FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F12.3.0 2020-05-14T18:59:34Z 2020-05-14T18:59:34Z John Baldwin jhb@FreeBSD.org 2020-05-14T18:59:34Z urn:sha1:4675222ec4c22f97b2ac3a81b0c596c542cb70a3 With the removal of in-tree consumers of DES, Triple DES, and MD5-HMAC, the only algorithm this driver still supports is SHA1-HMAC. This is not very useful as a standalone algorithm (IPsec AH-only with SHA1 would be the only user). This driver has also not been kept up to date with the original driver in OpenBSD which supports a few more cards and AES-CBC on newer cards. The newest card currently supported by this driver was released in 2005. Relnotes: yes 2018-08-26T12:51:46Z Mark Murray markm@FreeBSD.org 2018-08-26T12:51:46Z urn:sha1:19fa89e93888ebfe79d06c7b831bcd39001dce63 given in random(4). This includes updating of the relevant man pages, and no-longer-used harvesting parameters. Ensure that the pseudo-unit-test still does something useful, now also with the "other" algorithm instead of Yarrow. PR: 230870 Reviewed by: cem Approved by: so(delphij,gtetlow) Approved by: re(marius) Differential Revision: https://reviews.freebsd.org/D16898 2018-07-18T00:56:25Z Conrad Meyer cem@FreeBSD.org 2018-07-18T00:56:25Z urn:sha1:1b0909d51a8aa8b5ec5a61c2dc1a69642976a732 Track session objects in the framework, and pass handles between the framework (OCF), consumers, and drivers. Avoid redundancy and complexity in individual drivers by allocating session memory in the framework and providing it to drivers in ::newsession(). Session handles are no longer integers with information encoded in various high bits. Use of the CRYPTO_SESID2FOO() macros should be replaced with the appropriate crypto_ses2foo() function on the opaque session handle. Convert OCF drivers (in particular, cryptosoft, as well as myriad others) to the opaque handle interface. Discard existing session tracking as much as possible (quick pass). There may be additional code ripe for deletion. Convert OCF consumers (ipsec, geom_eli, krb5, cryptodev) to handle-style interface. The conversion is largely mechnical. The change is documented in crypto.9. Inspired by https://lists.freebsd.org/pipermail/freebsd-arch/2018-January/018835.html . No objection from: ae (ipsec portion) Reported by: jhb 2018-07-09T07:21:37Z Conrad Meyer cem@FreeBSD.org 2018-07-09T07:21:37Z urn:sha1:590adc1bc22ba1dfc4e8df656a1ea90144925ac1 The block size is a property of the underlying hash algorithm, and has nothing to do with the HMAC construction. No functional change. 2017-11-27T14:52:40Z Pedro F. Giffuni pfg@FreeBSD.org 2017-11-27T14:52:40Z urn:sha1:718cf2ccb9956613756ab15d7a0e28f2c8e91cab Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. 2015-06-30T17:00:45Z Mark Murray markm@FreeBSD.org 2015-06-30T17:00:45Z urn:sha1:d1b06863fbc7b142d7afdf2d399087e2fab40f16 * GENERAL - Update copyright. - Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set neither to ON, which means we want Fortuna - If there is no 'device random' in the kernel, there will be NO random(4) device in the kernel, and the KERN_ARND sysctl will return nothing. With RANDOM_DUMMY there will be a random(4) that always blocks. - Repair kern.arandom (KERN_ARND sysctl). The old version went through arc4random(9) and was a bit weird. - Adjust arc4random stirring a bit - the existing code looks a little suspect. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Redo read_random(9) so as to duplicate random(4)'s read internals. This makes it a first-class citizen rather than a hack. - Move stuff out of locked regions when it does not need to be there. - Trim RANDOM_DEBUG printfs. Some are excess to requirement, some behind boot verbose. - Use SYSINIT to sequence the startup. - Fix init/deinit sysctl stuff. - Make relevant sysctls also tunables. - Add different harvesting "styles" to allow for different requirements (direct, queue, fast). - Add harvesting of FFS atime events. This needs to be checked for weighing down the FS code. - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. - Fix the random(9) manpage. - Loadable modules are not present for now. These will be re-engineered when the dust settles. - Use macros for locks. - Fix comments. * src/share/man/... - Update the man pages. * src/etc/... - The startup/shutdown work is done in D2924. * src/UPDATING - Add UPDATING announcement. * src/sys/dev/random/build.sh - Add copyright. - Add libz for unit tests. * src/sys/dev/random/dummy.c - Remove; no longer needed. Functionality incorporated into randomdev.