| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
No functional change.
Reviewed by: markj, markm
Approved by: secteam (delphij), core (brooks)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D19409
(cherry picked from commit e66ccbeaa3613d022dbc07b9f7403c6bfbe40be6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set debug.fail_point.random_fortuna_pre_read=return(1) and
debug.fail_point.random_fortuna_seeded=return(1) to return to unseeded
status (sort of). See the Differential URL for more detail.
The goal is to reproduce e.g. Lev's recent CURRENT report[1] about failing
newfs arc4random(3) usage (fixed in r338542).
No functional change when failpoints are not set.
[1]: https://lists.freebsd.org/pipermail/freebsd-current/2018-September/071067.html
Reported by: lev
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D17047
(cherry picked from commit 9b8d0fe462b2f3f689cb87fe34bd42c388e23d49)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Also drop explicit zeroing of hash context -- hash finish() operation is
expected to do this.
PR: 230877
Suggested by: delphij@
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16986
(cherry picked from commit 7be4093a844e80a591221e93d03f3daf6a972be3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'i' counts the number of pools included in the array 's'. Passing 'i+1' to
reseed_internal() as the number of blocks in 's' is a bogus overrun of the
initialized portion of 's' -- technically UB.
I found this via code inspection, referencing §9.5.2 "Pools" of the Fortuna
chapter, but I would expect Coverity to notice the same issue.
Unfortunately, it doesn't appear to.
Reviewed by: markm
Approved by: secteam (gordon)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16985
(cherry picked from commit 9a88479843e2314018f66fd2cdad5ae0200393d0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If multiple threads enter fortuna_pre_read contemporaneously, such as via
read(2) or getrandom(2), they could race to check how long it has been since
the last update due to a TOCTOU problem with 'now'.
Here is an example problematic execution:
Thread A: Thread B:
now_A = getsbinuptime();
now_B = getsbinuptime(); // now_B > now_A
RANDOM_RESEED_LOCK();
if (now - fs_lasttime > SBT_1S/10) {
fs_lasttime = now;
... // reseed
}
RANDOM_RESEED_UNLOCK();
RANDOM_RESEED_LOCK();
if (now_A - fs_lasttime > SBT_1S/10) // now_A - fs_lasttime underflows
fs_lasttime = now_A;
... // reseed again, despite less than 100ms elapsing
}
RANDOM_RESEED_UNLOCK();
To resolve the race, simply check the current time after we win the lock
race.
If getsbinuptime is perceived to be expensive, another option might be to
just accept the race and validate that fs_lasttime isn't "in the future."
(It should be within the last ~2^31 seconds out of ~2^32 seconds
representable duration.)
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16984
(cherry picked from commit 5528565a76f5caae336d4f13213108dc1fad4ae0)
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove unnecessary use of function-local static variable. 32 bytes is
small enough to live on the stack.
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16937
(cherry picked from commit 494dda455cd1dad0277a35e292735243f92ec10a)
|
| |
|
|
|
|
|
|
|
|
|
| |
FS&K GenerateBlocks function asserts C (counter) != 0. This should also
be true in our implementation.
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16936
(cherry picked from commit 84880efae7040bb55e6f63166f53158135574e3a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When reseeding, only incorporate actual key material. Do not include e.g.
the derived key schedules or other AES context.
I don't think the extra material was harmful here, just not beneficial.
Reviewed by: delphij, markm
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D16934
(cherry picked from commit 90545403e9d293efb0b843a75ad02361eadaae6d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r345438:
Allow using TPM as entropy source
TPM has a built-in RNG, with its own entropy source.
The driver was extended to harvest 16 random bytes from TPM every 10 seconds.
A new build option "TPM_HARVEST" was introduced - for now, however, it
is not enabled by default in the GENERIC config.
r345842:
Add a cv_wait to the TPM2.0 harvesting function
r346259:
tpm: Prevent session hijack
r346261:
Improve tpm20 style
Submitted by: Kornel Duleba <mindal@semihalf.com>
Obtained from: Semihalf
Sponsored by: Stormshield
Notes:
svn path=/stable/12/; revision=346724
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In both scenarios a timeout (EWOULDBLOCK) is considered as a
normal condition and the error should not pop up to upper layers.
