FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F12.0 2017-04-16T09:11:02Z 2017-04-16T09:11:02Z Mark Murray markm@FreeBSD.org 2017-04-16T09:11:02Z urn:sha1:150890b0c677625d2a6ca0aec375e33814e60679 numbers with Chacha20. Keep the API, though, as that is what the other *BSD's have done. Use the boot-time entropy stash (if present) to bootstrap the in-kernel entropy source. Reviewed by: delphij,rwatson Approved by: so(delphij) MFC after: 2 months Relnotes: yes Differential Revision: https://reviews.freebsd.org/D10048 2017-03-14T06:00:44Z Xin LI delphij@FreeBSD.org 2017-03-14T06:00:44Z urn:sha1:91868665a935a40a2ec41dcd15213269e7d57a73 that allows us to work on switching to a more modern PRNG. Submitted by: Steven Chamberlain <steven pyro eu org> Approved by: so 2016-11-25T17:20:23Z Fabien Thomas fabient@FreeBSD.org 2016-11-25T17:20:23Z urn:sha1:cdaf963483a3f8b8e0745268b31af227ca90c429 Reported by: mjg Approved by: so MFC after: 1 month 2016-11-25T13:49:33Z Fabien Thomas fabient@FreeBSD.org 2016-11-25T13:49:33Z urn:sha1:dcf3302859e24b26f3b1dff2c8e104fdbe976825 we see a lot of contention on the arc4 lock, used to generate the IV of the ESP output packets. The idea of this patch is to split this mutex in order to reduce the contention on this lock. Reviewed by: delphij, markm, ache Approved by: so Obtained from: emeric.poupon@stormshield.eu MFC after: 1 month Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D8130 2015-06-30T17:00:45Z Mark Murray markm@FreeBSD.org 2015-06-30T17:00:45Z urn:sha1:d1b06863fbc7b142d7afdf2d399087e2fab40f16 * GENERAL - Update copyright. - Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set neither to ON, which means we want Fortuna - If there is no 'device random' in the kernel, there will be NO random(4) device in the kernel, and the KERN_ARND sysctl will return nothing. With RANDOM_DUMMY there will be a random(4) that always blocks. - Repair kern.arandom (KERN_ARND sysctl). The old version went through arc4random(9) and was a bit weird. - Adjust arc4random stirring a bit - the existing code looks a little suspect. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Redo read_random(9) so as to duplicate random(4)'s read internals. This makes it a first-class citizen rather than a hack. - Move stuff out of locked regions when it does not need to be there. - Trim RANDOM_DEBUG printfs. Some are excess to requirement, some behind boot verbose. - Use SYSINIT to sequence the startup. - Fix init/deinit sysctl stuff. - Make relevant sysctls also tunables. - Add different harvesting "styles" to allow for different requirements (direct, queue, fast). - Add harvesting of FFS atime events. This needs to be checked for weighing down the FS code. - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. - Fix the random(9) manpage. - Loadable modules are not present for now. These will be re-engineered when the dust settles. - Use macros for locks. - Fix comments. * src/share/man/... - Update the man pages. * src/etc/... - The startup/shutdown work is done in D2924. * src/UPDATING - Add UPDATING announcement. * src/sys/dev/random/build.sh - Add copyright. - Add libz for unit tests. * src/sys/dev/random/dummy.c - Remove; no longer needed. Functionality incorporated into randomdev.*. * live_entropy_sources.c live_entropy_sources.h - Remove; content moved. - move content to randomdev.[ch] and optimise. * src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h - Remove; plugability is no longer used. Compile-time algorithm selection is the way to go. * src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h - Add early (re)boot-time randomness caching. * src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h - Remove; no longer needed. * src/sys/dev/random/uint128.h - Provide a fake uint128_t; if a real one ever arrived, we can use that instead. All that is needed here is N=0, N++, N==0, and some localised trickery is used to manufacture a 128-bit 0ULLL. * src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h - Improve unit tests; previously the testing human needed clairvoyance; now the test will do a basic check of compressibility. Clairvoyant talent is still a good idea. - This is still a long way off a proper unit test. * src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h - Improve messy union to just uint128_t. - Remove unneeded 'static struct fortuna_start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) * src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h - Improve messy union to just uint128_t. - Remove unneeded 'staic struct start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) - Fix some magic numbers elsewhere used as FAST and SLOW. Differential Revision: https://reviews.freebsd.org/D2025 Reviewed by: vsevolod,delphij,rwatson,trasz,jmg Approved by: so (delphij) 2013-04-19T00:30:52Z Andrey A. Chernov ache@FreeBSD.org 2013-04-19T00:30:52Z urn:sha1:2b50ce65be6c97b3507d45275133df39e95752e8 reinitialization from yarrow right after good entropy is harvested. Approved by: secteam (delphij) MFC after: 1 week 2008-07-26T16:42:45Z Andrey A. Chernov ache@FreeBSD.org 2008-07-26T16:42:45Z urn:sha1:b834665cd5ce6141136f2f7c63d1e495790cf82a just found it in OpenBSD, see their sys/crypto/arc4.c, function rc4_keysetup, line ctx->x = ctx->y = 0; Obtained from: OpenBSD 2008-07-25T15:53:32Z Andrey A. Chernov ache@FreeBSD.org 2008-07-25T15:53:32Z urn:sha1:fff6495ea645e54b761d6d0eb9c7137e64c756b7 "If you don't get a review within a day or two, I would firmly recommend backing out the changes" back out all my changes as unreviewed by secteam@ yet. 2008-07-22T16:16:51Z Andrey A. Chernov ache@FreeBSD.org 2008-07-22T16:16:51Z urn:sha1:d16863efa66ca857d48eeb1b1918457a7556eadb draft-kaukonen-cipher-arcfour-03.txt (3.1.5) 2) Drop first 768 bytes as standard RC4-drop(768) 2003-08-15T06:34:47Z Mike Silbersack silby@FreeBSD.org 2003-08-15T06:34:47Z urn:sha1:2f823fa326f4b593bb8b9e74606e70a864c25426 Minor code reorganization was required, but the only functional change was that the first 1024 bytes of output are thrown out after each reseed, rather than just the initial seed.