.2.1-RELEASE image. Releases prior to 5.3-RELEASE are omitting the secure/ and crypto/ subdirs. Upgrade the random device to use a "real" hash instead of building 2002-07-15T13:58:35Z Mark Murray markm@FreeBSD.org 2002-07-15T13:58:35Z urn:sha1:bbf09ad887f1ebc18052ee12f5074c05d69a4e46 one out of a block cipher. This has 2 advantages: 1) The code is _much_ simpler 2) We aren't committing our security to one algorithm (much as we may think we trust AES). While I'm here, make an explicit reseed do a slow reseed instead of a fast; this is in line with what the original paper suggested. Drop <bsd.man.mk> support from <bsd.kmod.mk>. 2002-01-11T15:49:02Z Ruslan Ermilov ru@FreeBSD.org 2002-01-11T15:49:02Z urn:sha1:17d6c636720d00f77e5d098daf4c278f89d84f7b Not objected to by: -current The /dev/random driver used Rijndael, not Blowfish, now. 2001-03-10T12:57:08Z Mark Murray markm@FreeBSD.org 2001-03-10T12:57:08Z urn:sha1:add3f7f3dfa1947efff4e74b418f2e885b5ed1b0 Clean up Makefile, and remove the last vestiges of NOBLOCKRANDOM. 2001-01-15T19:35:00Z Mark Murray markm@FreeBSD.org 2001-01-15T19:35:00Z urn:sha1:c202cd74f8da7a4d07046577410322914f91a2d6 Use a consistent style and one much closer to the rest of /usr/src 2001-01-06T14:00:42Z David E. O'Brien obrien@FreeBSD.org 2001-01-06T14:00:42Z urn:sha1:c68159a6d8eede11766cf13896d0f7670dbd51aa Default the /dev/random loadable module to blocking-on-bootup, 2000-12-02T18:29:18Z Mark Murray markm@FreeBSD.org 2000-12-02T18:29:18Z urn:sha1:5f7f65f12441ecd1d99c40032fb750b9e206cf9f but leave a commented-out macro to change this. As the blocking model has seems to be troublesome for many, disable 2000-10-27T06:06:04Z Mark Murray markm@FreeBSD.org 2000-10-27T06:06:04Z urn:sha1:5f3431b5ade253e5ea547b3bff5c61145da6c741 it for now with an option. This option is already deprecated, and will be removed when the entropy-harvesting code is fast enough to warrant it. After some complaints about the dir names, the random device is 2000-10-14T10:59:56Z Mark Murray markm@FreeBSD.org 2000-10-14T10:59:56Z urn:sha1:a6278a2a42fc77094f356a290336a0fc395feb05 now in dirs called sys/*/random/ instead of sys/*/randomdev/*. Introduce blocking, but only at startup; the random device will block until the first reseed happens to prevent clients from using untrustworthy output. Provide a read_random() call for the rest of the kernel so that the entropy device does not need to be present. This means that things like IPX no longer need to have "device random" hardcoded into thir kernel config. The downside is that read_random() will provide very poor output until the entropy device is loaded and reseeded. It is recommended that developers do NOT use the read_random() call; instead, they should use arc4random() which internally uses read_random(). Clean up the mutex and locking code a bit; this makes it possible to unload the module again. Large upgrade to the entropy device; mainly inspired by feedback 2000-09-10T13:52:19Z Mark Murray markm@FreeBSD.org 2000-09-10T13:52:19Z urn:sha1:4d87a031c0106945da094f3ea770ea9b4b5fcd6b from many folk. o The reseed process is now a kthread. With SMPng, kthreads are pre-emptive, so the annoying jerkiness of the mouse is gone. o The data structures are protected by mutexes now, not splfoo()/splx(). o The cryptographic routines are broken out into their own subroutines. this facilitates review, and possible replacement if that is ever found necessary. Thanks to: kris, green, peter, jasone, grog, jhb Forgotten to thank: You know who you are; no offense intended.