Re: svn commit: r366620 - in head/sys: conf dev/random/fenestrasX
> On 10 Oct 2020, at 22:45, Conrad Meyer wrote: > > Author: cem > Date: Sat Oct 10 21:45:59 2020 > New Revision: 366620 > URL: https://svnweb.freebsd.org/changeset/base/366620 > > Log: > Add "Fenestras X" alternative /dev/random implementation This is a much needed improvement to the (CS)PRNG, as we are now supporting SMTP architectures with many cores, where this should shine! I have not had the time to do the work myself, so I'm delighted that *someone* got to it! Thanks, Conrad! M -- signature.asc Description: Message signed with OpenPGP
svn commit: r365028 - head
Author: markm Date: Tue Sep 1 08:02:12 2020 New Revision: 365028 URL: https://svnweb.freebsd.org/changeset/base/365028 Log: Add a pointer to csprng@ for the CSPRNG driver. This is enforced anyway by subversion. Modified: head/MAINTAINERS Modified: head/MAINTAINERS == --- head/MAINTAINERSTue Sep 1 07:56:28 2020(r365027) +++ head/MAINTAINERSTue Sep 1 08:02:12 2020(r365028) @@ -82,6 +82,8 @@ pci bus imp,jhb Pre-commit review requested. pmcstudy(8)rrs Pre-commit review requested. procfs des Pre-commit review requested, email only. pseudofs des Pre-commit review requested, email only. +random(4), +random(9) csprng Pre-commit discussion and review required, release/release.sh gjb,re Pre-commit review and regression tests requested. sctp rrs,tuexen Pre-commit review requested (changes need to be backported to github). ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r362466 - in head: contrib/file/magic/Magdir contrib/tcpdump lib/geom/part stand/efi/include stand/i386/boot0 sys/dev/hptmv sys/geom/part usr.bin/fortune/datfiles usr.bin/mkimg usr.sbi
> On 21 Jun 2020, at 17:41, Hans Petter Selasky wrote: > If you got a Master's degree in South Africa under Apartheid, to many people > that is still symbolic. First I've heard of it (yes, I'm South African). > https://en.wikipedia.org/wiki/Apartheid#Education > > Apartheid is not very long ago and the people that experienced this are still > alive. And many of those folks have MSc/MEng/MBA etc degrees, and are not agitating to change them. M -- signature.asc Description: Message signed with OpenPGP
Re: svn commit: r362466 - in head: contrib/file/magic/Magdir contrib/tcpdump lib/geom/part stand/efi/include stand/i386/boot0 sys/dev/hptmv sys/geom/part usr.bin/fortune/datfiles usr.bin/mkimg usr.sbi
> On 21 Jun 2020, at 14:51, Hans Petter Selasky wrote: > > On 2020-06-21 15:46, Hans Petter Selasky wrote: >> On 2020-06-21 15:45, Alexey Dokuchaev wrote: ... -#https://en.wikipedia.org/wiki/Master_boot_record#PTE +#https://en.wikipedia.org/wiki/Main_boot_record#PTE >>> Wikipedia does not have an article with this name. >> Yes, it does: >> https://en.wikipedia.org/wiki/Main_boot_record > > When you enter "main boot record" in the search field, it automagically > redirects to "master boot record". No, it doesn't. "Wikipedia does not have an article with this exact name." M -- signature.asc Description: Message signed with OpenPGP
Re: svn commit: r355747 - in head: . include lib/libc/stdlib lib/libxo
> On 14 Dec 2019, at 08:28, Conrad Meyer wrote: > > Author: cem > Date: Sat Dec 14 08:28:10 2019 > New Revision: 355747 > URL: https://svnweb.freebsd.org/changeset/base/355747 > > Log: > Deprecate sranddev(3) API > > It serves no useful purpose and wasn't as popular as its equally meritless > cousin, srandomdev(3). Good! This is many years overdue. M -- signature.asc Description: Message signed with OpenPGP
svn commit: r341002 - head/sys/conf
Author: markm Date: Mon Nov 26 22:45:58 2018 New Revision: 341002 URL: https://svnweb.freebsd.org/changeset/base/341002 Log: Add dependency to allow if_muge device to be only ethernet device in stripped-down RPI3 kernel. Modified: head/sys/conf/files Modified: head/sys/conf/files == --- head/sys/conf/files Mon Nov 26 22:42:52 2018(r341001) +++ head/sys/conf/files Mon Nov 26 22:45:58 2018(r341002) @@ -3282,7 +3282,7 @@ dev/usb/net/if_urndis.c optional urndis dev/usb/net/ruephy.c optional rue dev/usb/net/usb_ethernet.c optional uether | aue | axe | axge | cdce | \ cue | ipheth | kue | mos | rue | \ -smsc | udav | ure | urndis +smsc | udav | ure | urndis | muge dev/usb/net/uhso.c optional uhso # # USB WLAN drivers ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r338324 - in head: . share/man/man4 share/man/man9 sys/arm/amlogic/aml8726 sys/arm/broadcom/bcm2835 sys/conf sys/dev/glxsb sys/dev/hifn sys/dev/random sys/dev/rndtest sys/dev/safe sys/d...