PR: 231181
Submitted by: cem
Reported by: lev
Reviewed by: vangyzen, markm, delphij
Approved by: re (kib)
Approved by: secteam (delphij)
Differential Revision: https://reviews.freebsd.org/D17049
Notes:
svn path=/head/; revision=338542
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
given in random(4).
This includes updating of the relevant man pages, and no-longer-used
harvesting parameters.
Ensure that the pseudo-unit-test still does something useful, now also
with the "other" algorithm instead of Yarrow.
PR: 230870
Reviewed by: cem
Approved by: so(delphij,gtetlow)
Approved by: re(marius)
Differential Revision: https://reviews.freebsd.org/D16898
Notes:
svn path=/head/; revision=338324
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for security, and the excess just slows things down badly.
PR: 230808
Submitted by: rwmaillists@googlemail.com, but tweeked by me
Reported by: Danilo Egea Gondolfo <danilo@FreeBSD.org>
Reviewed by: cem,delphij
Approved by: re(rgrimes)
Approved by: so(delphij)
MFC after: 1 Month
Differential Revision: https://reviews.freebsd.org/D16873
Notes:
svn path=/head/; revision=338293
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
making the kernel process way too busy.
PR: 230808
Submitted by: Conrad Meyer <cem@FreeBSD.org>
Reported by: Danilo Egea Gondolfo <danilo@FreeBSD.org>
Reviewed by: cem,delphij
Approved by: re(rgrimes)
Approved by: so(delphij)
MFC after: 1 Month
Security: Yes
Differential Revision: https://reviews.freebsd.org/D16872
Notes:
svn path=/head/; revision=338292
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
PowerISA 3.0 adds a 'darn' instruction to "deliver a random number". This
driver was modeled after (rather, copied and gutted of) the Ivy Bridge
rdrand driver.
This uses the "Conditional Random Number" behavior to remove input bias.
From the ISA reference the 'darn' instruction, and the random number
generator backing it, conforms to the NIST SP800-90B and SP800-90C
standards, compliant to the extent possible at the time the hardware was
designed, and guarantees a minimum 0.5 bits of entropy per bit returned.
Reviewed By: markm, secteam (delphij)
Approved by: secteam (delphij)
Differential Revision: https://reviews.freebsd.org/D16552
Notes:
svn path=/head/; revision=337953
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- move harvest mask check inline
- move harvest mask to frequently_read out of actively
modified cache line
- disable ether_input collection and describe its limitations
in NOTES
Typically entropy collection in ether_input was stirring zero
in to the entropy pool while at the same time greatly reducing
max pps. This indicates that perhaps we should more closely
scrutinize how much entropy we're getting from a given source
as well as what our actual entropy collection needs are for
seeding Yarrow.
Reviewed by: cem, gallatin, delphij
Approved by: secteam
Differential Revision: https://reviews.freebsd.org/D15526
Notes:
svn path=/head/; revision=334450
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Occasionally poll for signals during large reads of the /dev/u?random
devices. This allows cancellation via SIGINT of accidental invocations of
very large reads. (A 2GB /dev/random read, which takes about 10 seconds on
my 2017 AMD Zen processor, can be aborted.)
I believe this behavior was intended since 2014 (r273997), just not fully
implemented.
This is motivated by a potential getrandom(2) interface that may not
explicitly forbid extremely large reads on 64-bit platforms -- even larger
than the 2GB limit imposed on devfs I/O by default. Such reads, if they are
to be allowed, should be cancellable by the user or administrator.
Reviewed by: delphij
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D14684
Notes:
svn path=/head/; revision=331070
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No implementation of fpu_kern_enter() can fail, and it was causing needless
error checking boilerplate and confusion. Change the return code to void to
match reality.
(This trivial change took nine days to land because of the commit hook on
sys/dev/random. Please consider removing the hook or otherwise lowering the
bar -- secteam never seems to have free time to review patches.)
Reported by: Lachlan McIlroy <Lachlan.McIlroy AT isilon.com>
Reviewed by: delphij
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D14380
Notes:
svn path=/head/; revision=329878
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The implementation will follow (D12723). For now, get the changes to
commit-protected files out of the way.
Approved by: secteam (gordon)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D13925
Notes:
svn path=/head/; revision=328038
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At initialization, hc_source_mask only includes non-Pure sources.
The patch changes source registration to enable the registered source in the
hc_source_mask bitmask. This mask governs which sources are harvested.
