| Age | Commit message (Collapse) | Author |
|---|
|
|
|
this guarantees the reliability of the arc4_reinit task being run by not
relying on a pool to give us memory in an interrupt context.
ok mpi@
|
|
fix language (feed -> fed) in a comment
16 -> MD5_DIGEST_LENGTH for legibility
No change to resulting object file.
ok djm@
|
|
from hshoexer@; ok tedu@, "looks good" deraadt@
|
|
``-upper_bound % upper_bound''. Simplifies the code and makes it the
same on both ILP32 and LP64 architectures, and also slightly faster on
LP64 architectures by using a 32-bit remainder instead of a 64-bit
remainder.
Pointed out by Jorden Verwer on tech@
ok deraadt; no objections from djm or otto
|
|
and POOLBYTES for write.
looks right to deraadt
|
|
rekeying; ok deraadt@
|
|
|
|
stream discard. this continues to be under discussion... at least this
moves the large-buffer transactions to using a *6 discard
discussed at length with djm and kjell
|
|
|
|
ok deraadt
|
|
supplied by root (it can be large enough to overwhelm the entropy buffer,
and we are doing a re-key almost immediately)
|
|
|
|
at least sparc may not have the clock mapped (found by miod).
while here, protect some more timeout_*() calls with timeout_initialized()
|
|
can make attempts to load 'entropy' into the RC4.
ok miod ariane
|
|
|
|
|
|
|
|
1. only support pool words == 2048.
2. define the amount of key we use.
3. define the amount of rc4 we skip.
4. use arc4random_buf instead of reimplementing inline.
5. bzero some more "secrets".
ok deraadt djm
|
|
side so that entropy events can come in from any kernel context. place
a 2nd very thin mutex at the call-down path as well, so that any context can
request random data. in the middle, meet with a bcopy that has no mutex,
but copying unlocked data is actually a benefit.
move the pool->MD5->RC4init sequence into a workq driven from a timeout,
so that we can do all the heavy work without any mutex held or IPL; only
grab the 2nd mutex to swap to a new RC4 state. (this workq design from tedu)
ok dlg tedu
|
|
do a yield, otherwise an accidental cat by root into /dev/random kind
of makes your machine hurt a lot.
|
|
much like arc4random_buf_large does, but without re-initializing it
every 8K.
ok tedu
|
|
the minor number at all. The chances of an application ignoring the
error on /dev/random are *greater* than the risk of an application
getting bad data from it.
ok dlg tedu kjell
|
|
does not substantially increase the quality of the RC4 state. These
days we may have lots more userland libc's initializing themselves,
or lots of largebuf kernel calls which re-initialize their own RC4,
and thus deplete the MD5 more than originally intended.
discussed at length with tedu, djm, kjell and kettenis
ok kettenis
|
|
we were feeding the MD5 output direct to consumers, but now we only feed
the RC4, so the effect is to throw away half of the stretched data.
ok tedu djm, initial discussion started by kjell
|
|
|
|
it to where it belongs
|
|
|
|
|
|
|
|
block. the kq and poll code should have been replaced with "selltrue"
type code a while ago.
with and ok nicm
|
|
ok djm
|
|
|
|
the rs-> song and dance. Exactly the same diff was written by djm.
|
|
|
|
|
|
|
|
ok kjell djm
|
|
non-essential parts of rnd.c removed so that we can keep our eye on
what the code should be doing.
ok tedu who had a similar diff in the past
|
|
what it is we are doing
ok djm
|
|
ok djm
|
|
ok deraadt
|
|
we do this to prevent people from opening a device that sounds good, but
doesn't have the properties they really need.
ok deraadt
|
|
sysctl.h was reliant on this particular include, and many drivers included
sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed.
ok deraadt
|
|
supported it doesn't do any harm), so put the KNOTE() in selwakeup() itself and
remove it from any occurences where both are used, except one for kqueue itself
and one in sys_pipe.c (where the selwakeup is under a PIPE_SEL flag).
Based on a diff from tedu.
ok deraadt
|
|
should be impossible given the multi-order delta logic
ok deraadt@
|
|
equivalent C code into a rol instruction anyway (confirmed with
objdump -d); "nuke it" weingart@
|
|
|
|
worked on with djm
|
|
This lets early arc4random() calls to return at least non-uniqe values
on different machines. The dmesg will have different MAC addresses,
etc. Also ignore the entropy count in arc4_stir, and just take what's
there. sizeof(struct timeval) should be sizof(struct timespec)
This was forgotten when we switched to nanotime.
With help from mickey.
OK djm@, deraadt@
|