Author: markm Date: Sun Aug 26 12:51:46 2018 New Revision: 338324 URL: https://svnweb.freebsd.org/changeset/base/338324 Log: Remove the Yarrow PRNG algorithm option in accordance with due notice given in random(4). This includes updating of the relevant man pages, and no-longer-used harvesting parameters. Ensure that the pseudo-unit-test still does something useful, now also with the "other" algorithm instead of Yarrow. PR: 230870 Reviewed by: cem Approved by: so(delphij,gtetlow) Approved by: re(marius) Differential Revision:https://reviews.freebsd.org/D16898 Deleted: head/sys/dev/random/yarrow.c head/sys/dev/random/yarrow.h head/sys/modules/random_yarrow/Makefile Modified: head/UPDATING head/share/man/man4/random.4 head/share/man/man9/random_harvest.9 head/sys/arm/amlogic/aml8726/aml8726_rng.c head/sys/arm/broadcom/bcm2835/bcm2835_rng.c head/sys/conf/NOTES head/sys/conf/files head/sys/conf/options head/sys/dev/glxsb/glxsb.c head/sys/dev/hifn/hifn7751.c head/sys/dev/random/build.sh head/sys/dev/random/fortuna.c head/sys/dev/random/other_algorithm.c head/sys/dev/random/other_algorithm.h head/sys/dev/random/random_harvestq.c head/sys/dev/random/random_harvestq.h head/sys/dev/random/randomdev.c head/sys/dev/random/unit_test.c head/sys/dev/random/unit_test.h head/sys/dev/rndtest/rndtest.c head/sys/dev/safe/safe.c head/sys/dev/syscons/scmouse.c head/sys/dev/syscons/syscons.c head/sys/dev/ubsec/ubsec.c head/sys/dev/virtio/random/virtio_random.c head/sys/dev/vt/vt_core.c head/sys/dev/vt/vt_sysmouse.c head/sys/fs/tmpfs/tmpfs_subr.c head/sys/kern/kern_intr.c head/sys/kern/subr_bus.c head/sys/mips/cavium/octeon_rnd.c head/sys/modules/Makefile head/sys/net/if_ethersubr.c head/sys/net/if_tun.c head/sys/netgraph/ng_iface.c head/sys/sys/random.h head/sys/ufs/ffs/ffs_inode.c head/sys/vm/uma_core.c head/tools/tools/sysdoc/tunables.mdoc Modified: head/UPDATING == --- head/UPDATING Sun Aug 26 05:28:17 2018(r338323) +++ head/UPDATING Sun Aug 26 12:51:46 2018(r338324) @@ -31,6 +31,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20180826: + The Yarrow CSPRNG has been removed from the kernel as it has not been + supported by its designers since at least 2003. Fortuna has been the + default since FreeBSD-11. + 20170822: devctl freeze/that have gone into the tree, the rc scripts have been updated to use them and devmatch has been changed. You should update Modified: head/share/man/man4/random.4 == --- head/share/man/man4/random.4Sun Aug 26 05:28:17 2018 (r338323) +++ head/share/man/man4/random.4Sun Aug 26 12:51:46 2018 (r338324) @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 17, 2015 +.Dd August 26, 2018 .Dt RANDOM 4 .Os .Sh NAME @@ -153,26 +153,15 @@ the device is not created until an "algorithm module" is loaded. -Two of these modules -are built by default, -.Em random_fortuna -and -.Em random_yarrow . +The only module built by default is +.Em random_fortuna . The .Em random_yarrow -module is deprecated, -and will be removed in -.Fx 12. -Use of the Yarrow algorithm -is not encouraged, -but while still present -in the kernel source, -it can be selected with the -.Cd "options RANDOM_YARROW" -kernel option. -Note that these loadable modules -are slightly less efficient -than their compiled-in equivalents. +module was removed in +.Fx 12 . +Note that this loadable module +is slightly less efficient +than its compiled-in equivalent. This is because some functions must be locked against load and unload events, @@ -351,4 +340,4 @@ introduced in The Yarrow algorithm is no longer supported by its authors, -and is therefore deprecated. +and is therefore no longer available. Modified: head/share/man/man9/random_harvest.9 == --- head/share/man/man9/random_harvest.9Sun Aug 26 05:28:17 2018 (r338323) +++ head/share/man/man9/random_harvest.9Sun Aug 26 12:51:46 2018 (r338324) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 13, 2015 +.Dd August 26, 2018 .Dt RANDOM_HARVEST 9 .Os .Sh NAME @@ -38,21 +38,18 @@ .Fo random_harvest_direct .Fa "void *entropy" .Fa "u_int size" -.Fa "u_int bits" .Fa "enum esource source" .Fc .Ft void .Fo random_harvest_fast .Fa "void *entropy" .Fa "u_int size" -.Fa "u_int bits" .Fa "enum esource source" .Fc .Ft void .Fo random_harvest_queue .Fa "void *entropy" .Fa "u_int size" -.Fa "u_int bits" .Fa "enum esource source" .Fc .Sh DESCRIPTION @@ -107,18
svn commit: r338293 - head/sys/dev/random
Author: markm
Date: Fri Aug 24 14:53:46 2018
New Revision: 338293
URL: https://svnweb.freebsd.org/changeset/base/338293
Log:
Limit the amount of "fast" entropy. We don't need nearly as much
for security, and the excess just slows things down badly.
PR: 230808
Submitted by: rwmailli...@googlemail.com, but tweeked by me
Reported by:Danilo Egea Gondolfo
Reviewed by: cem,delphij
Approved by: re(rgrimes)
Approved by: so(delphij)
MFC after: 1 Month
Differential Revision:https://reviews.freebsd.org/D16873
Modified:
head/sys/dev/random/random_harvestq.c
Modified: head/sys/dev/random/random_harvestq.c
==
--- head/sys/dev/random/random_harvestq.c Fri Aug 24 14:53:42 2018
(r338292)
+++ head/sys/dev/random/random_harvestq.c Fri Aug 24 14:53:46 2018
(r338293)
@@ -57,6 +57,10 @@ __FBSDID("$FreeBSD$");
#include
#include
+#include
+#include
+
+#include
#include
#include
@@ -213,8 +217,12 @@ random_sources_feed(void)
/* It's an indenting error. Yeah, Yeah. */
#endif
local_read_rate = atomic_readandclear_32(_rate);
+ /* Perform at least one read per round */
+ local_read_rate = MAX(local_read_rate, 1);
+ /* But not exceeding RANDOM_KEYSIZE_WORDS */
+ local_read_rate = MIN(local_read_rate, RANDOM_KEYSIZE_WORDS);
LIST_FOREACH(rrs, _list, rrs_entries) {
- for (i = 0; i <
p_random_alg_context->ra_poolcount*(local_read_rate + 1); i++) {
+ for (i = 0; i <
p_random_alg_context->ra_poolcount*local_read_rate; i++) {
n = rrs->rrs_source->rs_read(entropy, sizeof(entropy));
KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned
too much data (%u > %zu)", __func__, n, sizeof(entropy)));
/* It would appear that in some circumstances (e.g.
virtualisation),
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r338292 - head/sys/dev/random
Author: markm
Date: Fri Aug 24 14:53:42 2018
New Revision: 338292
URL: https://svnweb.freebsd.org/changeset/base/338292
Log:
Fix braino of mine where the reseeds would happen far too often,
making the kernel process way too busy.
PR: 230808
Submitted by: Conrad Meyer
Reported by:Danilo Egea Gondolfo
Reviewed by: cem,delphij
Approved by: re(rgrimes)
Approved by: so(delphij)
MFC after: 1 Month
Security: Yes
Differential Revision:https://reviews.freebsd.org/D16872
Modified:
head/sys/dev/random/fortuna.c
Modified: head/sys/dev/random/fortuna.c
==
--- head/sys/dev/random/fortuna.c Fri Aug 24 10:50:19 2018
(r338291)
+++ head/sys/dev/random/fortuna.c Fri Aug 24 14:53:42 2018
(r338292)
@@ -371,7 +371,7 @@ random_fortuna_pre_read(void)
if (fortuna_state.fs_pool[0].fsp_length >= fortuna_state.fs_minpoolsize
#ifdef _KERNEL
/* FS - Use 'getsbinuptime()' to prevent reseed-spamming. */
- && (now - fortuna_state.fs_lasttime > hz/10)
+ && (now - fortuna_state.fs_lasttime > SBT_1S/10)
#endif
) {
#ifdef _KERNEL
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r332791 - head/sys/modules/random
Author: markm Date: Thu Apr 19 20:31:52 2018 New Revision: 332791 URL: https://svnweb.freebsd.org/changeset/base/332791 Log: Remove empty dir no longer required. Reported by: Jung-uk Kim Deleted: head/sys/modules/random/ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys
Author: markm
Date: Sun Apr 16 09:11:02 2017
New Revision: 317015
URL: https://svnweb.freebsd.org/changeset/base/317015
Log:
Replace the RC4 algorithm for generating in-kernel secure random
numbers with Chacha20. Keep the API, though, as that is what the
other *BSD's have done.