This patch also disallows userspace from disabling such sources.
PR: 222807
Submitted by: W. Dean Freeman <badfilemagic AT gmail.com>
Reviewed by: jmg (earlier version), delphij
Approved by: secteam (delphij)
Obtained from: HBSD 0054e3e170e083811acc9f3b637f8be8a86c03e7
Security: yes
Differential Revision: https://reviews.freebsd.org/D12611
Notes:
svn path=/head/; revision=324394
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add source descriptions missed in r260847, r303035.
While here, convert the array to C99 initializers.
Reviewed by: delphij
Approved by: secteam (delphij)
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12618
Notes:
svn path=/head/; revision=324393
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The later fields of the harvest_event structure are predictable and provide
little value to the entropy pool. Only feed in the relatively high entropy
counter and explicit entropy buffer to increase measured input entropy.
See also:
https://people.freebsd.org/~jmg/vbsdcon_2017_ddfreebsdrng_slides.pdf
PR: 222807
Submitted by: W. Dean Freeman <badfilemagic AT gmail.com>
Reviewed by: jmg (earlier version), delphij
Approved by: secteam (delphij)
Obtained from: HBSD 8d809124d563937edd84c9c9d5494406e359c55c
Security: no -- low entropy marginal input has no known negative affect on pool quality
Differential Revision: https://reviews.freebsd.org/D12610
Notes:
svn path=/head/; revision=324372
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
numbers with Chacha20. Keep the API, though, as that is what the
other *BSD's have done.
Use the boot-time entropy stash (if present) to bootstrap the
in-kernel entropy source.
Reviewed by: delphij,rwatson
Approved by: so(delphij)
MFC after: 2 months
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D10048
Notes:
svn path=/head/; revision=317015
|
| |
|
|
|
|
|
| |
Approved by: so (implicit)
Notes:
svn path=/head/; revision=301735
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a warning that occurs in a number of files that use the
random_harvest_queue function.
Differential Revision: https://reviews.freebsd.org/D4229
Submitted by: stevek@juniper.net
Reviewed by: markm
Approved by: so
Notes:
svn path=/head/; revision=301713
|
| |
|
|
|
|
|
|
|
|
| |
(one manual change to fix grammar)
Confirmed With: db
Approved by: secteam (not really, but this is a comment typo fix)
Notes:
svn path=/head/; revision=300050
|
| |
|
|
|
|
|
|
|
|
| |
No functional change.
Reviewed by: markm
Approved by: so
Notes:
svn path=/head/; revision=298923
|
| |
|
|
|
|
|
|
|
|
|
| |
While here also use howmany() macro from sys/param.h
No functional change.
Reviewed by: markm (roundup replacement part)
Approved by: so
Notes:
svn path=/head/; revision=298593
|
| |
|
|
|
|
|
|
|
|
| |
loadable when not compiled into the kernel.
Approved by: so (delphij)
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=298102
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a no-op currently, but in kernels with earlier AP startup, the
random kthread was trying to use timeouts with sleeps before timers are
working. Wait until SI_SUB_KICK_SCHEDULER to start the random kproc.
Reviewed by: delphij, imp, markm
Approved by: so
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D5712
Notes:
svn path=/head/; revision=297366
|
| |
|
|
|
|
|
|
| |
Found by: PVS-Studio
Approved by: so (implicit)
Notes:
svn path=/head/; revision=295718
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cperciva's libmd implementation is 5-30% faster
The same was done for SHA256 previously in r263218
cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation
Extend sbin/md5 to create sha384(1)
Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}
Reviewed by: cperciva, des, delphij
Approved by: secteam, bapt (mentor)
MFC after: 2 weeks
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3929
Notes:
svn path=/head/; revision=292782
|
| |
|
|
|
|
|
|
| |
Submitted by: jenkins
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=288780
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'rdrand' instruction may occasionally not return random numbers, in
spite of looping attempts to do so. The reusult is a KASSERT/panic.
Reluctantly accept this state-of-affairs, but make a noise about it.
if this 'noise' spams the console, it may be time to discontinue
using that source.
This is written in a general way to account for /any/ source that
might not supply random numbers when required.
Submitted by: jkh (report and slightly different fix)
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=288703
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wanted".
Provide and document the RANDOM_ENABLE_UMA option.