*. * live_entropy_sources.c live_entropy_sources.h - Remove; content moved. - move content to randomdev.[ch] and optimise. * src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h - Remove; plugability is no longer used. Compile-time algorithm selection is the way to go. * src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h - Add early (re)boot-time randomness caching. * src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h - Remove; no longer needed. * src/sys/dev/random/uint128.h - Provide a fake uint128_t; if a real one ever arrived, we can use that instead. All that is needed here is N=0, N++, N==0, and some localised trickery is used to manufacture a 128-bit 0ULLL. * src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h - Improve unit tests; previously the testing human needed clairvoyance; now the test will do a basic check of compressibility. Clairvoyant talent is still a good idea. - This is still a long way off a proper unit test. * src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h - Improve messy union to just uint128_t. - Remove unneeded 'static struct fortuna_start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) * src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h - Improve messy union to just uint128_t. - Remove unneeded 'staic struct start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) - Fix some magic numbers elsewhere used as FAST and SLOW. Differential Revision: https://reviews.freebsd.org/D2025 Reviewed by: vsevolod,delphij,rwatson,trasz,jmg Approved by: so (delphij) 2015-05-22T17:05:21Z Jung-uk Kim jkim@FreeBSD.org 2015-05-22T17:05:21Z urn:sha1:fd90e2ed54a69bb07d14dcd4e805431ccb7d6cb6 years for head. However, it is continuously misused as the mpsafe argument for callout_init(9). Deprecate the flag and clean up callout_init() calls to make them more consistent. Differential Revision: https://reviews.freebsd.org/D2613 Reviewed by: jhb MFC after: 2 weeks 2014-06-13T19:34:34Z John Baldwin jhb@FreeBSD.org 2014-06-13T19:34:34Z urn:sha1:8d461aafd855e993baa381464e6d235301e01a6a allocation succeeded. Instead, check the tag against NULL. 2014-06-10T20:25:45Z John Baldwin jhb@FreeBSD.org 2014-06-10T20:25:45Z urn:sha1:f07894dbde46f1175eea9107236b97a29f242496 don't create a map before calling bus_dmamem_alloc() (such maps were leaked). It is believed that the extra destroy of the map was generally harmless since bus_dmamem_alloc() often uses special maps for which bus_dmamap_destroy() is a no-op (e.g. on x86). Reviewed by: scottl 2013-10-04T06:55:06Z Mark Murray markm@FreeBSD.org 2013-10-04T06:55:06Z urn:sha1:f02e47dc1e9d7e175ed72ec38c6c14f6375eb3c5 Contains: * Refactor the hardware RNG CPU instruction sources to feed into the software mixer. This is unfinished. The actual harvesting needs to be sorted out. Modified by me (see below). * Remove 'frac' parameter from random_harvest(). This was never used and adds extra code for no good reason. * Remove device write entropy harvesting. This provided a weak attack vector, was not very good at bootstrapping the device. To follow will be a replacement explicit reseed knob. * Separate out all the RANDOM_PURE sources into separate harvest entities. This adds some secuity in the case where more than one is present. * Review all the code and fix anything obviously messy or inconsistent. Address som review concerns while I'm here, like rename the pseudo-rng to 'dummy'. Submitted by: Arthur Mesh <arthurmesh@gmail.com> (the first item)