Use the boot-time entropy stash (if present) to bootstrap the
in-kernel entropy source.
Reviewed by: delphij,rwatson
Approved by: so(delphij)
MFC after: 2 months
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D10048
--This line, and those below, will be ignored--
> Description of fields to fill in above: 76 columns --|
> PR: If and which Problem Report is related.
> Submitted by: If someone else sent in the change.
> Reported by: If someone else reported the issue.
> Reviewed by: If someone else reviewed your modification.
> Approved by: If you needed approval for this commit.
> Obtained from:If the change is from a third party.
> MFC after:N [day[s]|week[s]|month[s]]. Request a reminder
email.
> MFH: Ports tree branch name. Request approval for
merge.
> Relnotes: Set to 'yes' for mention in release notes.
> Security: Vulnerability reference (one per line) or
description.
> Sponsored by: If the change was sponsored by an organization.
> Differential Revision:https://reviews.freebsd.org/D### (*full* phabric
URL needed).
> Empty fields above will be automatically removed.
Added:
head/sys/crypto/chacha20/chacha.c (contents, props changed)
head/sys/crypto/chacha20/chacha.h (contents, props changed)
Modified:
head/sys/boot/forth/loader.conf
head/sys/conf/files
head/sys/dev/random/random_harvestq.c
head/sys/dev/random/random_harvestq.h
head/sys/libkern/arc4random.c
head/sys/sys/libkern.h
head/sys/sys/random.h
Modified: head/sys/boot/forth/loader.conf
==
--- head/sys/boot/forth/loader.conf Sun Apr 16 09:00:10 2017
(r317014)
+++ head/sys/boot/forth/loader.conf Sun Apr 16 09:11:02 2017
(r317015)
@@ -48,7 +48,7 @@ bitmap_type="splash_image_data" # and pl
entropy_cache_load="YES" # Set this to NO to disable loading
# entropy at boot time
entropy_cache_name="/boot/entropy" # Set this to the name of the file
-entropy_cache_type="/boot/entropy" # Required for the kernel to find
+entropy_cache_type="boot_entropy_cache"# Required for the kernel to
find
# the boot-time entropy cache. This
# must not change value even if the
# _name above does change!
Modified: head/sys/conf/files
==
--- head/sys/conf/files Sun Apr 16 09:00:10 2017(r317014)
+++ head/sys/conf/files Sun Apr 16 09:11:02 2017(r317015)
@@ -3810,6 +3810,7 @@ kgssapi/gsstest.c optional kgssapi_debu
# the file should be moved to conf/files. from here.
#
libkern/arc4random.c standard
+crypto/chacha20/chacha.c standard
libkern/asprintf.c standard
libkern/bcd.c standard
libkern/bsearch.c standard
Added: head/sys/crypto/chacha20/chacha.c
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sys/crypto/chacha20/chacha.c Sun Apr 16 09:11:02 2017
(r317015)
@@ -0,0 +1,224 @@
+/*
+chacha-merged.c version 20080118
+D. J. Bernstein
+Public domain.
+*/
+
+/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
+
+#include
+__FBSDID("$FreeBSD$");
+
+#include
+#include
+
+#include
+
+
+typedef uint8_t u8;
+typedef uint32_t u32;
+
+typedef struct chacha_ctx chacha_ctx;
+
+#define U8C(v) (v##U)
+#define U32C(v) (v##U)
+
+#define U8V(v) ((u8)(v) & U8C(0xFF))
+#define U32V(v) ((u32)(v) & U32C(0x))
+
+#define ROTL32(v, n) \
+ (U32V((v) << (n)) | ((v) >> (32 - (n
+
+#define U8TO32_LITTLE(p) \
+ (((u32)((p)[0]) ) | \
+ ((u32)((p)[1]) << 8) | \
+ ((u32)((p)[2]) << 16) | \
+ ((u32)((p)[3]) << 24))
+
+#define U32TO8_LITTLE(p, v) \
+ do { \
+(p)[0] = U8V((v) ); \
+(p)[1] = U8V((v) >> 8); \
+(p)[2] = U8V((v) >> 16); \
+(p)[3] = U8V((v) >> 24); \
+ } while (0)
+
+#define ROTATE(v,c) (ROTL32(v,c))
+#define XOR(v,w) ((v) ^ (w))
+#define PLUS(v,w) (U32V((v) + (w)))
+#define PLUSONE(v) (PLUS((v),1))
+
+#define QUARTERROUND(a,b,c,d) \
+ a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
+ c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
+ a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
+ c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
+
svn commit: r303035 - in head/sys: arm/broadcom/bcm2835 boot/fdt/dts/arm sys
Author: markm
Date: Tue Jul 19 18:07:47 2016
New Revision: 303035
URL: https://svnweb.freebsd.org/changeset/base/303035
Log:
Random bit generator (RBG) driver for RPi and RPi2.
Summary:
This driver supports the following methods to trigger gathering random bits
from the hardware:
1. interrupt when the FIFO is full (default) fed into the harvest queue
2. callout (when BCM2835_RNG_USE_CALLOUT is defined) every second if hz is
less than 100, otherwise hz / 100, feeding the random bits into the harvest
queue
If the kernel is booted with verbose enabled, the contents of the registers
will be dumped after the RBG is started during the attach routine.
Author: hackagadget_gmail.com (Stephen J. Kiernan)
Test Plan: Built RPI2 kernel and booted on board. Tested the different
methods to feed the harvest queue (callout, interrupt) and the interrupt driven
approach seems best. However, keeping the other method for people to be able to
experiment with.