Change RANDOM_FAST to RANDOM_UMA to clarify the harvesting.
Remove RANDOM_DEBUG option, replace with SDT probes. These will be of
use to folks measuring the harvesting effect when deciding whether to
use RANDOM_ENABLE_UMA.
Requested by: scottl and others.
Approved by: so (/dev/random blanket)
Differential Revision: https://reviews.freebsd.org/D3197
Notes:
svn path=/head/; revision=287023
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
if desired.
Retire randomdev_none.c and introduce random_infra.c for resident
infrastructure. Completely stub out random(4) calls in the "without
DEV_RANDOM" case.
Add RANDOM_LOADABLE option to allow loadable Yarrow/Fortuna/LocallyWritten
algorithm. Add a skeleton "other" algorithm framework for folks
to add their own processing code. NIST, anyone?
Retire the RANDOM_DUMMY option.
Build modules for Yarrow, Fortuna and "other".
Use atomics for the live entropy rate-tracking.
Convert ints to bools for the 'seeded' logic.
Move _write() function from the algorithm-specific areas to randomdev.c
Get rid of reseed() function - it is unused.
Tidy up the opt_*.h includes.
Update documentation for random(4) modules.
Fix test program (reviewers, please leave this).
Differential Revision: https://reviews.freebsd.org/D3354
Reviewed by: wblock,delphij,jmg,bjk
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=286839
|
| |
|
|
|
|
|
|
|
| |
pointy hat.
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=285700
|
| |
|
|
|
|
|
| |
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=285693
|
| |
|
|
|
|
|
|
|
| |
console warning spamming while blocked.
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=285692
|
| |
|
|
|
|
|
| |
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=285690
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I performed the commit on a different system as where I wrote the
change. After pulling in the change from Phabricator, I didn't notice
that a single chunk did not apply.
Approved by: secteam (implicit, as intended change was approved)
Pointy hat to: me
Notes:
svn path=/head/; revision=285573
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The random_get() system call works similar to getentropy()/getrandom()
on OpenBSD/Linux. It fills a buffer with random data.
This change introduces a new function, read_random_uio(), that is used
to implement read() on the random devices. We can call into this
function from within the CloudABI compatibility layer.
Approved by: secteam
Reviewed by: jmg, markm, wblock
Obtained from: https://github.com/NuxiNL/freebsd
Differential Revision: https://reviews.freebsd.org/D3053
Notes:
svn path=/head/; revision=285549
|
| |
|
|
|
|
|
|
|
|
|
| |
in units of crypto blocks, so must have adequate space to write.
This means needing to be careful about buffers and keeping track
of external read request length.
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=285439
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Tweek man page.
- Remove all mention of RANDOM_FORTUNA. If the system owner wants YARROW or DUMMY, they ask for it, otherwise they get FORTUNA.
- Tidy up headers a bit.
- Tidy up declarations a bit.
- Make static in a couple of places where needed.
- Move Yarrow/Fortuna SYSINIT/SYSUNINIT to randomdev.c, moving us towards a single file where the algorithm context is used.
- Get rid of random_*_process_buffer() functions. They were only used in one place each, and are better subsumed into those places.
- Remove *_post_read() functions as they are stubs everywhere.
- Assert against buffer size illegalities.
- Clean up some silly code in the randomdev_read() routine.
- Make the harvesting more consistent.
- Make some requested argument name changes.
- Tidy up and clarify a few comments.
- Make some requested comment changes.
- Make some requested macro changes.
* NOTE: the thing calling itself a 'unit test' is not yet a proper
unit test, but it helps me ensure things work. It may be a proper
unit test at some time in the future, but for now please don't make
any assumptions or hold any expectations.
Differential Revision: https://reviews.freebsd.org/D2025
Approved by: so (/dev/random blanket)
Notes:
svn path=/head/; revision=285422
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* GENERAL
- Update copyright.
- Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set
neither to ON, which means we want Fortuna
- If there is no 'device random' in the kernel, there will be NO
random(4) device in the kernel, and the KERN_ARND sysctl will
return nothing. With RANDOM_DUMMY there will be a random(4) that
always blocks.
- Repair kern.arandom (KERN_ARND sysctl). The old version went
through arc4random(9) and was a bit weird.
- Adjust arc4random stirring a bit - the existing code looks a little
suspect.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Redo read_random(9) so as to duplicate random(4)'s read internals.
