| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
after discussions with beck deraadt kettenis.
|
|
buffersize is enforced strictly, this supplies sufficient entropy
payload to act as seed material. Discourage general use of this
API, but lock down this function name as the go-to for userland
PRNG seeding. Improve documentation.
ok miod matthew
|
|
I accepted that he's right (again) to seperate this out from heavy
sysctl API and this will simply a variety of things. Functionname
is not used by anyone in the ports tree, so we guess we can use it.
Shocking that no application has a function called this.
ok matthew & others who pushed him to start this early on
|
|
|
|
ok deraadt@
|
|
on first call, very early on, from boot-supplied entropy, then feed from
that. Later when we have more subsystems ready, the main() can properly
initialize the entropy-driven model. Lots of discussion with mikeb.
ok kettenis markus mikeb
|
|
is no longer providing significant value. The random subsystem is in
pretty good state, and moments later userland will feed the dmesg.
ok jsing
|
|
it at startup, or in cpu_startup(). Improve comments to explain what is
happening here.
ok kettenis jsing
|
|
Also allow random_init() to be called later, by moving a few
entropy control initializions into the lower-level _rs_seed() layer.
tested by jsing, phessler and a few others
|
|
|
|
conf/files change isn't enough due to size limits
|
|
|
|
|
|
|
|
this guarantees the reliability of the arc4_reinit task being run by not
relying on a pool to give us memory in an interrupt context.
ok mpi@
|
|
fix language (feed -> fed) in a comment
16 -> MD5_DIGEST_LENGTH for legibility
No change to resulting object file.
ok djm@
|
|
from hshoexer@; ok tedu@, "looks good" deraadt@
|
|
``-upper_bound % upper_bound''. Simplifies the code and makes it the
same on both ILP32 and LP64 architectures, and also slightly faster on
LP64 architectures by using a 32-bit remainder instead of a 64-bit
remainder.
Pointed out by Jorden Verwer on tech@
ok deraadt; no objections from djm or otto
|
|
and POOLBYTES for write.
looks right to deraadt
|
|
rekeying; ok deraadt@
|
|
|
|
stream discard. this continues to be under discussion... at least this
moves the large-buffer transactions to using a *6 discard
discussed at length with djm and kjell
|
|
|
|
ok deraadt
|
|
supplied by root (it can be large enough to overwhelm the entropy buffer,
and we are doing a re-key almost immediately)
|
|
|
|
at least sparc may not have the clock mapped (found by miod).
while here, protect some more timeout_*() calls with timeout_initialized()
|
|
can make attempts to load 'entropy' into the RC4.
ok miod ariane
|
|
|
|
|
|
|
|
1. only support pool words == 2048.
2. define the amount of key we use.
3. define the amount of rc4 we skip.
4. use arc4random_buf instead of reimplementing inline.
5. bzero some more "secrets".
ok deraadt djm
|
|
side so that entropy events can come in from any kernel context. place
a 2nd very thin mutex at the call-down path as well, so that any context can
request random data. in the middle, meet with a bcopy that has no mutex,
but copying unlocked data is actually a benefit.
move the pool->MD5->RC4init sequence into a workq driven from a timeout,
so that we can do all the heavy work without any mutex held or IPL; only
grab the 2nd mutex to swap to a new RC4 state. (this workq design from tedu)
ok dlg tedu
|
|
do a yield, otherwise an accidental cat by root into /dev/random kind
of makes your machine hurt a lot.
|
|
much like arc4random_buf_large does, but without re-initializing it
every 8K.
ok tedu
|
|
the minor number at all. The chances of an application ignoring the
error on /dev/random are *greater* than the risk of an application
getting bad data from it.
ok dlg tedu kjell
|
|
does not substantially increase the quality of the RC4 state. These
days we may have lots more userland libc's initializing themselves,
or lots of largebuf kernel calls which re-initialize their own RC4,
and thus deplete the MD5 more than originally intended.
discussed at length with tedu, djm, kjell and kettenis
ok kettenis
|
|
we were feeding the MD5 output direct to consumers, but now we only feed
the RC4, so the effect is to throw away half of the stretched data.
ok tedu djm, initial discussion started by kjell
|
|
|
|
it to where it belongs
|
|
|
|
|
|
|
|
block. the kq and poll code should have been replaced with "selltrue"
type code a while ago.
with and ok nicm
|
|
ok djm
|