Reviewed By: adrian, delphij, markm
Differential Revision: https://reviews.freebsd.org/D6888
Added:
head/sys/arm/broadcom/bcm2835/bcm2835_rng.c (contents, props changed)
Modified:
head/sys/arm/broadcom/bcm2835/files.bcm283x
head/sys/boot/fdt/dts/arm/bcm2835.dtsi
head/sys/boot/fdt/dts/arm/bcm2836.dtsi
head/sys/sys/random.h
Added: head/sys/arm/broadcom/bcm2835/bcm2835_rng.c
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sys/arm/broadcom/bcm2835/bcm2835_rng.c Tue Jul 19 18:07:47 2016
(r303035)
@@ -0,0 +1,534 @@
+/*
+ * Copyright (c) 2015, 2016, Stephen J. Kiernan
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include
+
+__FBSDID("$FreeBSD$");
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include
+#include
+
+#include
+#include
+#include
+
+#include
+#include
+
+#if !defined(BCM2835_RNG_USE_CALLOUT)
+#defineBCM2835_RNG_USE_INTERRUPT
+#endif
+
+static device_attach_t bcm2835_rng_attach;
+static device_detach_t bcm2835_rng_detach;
+static device_probe_t bcm2835_rng_probe;
+
+#defineRNG_CTRL0x00/* RNG Control Register
*/
+#defineRNG_COMBLK1_OSC 0x003f /* Combiner Blk 1
Oscillator */
+#defineRNG_COMBLK1_OSC_SHIFT 16
+#defineRNG_COMBLK2_OSC 0x0fc0 /* Combiner Blk 2
Oscillator */
+#defineRNG_COMBLK2_OSC_SHIFT 22
+#defineRNG_JCLK_BYP_DIV_CNT0xff00 /* Jitter clk bypass
divider
+ count */
+#defineRNG_JCLK_BYP_DIV_CNT_SHIFT 8
+#defineRNG_JCLK_BYP_SRC0x0020 /* Jitter clk bypass
source */
+#defineRNG_JCLK_BYP_SEL0x0010 /* Jitter clk bypass
select */
+#defineRNG_RBG2X 0x0002 /* RBG 2X SPEED */
+#defineRNG_RBGEN_BIT 0x0001 /* Enable RNG bit */
+
+#defineRNG_STATUS 0x04/* RNG status register
*/
+#defineRND_VAL_SHIFT 24 /* Shift for valid
words */
+#defineRND_VAL_MASK0x00ff /* Number valid words
mask */
+#defineRND_VAL_WARM_CNT0x4 /* RNG Warm Up count */
+#defineRND_WARM_CNT0xf /* RNG Warm Up Count
mask */
+
+#defineRNG_DATA0x08/* RNG Data Register */
+#defineRNG_FF_THRES0x0c
+#defineRNG_FF_THRES_MASK 0x001f
+
svn commit: r288703 - head/sys/dev/random
Author: markm
Date: Mon Oct 5 07:41:12 2015
New Revision: 288703
URL: https://svnweb.freebsd.org/changeset/base/288703
Log:
It appears that under some circumstances, like virtualisiation, the
'rdrand' instruction may occasionally not return random numbers, in
spite of looping attempts to do so. The reusult is a KASSERT/panic.
Reluctantly accept this state-of-affairs, but make a noise about it.
if this 'noise' spams the console, it may be time to discontinue
using that source.
This is written in a general way to account for /any/ source that
might not supply random numbers when required.
Submitted by: jkh (report and slightly different fix)
Approved by: so (/dev/random blanket)
Modified:
head/sys/dev/random/random_harvestq.c
Modified: head/sys/dev/random/random_harvestq.c
==
--- head/sys/dev/random/random_harvestq.c Mon Oct 5 07:40:18 2015
(r288702)
+++ head/sys/dev/random/random_harvestq.c Mon Oct 5 07:41:12 2015
(r288703)
@@ -211,7 +211,16 @@ random_sources_feed(void)
LIST_FOREACH(rrs, _list, rrs_entries) {
for (i = 0; i <
p_random_alg_context->ra_poolcount*(local_read_rate + 1); i++) {
n = rrs->rrs_source->rs_read(entropy, sizeof(entropy));
- KASSERT((n > 0 && n <= sizeof(entropy)), ("very bad
return from rs_read (= %d) in %s", n, __func__));
+ KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned
too much data (%d > %d) in %s", __func__, n, sizeof(entropy)));
+ /* It would appear that in some circumstances (e.g.
virtualisation),
+* the underlying hardware entropy source might not
always return
+* random numbers. Accept this but make a noise. If too
much happens,
+* can that source be trusted?
+*/
+ if (n == 0) {
+ printf("%s: rs_read for hardware device '%s'
returned no entropy.\n", __func__, rrs->rrs_source->rs_ident);
+ continue;
+ }
random_harvest_direct(entropy, n, (n*8)/2,
rrs->rrs_source->rs_source);
}
}
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r288780 - head/sys/dev/random
Author: markm
Date: Mon Oct 5 10:45:52 2015
New Revision: 288780
URL: https://svnweb.freebsd.org/changeset/base/288780
Log:
Fix printf-like formats for KASSERT.
Submitted by: jenkins
Approved by: so (/dev/random blanket)
Modified:
head/sys/dev/random/random_harvestq.c
Modified: head/sys/dev/random/random_harvestq.c
==
--- head/sys/dev/random/random_harvestq.c Mon Oct 5 10:45:33 2015
(r288779)
+++ head/sys/dev/random/random_harvestq.c Mon Oct 5 10:45:52 2015
(r288780)
@@ -211,7 +211,7 @@ random_sources_feed(void)
LIST_FOREACH(rrs, _list, rrs_entries) {
for (i = 0; i <
p_random_alg_context->ra_poolcount*(local_read_rate + 1); i++) {
n = rrs->rrs_source->rs_read(entropy, sizeof(entropy));
- KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned
too much data (%d > %d) in %s", __func__, n, sizeof(entropy)));
+ KASSERT((n <= sizeof(entropy)), ("%s: rs_read returned
too much data (%u > %zu)", __func__, n, sizeof(entropy)));
/* It would appear that in some circumstances (e.g.