This makes it a first-class citizen rather than a hack.
- Move stuff out of locked regions when it does not need to be
there.
- Trim RANDOM_DEBUG printfs. Some are excess to requirement, some
behind boot verbose.
- Use SYSINIT to sequence the startup.
- Fix init/deinit sysctl stuff.
- Make relevant sysctls also tunables.
- Add different harvesting "styles" to allow for different requirements
(direct, queue, fast).
- Add harvesting of FFS atime events. This needs to be checked for
weighing down the FS code.
- Add harvesting of slab allocator events. This needs to be checked for
weighing down the allocator code.
- Fix the random(9) manpage.
- Loadable modules are not present for now. These will be re-engineered
when the dust settles.
- Use macros for locks.
- Fix comments.
* src/share/man/...
- Update the man pages.
* src/etc/...
- The startup/shutdown work is done in D2924.
* src/UPDATING
- Add UPDATING announcement.
* src/sys/dev/random/build.sh
- Add copyright.
- Add libz for unit tests.
* src/sys/dev/random/dummy.c
- Remove; no longer needed. Functionality incorporated into randomdev.*.
* live_entropy_sources.c live_entropy_sources.h
- Remove; content moved.
- move content to randomdev.[ch] and optimise.
* src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h
- Remove; plugability is no longer used. Compile-time algorithm
selection is the way to go.
* src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h
- Add early (re)boot-time randomness caching.
* src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h
- Remove; no longer needed.
* src/sys/dev/random/uint128.h
- Provide a fake uint128_t; if a real one ever arrived, we can use
that instead. All that is needed here is N=0, N++, N==0, and some
localised trickery is used to manufacture a 128-bit 0ULLL.
* src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h
- Improve unit tests; previously the testing human needed clairvoyance;
now the test will do a basic check of compressibility. Clairvoyant
talent is still a good idea.
- This is still a long way off a proper unit test.
* src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h
- Improve messy union to just uint128_t.
- Remove unneeded 'static struct fortuna_start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
* src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h
- Improve messy union to just uint128_t.
- Remove unneeded 'staic struct start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
- Fix some magic numbers elsewhere used as FAST and SLOW.
Differential Revision: https://reviews.freebsd.org/D2025
Reviewed by: vsevolod,delphij,rwatson,trasz,jmg
Approved by: so (delphij)
Notes:
svn path=/head/; revision=284959
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
temporary buffer when remaining space is not enough to hold
a whole block.
- yarrow.c: add a comment that we intend to change the code and remove
memcpy's in the future. (*)
Requested by: markm (*)
Reviewed by: markm
Approved by: so (self)
Notes:
svn path=/head/; revision=278950
|
| |
|
|
|
|
|
|
|
|
|
|
| |
causing ZFS panics on boot...
This is purely reviewed and tested by peter.
Reviewed by: peter
Approved by: so (implicit), peter
Notes:
svn path=/head/; revision=278927
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
randomdev_init_reader to change read_random over to the newly installed
adaptor was missed. This means both read_random and arc4random (seeded
from read_random) were not returning very random data. This also
effects userland arc4random as it is seeded from kernel arc4random.
The random devices are uneffected and have returned good randomness
since the change.
All keys generated with a kernel of r273872 must be regenerated with
a kernel with this patch. Keys generated may be predictable.
Remove the warning as log is too early to print anything, and it would
always get printed due to early use of arc4random...
Reviewed by: delphij, markm
Approved by: so (delphij)
Notes:
svn path=/head/; revision=278907
|
| |
|
|
|
|
|
|
|
| |
Noted by: dim
Approved by: secteam (des)
MFC after: 4 days
Notes:
svn path=/head/; revision=274381
|
| |
|
|
|
|
|
|
|
| |
update the Fortuna code to use SHAd-256 as defined in FS&K.
Approved by: so (self)
Notes:
svn path=/head/; revision=274340
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove duplicated sources between standard part of the kernel and
module. In particular, it caused duplicated lock initialization and
sysctl registration, both having bad consequences.
- Add missed source files to module.
- Static part of the kernel provides randomdev module, not
random_adaptors. Correct dependencies.
- Use cdev modules declaration macros.
Approved by: secteam (delphij)
Reviewed by: markm
Notes:
svn path=/head/; revision=274252
|