virtualisation),
* the underlying hardware entropy source might not
always return
* random numbers. Accept this but make a noise. If too
much happens,
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r287023 - in head: share/man/man4 sys/conf sys/dev/random sys/sys sys/vm
Author: markm Date: Sat Aug 22 12:59:05 2015 New Revision: 287023 URL: https://svnweb.freebsd.org/changeset/base/287023 Log: Make the UMA harvesting go away completely if not wanted. Default to not wanted. Provide and document the RANDOM_ENABLE_UMA option. Change RANDOM_FAST to RANDOM_UMA to clarify the harvesting. Remove RANDOM_DEBUG option, replace with SDT probes. These will be of use to folks measuring the harvesting effect when deciding whether to use RANDOM_ENABLE_UMA. Requested by: scottl and others. Approved by: so (/dev/random blanket) Differential Revision:https://reviews.freebsd.org/D3197 Modified: head/share/man/man4/random.4 head/sys/conf/NOTES head/sys/conf/options head/sys/dev/random/build.sh head/sys/dev/random/fortuna.c head/sys/dev/random/random_harvestq.c head/sys/dev/random/unit_test.c head/sys/dev/random/yarrow.c head/sys/sys/random.h head/sys/vm/uma_core.c Modified: head/share/man/man4/random.4 == --- head/share/man/man4/random.4Sat Aug 22 07:45:49 2015 (r287022) +++ head/share/man/man4/random.4Sat Aug 22 12:59:05 2015 (r287023) @@ -32,6 +32,7 @@ .Sh SYNOPSIS .Cd device random .Cd options RANDOM_LOADABLE +.Cd options RANDOM_ENABLE_UMA .Sh DESCRIPTION The .Nm @@ -177,6 +178,24 @@ must be locked against load and unload events, and also must be indirect calls to allow for removal. +.Pp +When +.Cd options RANDOM_ENABLE_UMA +is used, +the +.Pa /dev/random +device will obtain entropy +from the zone allocator. +This is potentially very high rate, +and if so will be of questionable use. +If this is the case, +use of this option +is not recommended. +Determining this is not trivial, +so experimenting and measurement +using tools such as +.Xr dtrace 1 +will be required. .Sh RANDOMNESS The use of randomness in the field of computing is a rather subtle issue because randomness means Modified: head/sys/conf/NOTES == --- head/sys/conf/NOTES Sat Aug 22 07:45:49 2015(r287022) +++ head/sys/conf/NOTES Sat Aug 22 12:59:05 2015(r287023) @@ -2985,8 +2985,10 @@ options MAXFILES=999 #options RANDOM_YARROW # Yarrow CSPRNG (old default) #options RANDOM_LOADABLE # Allow the algorithm to be loaded as # a module. -# For developers. -optionsRANDOM_DEBUG# Extra debugging messages +# Select this to allow high-rate but potentially expensive +# harvesting of Slab-Allocator entropy. In very high-rate +# situations the value of doing this is dubious at best. +optionsRANDOM_ENABLE_UMA # slab allocator # Module to enable execution of application via emulators like QEMU options IMAGACT_BINMISC Modified: head/sys/conf/options == --- head/sys/conf/options Sat Aug 22 07:45:49 2015(r287022) +++ head/sys/conf/options Sat Aug 22 12:59:05 2015(r287023) @@ -945,17 +945,16 @@ RACCT_DEFAULT_TO_DISABLED opt_global.h RCTL opt_global.h # Random number generator(s) -# The DEBUG option is in global.h as the random harvesting -# puts probes all over the place, and it makes little sense -# to pollute these headers with an extra include. -RANDOM_DEBUG opt_random.h -# Which CSPRNG hashes we get. +# Which CSPRNG hash we get. # If Yarrow is not chosen, Fortuna is selected. RANDOM_YARROW opt_random.h # With this, no entropy processor is loaded, but the entropy # harvesting infrastructure is present. This means an entropy # processor may be loaded as a module. RANDOM_LOADABLEopt_random.h +# This turns on high-rate and potentially expensive harvesting in +# the uma slab allocator. +RANDOM_ENABLE_UMA opt_global.h # Intel em(4) driver EM_MULTIQUEUE opt_em.h Modified: head/sys/dev/random/build.sh == --- head/sys/dev/random/build.shSat Aug 22 07:45:49 2015 (r287022) +++ head/sys/dev/random/build.shSat Aug 22 12:59:05 2015 (r287023) @@ -35,7 +35,7 @@ # (sed -e 's/fortuna/wombat/g' \ #-e 's/FORTUNA/WOMBAT/g' fortuna.c) | less # -cc -g -O0 -pthread -DRANDOM_DEBUG \ +cc -g -O0 -pthread \ -I../.. -lstdthreads -Wall \ unit_test.c \ yarrow.c \ @@ -46,7 +46,7 @@ cc -g -O0 -pthread -DRANDOM_DEBUG \ ../../crypto/sha2/sha256c.c \ -lz \ -o yunit_test -cc -g -O0 -pthread -DRANDOM_DEBUG \ +cc -g -O0 -pthread \ -I../.. -lstdthreads -Wall \ unit_test.c \ fortuna.c \ Modified: head/sys/dev/random/fortuna.c == --- head/sys/dev/random/fortuna.c Sat Aug 22 07:45:49 2015
svn commit: r286839 - in head: . share/man/man4 sys/conf sys/dev/random sys/modules sys/modules/random_fortuna sys/modules/random_other sys/modules/random_yarrow sys/sys
Author: markm Date: Mon Aug 17 07:36:12 2015 New Revision: 286839 URL: https://svnweb.freebsd.org/changeset/base/286839 Log: Add DEV_RANDOM pseudo-option and use it to include out random(4) if desired. Retire randomdev_none.c and introduce random_infra.c for resident infrastructure. Completely stub out random(4) calls in the without DEV_RANDOM case. Add RANDOM_LOADABLE option to allow loadable Yarrow/Fortuna/LocallyWritten algorithm. Add a skeleton other algorithm framework for folks to add their own processing code. NIST, anyone? Retire the RANDOM_DUMMY option. Build modules for Yarrow, Fortuna and other. Use atomics for the live entropy rate-tracking. Convert ints to bools for the 'seeded' logic. Move _write() function from the algorithm-specific areas to randomdev.c Get rid of reseed() function - it is unused. Tidy up the opt_*.h includes. Update documentation for random(4) modules. Fix test program (reviewers, please leave this). Differential Revision:https://reviews.freebsd.org/D3354 Reviewed by: wblock,delphij,jmg,bjk Approved by: so (/dev/random blanket) Added: head/sys/dev/random/other_algorithm.c (contents, props changed) head/sys/dev/random/other_algorithm.h (contents, props changed) head/sys/dev/random/random_infra.c (contents, props changed) head/sys/modules/random_fortuna/ head/sys/modules/random_fortuna/Makefile (contents, props changed) head/sys/modules/random_other/ head/sys/modules/random_other/Makefile (contents, props changed) head/sys/modules/random_yarrow/ head/sys/modules/random_yarrow/Makefile (contents, props changed) Deleted: head/sys/dev/random/randomdev_none.c Modified: head/UPDATING head/share/man/man4/random.4 head/sys/conf/NOTES head/sys/conf/files head/sys/conf/options head/sys/dev/random/fortuna.c head/sys/dev/random/random_harvestq.c head/sys/dev/random/random_harvestq.h head/sys/dev/random/randomdev.c head/sys/dev/random/randomdev.h head/sys/dev/random/unit_test.c head/sys/dev/random/yarrow.c head/sys/modules/Makefile head/sys/sys/random.h Modified: head/UPDATING == --- head/UPDATING Mon Aug 17 05:59:36 2015(r286838) +++ head/UPDATING Mon Aug 17 07:36:12 2015(r286839) @@ -31,6 +31,21 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 disable the most expensive debugging functionality run ln -s 'abort:false,junk:false' /etc/malloc.conf.) +20150817: + Kernel-loadable modules for the random(4) device are back. To use + them, the kernel must have + + device random + options RANDOM_LOADABLE + + kldload(8) can then be used to load random_fortuna.ko + or random_yarrow.ko. Please note that due to the indirect + function calls that the loadable modules need to provide, + the build-in variants will be slightly more efficient. + + The random(4) kernel option RANDOM_DUMMY has been retired due to + unpopularity. It was not all that useful anyway. + 20150813: The WITHOUT_ELFTOOLCHAIN_TOOLS src.conf(5) knob has been retired. Control over building the ELF Tool Chain tools is now provided by Modified: head/share/man/man4/random.4 == --- head/share/man/man4/random.4Mon Aug 17 05:59:36 2015 (r286838) +++ head/share/man/man4/random.4Mon Aug 17 07:36:12 2015 (r286839) @@ -23,7 +23,7 @@ .\ .\ $FreeBSD$ .\ -.Dd June 30, 2015 +.Dd August 17, 2015 .Dt RANDOM 4 .Os .Sh NAME @@ -31,6 +31,7 @@ .Nd the entropy device .Sh SYNOPSIS .Cd device random +.Cd options RANDOM_LOADABLE .Sh DESCRIPTION The .Nm @@ -133,15 +134,49 @@ The .Va kern.random.harvest.mask_bin and .Va kern.random.harvest.mask_symbolic -sysctl -can be used confirm -that your choices are correct. +sysctls +can be used to confirm +that the choices are correct. Note that disabled items in the latter item are listed in square brackets. See .Xr random_harvest 9 for more on the harvesting of entropy. +.Pp +When +.Cd options RANDOM_LOADABLE +is used, +the +.Pa /dev/random +device is not created +until an algorithm module +is loaded. +Two of these modules +are built by default, +.Em random_fortuna +and +.Em random_yarrow . +The +.Em random_yarrow +module is deprecated, +and will be removed in +.Fx 12. +Use of the Yarrow algorithm +is not encouraged, +but while still present +in the kernel source, +it can be selected with the +.Cd options RANDOM_YARROW +kernel option. +Note that these loadable modules +are slightly less efficient +than their compiled-in equivalents. +This is because some functions +must be locked against +load and unload events, +and also must be indirect calls +to allow for removal. .Sh RANDOMNESS The use of randomness in the field of
svn commit: r285688 - head
Author: markm Date: Sun Jul 19 14:34:35 2015 New Revision: 285688 URL: https://svnweb.freebsd.org/changeset/base/285688 Log: Clean up some trailing whitespace. Modified: head/UPDATING Modified: head/UPDATING == --- head/UPDATING Sun Jul 19 13:10:47 2015(r285687) +++ head/UPDATING Sun Jul 19 14:34:35 2015(r285688) @@ -87,7 +87,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 20150616: FreeBSD's old make (fmake) has been removed from the system. It is available as the devel/fmake port or via pkg install fmake. - + 20150615: The fix for the issue described in the 20150614 sendmail entry below has been been committed in revision 284436. The work @@ -110,7 +110,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 this interoperability, sendmail can be configured to use a 2048 bit DH parameter by: - 1. Edit /etc/mail/`hostname`.mc + 1. Edit /etc/mail/`hostname`.mc 2. If a setting for confDH_PARAMETERS does not exist or exists and is set to a string beginning with '5', replace it with '2'. @@ -223,7 +223,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 using a local socket. Users who have already enabled the local_unbound service should regenerate their configuration by running service local_unbound setup as root. - + 20150102: The GNU texinfo and GNU info pages have been removed. To be able to view GNU info pages please install texinfo from ports. @@ -614,7 +614,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 The GNU Compiler Collection and C++ standard library (libstdc++) are no longer built by default on platforms where clang is the system compiler. You can enable them with the WITH_GCC and WITH_GNUCXX - options in src.conf. + options in src.conf. 20130905: The PROCDESC kernel option is now part of the GENERIC kernel @@ -968,7 +968,7 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 11 20120727: The sparc64 ZFS loader has been changed to no longer try to auto- detect ZFS providers based on diskN aliases but now requires these - to be explicitly listed in the OFW boot-device environment variable. + to be explicitly listed in the OFW boot-device environment variable. 20120712: The OpenSSL has been upgraded to 1.0.1c. Any binaries requiring ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r285700 - head/sys/dev/random
Author: markm
Date: Sun Jul 19 18:07:35 2015
New Revision: 285700
URL: https://svnweb.freebsd.org/changeset/base/285700
Log:
Fix some untidy logic. I committed the wrong local fix; please pass the
pointy hat.
Approved by:so (/dev/random blanket)
Modified:
head/sys/dev/random/randomdev.c
Modified: head/sys/dev/random/randomdev.c
==
--- head/sys/dev/random/randomdev.c Sun Jul 19 18:07:25 2015
(r285699)
+++ head/sys/dev/random/randomdev.c Sun Jul 19 18:07:35 2015
(r285700)
@@ -183,7 +183,7 @@ read_random_uio(struct uio *uio, bool no
printf(random: %s unblock wait\n, __func__);
spamcount = (spamcount + 1)%100;
error = tsleep(random_alg_context, PCATCH, randseed, hz/10);
- if ((error == ERESTART | error == EINTR))
+ if (error == ERESTART || error == EINTR)
break;
}
if (error == 0) {
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r285690 - head/sys/dev/random
Author: markm
Date: Sun Jul 19 16:05:23 2015
New Revision: 285690
URL: https://svnweb.freebsd.org/changeset/base/285690
Log:
Optimise the buffer-size calculation. It was possible to get one block too
many.
Approved by: so (/dev/random blanket)
Modified:
head/sys/dev/random/randomdev.c
Modified: head/sys/dev/random/randomdev.c
==
--- head/sys/dev/random/randomdev.c Sun Jul 19 15:44:51 2015
(r285689)
+++ head/sys/dev/random/randomdev.c Sun Jul 19 16:05:23 2015
(r285690)
@@ -64,6 +64,9 @@ __FBSDID($FreeBSD$);
#defineRANDOM_UNIT 0
+/* Return the largest number = x that is a multiple of m */
+#define CEIL_TO_MULTIPLE(x, m) x) + (m) - 1)/(m))*(m))
+
static d_read_t randomdev_read;
static d_write_t randomdev_write;
static d_poll_t randomdev_poll;
@@ -191,15 +194,15 @@ read_random_uio(struct uio *uio, bool no
* which is what the underlying generator is expecting.
* See the random_buf size requirements in the
Yarrow/Fortuna code.
*/
- read_len += RANDOM_BLOCKSIZE;
- read_len -= read_len % RANDOM_BLOCKSIZE;
+ read_len = CEIL_TO_MULTIPLE(read_len, RANDOM_BLOCKSIZE);
+ /* Work in chunks page-sized or less */
read_len = MIN(read_len, PAGE_SIZE);
random_alg_context.ra_read(random_buf, read_len);
c = MIN(uio-uio_resid, read_len);
error = uiomove(random_buf, c, uio);
total_read += c;
}
- if (total_read != uio-uio_resid (error == ERESTART || error
== EINTR) )
+ if (total_read != uio-uio_resid (error == ERESTART || error
== EINTR))
/* Return partial read, not error. */
error = 0;
}
@@ -217,7 +220,7 @@ read_random_uio(struct uio *uio, bool no
u_int
read_random(void *random_buf, u_int len)
{
- u_int read_len, total_read, c;
+ u_int read_len;
uint8_t local_buf[len + RANDOM_BLOCKSIZE];
KASSERT(random_buf != NULL, (No suitable random buffer in %s,
__func__));
@@ -228,22 +231,16 @@ read_random(void *random_buf, u_int len)
/* XXX: FIX!! Next line as an atomic operation? */
read_rate += (len + sizeof(uint32_t))/sizeof(uint32_t);
#endif
- read_len = len;
- /*
-* Belt-and-braces.
-* Round up the read length to a crypto block size multiple,
-* which is what the underlying generator is expecting.
-*/
- read_len += RANDOM_BLOCKSIZE;
- read_len -= read_len % RANDOM_BLOCKSIZE;
- total_read = 0;
- while (read_len) {
- c = MIN(read_len, PAGE_SIZE);
- random_alg_context.ra_read(local_buf[total_read], c);
- read_len -= c;
- total_read += c;
+ if (len 0) {
+ /*
+* Belt-and-braces.
+* Round up the read length to a crypto block size
multiple,
+* which is what the underlying generator is expecting.
+*/
+ read_len = CEIL_TO_MULTIPLE(len, RANDOM_BLOCKSIZE);
+ random_alg_context.ra_read(local_buf, read_len);
+ memcpy(random_buf, local_buf, len);
}
- memcpy(random_buf, local_buf, len);
} else
len = 0;
return (len);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r285692 - head/sys/dev/random
Author: markm
Date: Sun Jul 19 16:05:30 2015
New Revision: 285692
URL: https://svnweb.freebsd.org/changeset/base/285692
Log:
Fix the read blocking so that it is interruptable and slow down the rate of
console warning spamming while blocked.
Approved by: so (/dev/random blanket)
Modified:
head/sys/dev/random/randomdev.c
Modified: head/sys/dev/random/randomdev.c
==
--- head/sys/dev/random/randomdev.c Sun Jul 19 16:05:26 2015
(r285691)
+++ head/sys/dev/random/randomdev.c Sun Jul 19 16:05:30 2015
(r285692)
@@ -163,22 +163,28 @@ int
read_random_uio(struct uio *uio, bool nonblock)
{
uint8_t *random_buf;
- int error;
+ int error, spamcount;
ssize_t read_len, total_read, c;
random_buf = malloc(PAGE_SIZE, M_ENTROPY, M_WAITOK);
random_alg_context.ra_pre_read();
- /* (Un)Blocking logic */
error = 0;
+ spamcount = 0;
+ /* (Un)Blocking logic */
while (!random_alg_context.ra_seeded()) {
if (nonblock) {
error = EWOULDBLOCK;
break;
}
- tsleep(random_alg_context, 0, randseed, hz/10);
/* keep tapping away at the pre-read until we seed/unblock. */
random_alg_context.ra_pre_read();
- printf(random: %s unblock wait\n, __func__);
+ /* Only bother the console every 10 seconds or so */
+ if (spamcount == 0)
+ printf(random: %s unblock wait\n, __func__);
+ spamcount = (spamcount + 1)%100;
+ error = tsleep(random_alg_context, PCATCH, randseed, hz/10);
+ if ((error == ERESTART | error == EINTR))
+ break;
}
if (error == 0) {
#if !defined(RANDOM_DUMMY)
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r285693 - head/sys/dev/random
Author: markm
Date: Sun Jul 19 16:05:34 2015
New Revision: 285693
URL: https://svnweb.freebsd.org/changeset/base/285693
Log:
Remove out-of-date comments.
Approved by:so (/dev/random blanket)
Modified:
head/sys/dev/random/fortuna.c
head/sys/dev/random/yarrow.c
Modified: head/sys/dev/random/fortuna.c
==
--- head/sys/dev/random/fortuna.c Sun Jul 19 16:05:30 2015
(r285692)
+++ head/sys/dev/random/fortuna.c Sun Jul 19 16:05:34 2015
(r285693)
@@ -133,7 +133,6 @@ static void random_fortuna_deinit_alg(vo
static void random_fortuna_reseed_internal(uint32_t *entropy_data, u_int
blockcount);
-/* Interface to Adaptors system */
struct random_algorithm random_alg_context = {
.ra_ident = Fortuna,
.ra_init_alg = random_fortuna_init_alg,
Modified: head/sys/dev/random/yarrow.c
==
--- head/sys/dev/random/yarrow.cSun Jul 19 16:05:30 2015
(r285692)
+++ head/sys/dev/random/yarrow.cSun Jul 19 16:05:34 2015
(r285693)
@@ -117,7 +117,6 @@ static void random_yarrow_deinit_alg(voi
static void random_yarrow_reseed_internal(u_int);
-/* Interface to Adaptors system */
struct random_algorithm random_alg_context = {
.ra_ident = Yarrow,
.ra_init_alg = random_yarrow_init_alg,
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r285691 - head/sys/conf
Author: markm Date: Sun Jul 19 16:05:26 2015 New Revision: 285691 URL: https://svnweb.freebsd.org/changeset/base/285691 Log: Clarify the intent of the RANDOM_* options. Approved by: so (/dev/random blanket) Modified: head/sys/conf/NOTES Modified: head/sys/conf/NOTES == --- head/sys/conf/NOTES Sun Jul 19 16:05:23 2015(r285690) +++ head/sys/conf/NOTES Sun Jul 19 16:05:26 2015(r285691) @@ -2982,8 +2982,10 @@ options MAXFILES=999 # Random number generator # Only ONE of the below two may be used; they are mutually exclusive. # If neither is present, then the Fortuna algorithm is used. -optionsRANDOM_YARROW # Yarrow CSPRNG (Default) -optionsRANDOM_DEBUG# Debugging messages +optionsRANDOM_YARROW # Yarrow CSPRNG (old default) +#options RANDOM_DUMMY# Dummy CSPRNG that always blocks +# For developers. +optionsRANDOM_DEBUG# Extra debugging messages # Module to enable execution of application via emulators like QEMU options IMAGACT_BINMISC ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r284959 - in head: . share/man/man4 share/man/man9 sys/conf sys/dev/glxsb sys/dev/hifn sys/dev/random sys/dev/rndtest sys/dev/safe sys/dev/syscons sys/dev/ubsec sys/dev/virtio/random s
On 15 Jul 2015, at 23:43, Adrian Chadd adrian.ch...@gmail.com wrote: - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. Hi, Is this really doing it upon every one of those events? eg, for each mbuf alloc through UMA? Only if you turn it on! M -- ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r285550 - head/usr.bin/w
Author: markm
Date: Tue Jul 14 18:53:24 2015
New Revision: 285550
URL: https://svnweb.freebsd.org/changeset/base/285550
Log:
Widen the host field so that a full IPv6 address will be seen.
Modified:
head/usr.bin/w/w.c
Modified: head/usr.bin/w/w.c
==
--- head/usr.bin/w/w.c Tue Jul 14 18:45:15 2015(r285549)
+++ head/usr.bin/w/w.c Tue Jul 14 18:53:24 2015(r285550)
@@ -120,7 +120,7 @@ static struct entry {
#defineW_DISPUSERSIZE 10
#defineW_DISPLINESIZE 8
-#defineW_DISPHOSTSIZE 24
+#defineW_DISPHOSTSIZE 40
static void pr_header(time_t *, int);
static struct stat *ttystat(char *);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r285439 - head/sys/dev/random
Author: markm
Date: Mon Jul 13 08:38:21 2015
New Revision: 285439
URL: https://svnweb.freebsd.org/changeset/base/285439
Log:
Rework the read routines to keep the PRNG sources happy. These work
in units of crypto blocks, so must have adequate space to write.
This means needing to be careful about buffers and keeping track
of external read request length.
Approved by: so (/dev/random blanket)
Modified:
head/sys/dev/random/randomdev.c
Modified: head/sys/dev/random/randomdev.c
==
--- head/sys/dev/random/randomdev.c Mon Jul 13 05:59:41 2015
(r285438)
+++ head/sys/dev/random/randomdev.c Mon Jul 13 08:38:21 2015
(r285439)
@@ -153,8 +153,8 @@ static int
randomdev_read(struct cdev *dev __unused, struct uio *uio, int flags)
{
uint8_t *random_buf;
- int c, error;
- ssize_t nbytes;
+ int error;
+ ssize_t read_len, total_read, c;
random_buf = malloc(PAGE_SIZE, M_ENTROPY, M_WAITOK);
random_alg_context.ra_pre_read();
@@ -175,14 +175,24 @@ randomdev_read(struct cdev *dev __unused
/* XXX: FIX!! Next line as an atomic operation? */
read_rate += (uio-uio_resid +
sizeof(uint32_t))/sizeof(uint32_t);
#endif
- nbytes = uio-uio_resid;
+ total_read = 0;
while (uio-uio_resid !error) {
- c = MIN(uio-uio_resid, PAGE_SIZE);
- /* See the random_buf size requirements in the
Yarrow/Fortuna code */
- random_alg_context.ra_read(random_buf, c);
+ read_len = uio-uio_resid;
+ /*
+* Belt-and-braces.
+* Round up the read length to a crypto block size
multiple,
+* which is what the underlying generator is expecting.
+* See the random_buf size requirements in the
Yarrow/Fortuna code.
+*/
+ read_len += RANDOM_BLOCKSIZE;
+ read_len -= read_len % RANDOM_BLOCKSIZE;
+ read_len = MIN(read_len, PAGE_SIZE);
+ random_alg_context.ra_read(random_buf, read_len);
+ c = MIN(uio-uio_resid, read_len);
error = uiomove(random_buf, c, uio);
+ total_read += c;
}
- if (nbytes != uio-uio_resid (error == ERESTART || error ==
EINTR) )
+ if (total_read != uio-uio_resid (error == ERESTART || error
== EINTR) )
/* Return partial read, not error. */
error = 0;
}
@@ -212,6 +222,13 @@ read_random(void *random_buf, u_int len)
read_rate += (len + sizeof(uint32_t))/sizeof(uint32_t);
#endif
read_len = len;
+ /*
+* Belt-and-braces.
+* Round up the read length to a crypto block size multiple,
+* which is what the underlying generator is expecting.
+*/
+ read_len += RANDOM_BLOCKSIZE;
+ read_len -= read_len % RANDOM_BLOCKSIZE;
total_read = 0;
while (read_len) {
c = MIN(read_len, PAGE_SIZE);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r285422 - in head: share/man/man4 sys/conf sys/dev/random sys/net sys/netgraph
Author: markm Date: Sun Jul 12 18:14:38 2015 New Revision: 285422 URL: https://svnweb.freebsd.org/changeset/base/285422 Log: * Address review (and add a bit myself). - Tweek man page. - Remove all mention of RANDOM_FORTUNA. If the system owner wants YARROW or DUMMY, they ask for it, otherwise they get FORTUNA. - Tidy up headers a bit. - Tidy up declarations a bit. - Make static in a couple of places where needed. - Move Yarrow/Fortuna SYSINIT/SYSUNINIT to randomdev.c, moving us towards a single file where the algorithm context is used. - Get rid of random_*_process_buffer() functions. They were only used in one place each, and are better subsumed into those places. - Remove *_post_read() functions as they are stubs everywhere. - Assert against buffer size illegalities. - Clean up some silly code in the randomdev_read() routine. - Make the harvesting more consistent. - Make some requested argument name changes. - Tidy up and clarify a few comments. - Make some requested comment changes. - Make some requested macro changes. * NOTE: the thing calling itself a 'unit test' is not yet a proper unit test, but it helps me ensure things work. It may be a proper unit test at some time in the future, but for now please don't make any assumptions or hold any expectations. Differential Revision:https://reviews.freebsd.org/D2025 Approved by: so (/dev/random blanket) Modified: head/share/man/man4/random.4 head/sys/conf/NOTES head/sys/dev/random/build.sh head/sys/dev/random/fortuna.c head/sys/dev/random/hash.h head/sys/dev/random/random_harvestq.c head/sys/dev/random/randomdev.c head/sys/dev/random/randomdev.h head/sys/dev/random/unit_test.c head/sys/dev/random/unit_test.h head/sys/dev/random/yarrow.c head/sys/net/if_tun.c head/sys/netgraph/ng_iface.c Modified: head/share/man/man4/random.4 == --- head/share/man/man4/random.4Sun Jul 12 17:28:31 2015 (r285421) +++ head/share/man/man4/random.4Sun Jul 12 18:14:38 2015 (r285422) @@ -62,7 +62,7 @@ This sysctl will not return random bytes unless the .Xr random 4 -is seeded. +device is seeded. .Pp This initial seeding of random number generators Modified: head/sys/conf/NOTES == --- head/sys/conf/NOTES Sun Jul 12 17:28:31 2015(r285421) +++ head/sys/conf/NOTES Sun Jul 12 18:14:38 2015(r285422) @@ -2978,8 +2978,8 @@ options MAXFILES=999 # Random number generator # Only ONE of the below two may be used; they are mutually exclusive. +# If neither is present, then the Fortuna algorithm is used. optionsRANDOM_YARROW # Yarrow CSPRNG (Default) -#options RANDOM_FORTUNA # Fortuna CSPRNG optionsRANDOM_DEBUG# Debugging messages # Module to enable execution of application via emulators like QEMU Modified: head/sys/dev/random/build.sh == --- head/sys/dev/random/build.shSun Jul 12 17:28:31 2015 (r285421) +++ head/sys/dev/random/build.shSun Jul 12 18:14:38 2015 (r285422) @@ -28,7 +28,14 @@ # # Basic script to build crude unit tests. # -cc -g -O0 -pthread -DRANDOM_DEBUG -DRANDOM_YARROW \ +# Diff-reduction checking between Yarrow and fortuna is done like so: +# +# $ diff -u -B (sed -e 's/yarrow/wombat/g' \ +#-e 's/YARROW/WOMBAT/g' yarrow.c) \ +# (sed -e 's/fortuna/wombat/g' \ +#-e 's/FORTUNA/WOMBAT/g' fortuna.c) | less +# +cc -g -O0 -pthread -DRANDOM_DEBUG \ -I../.. -lstdthreads -Wall \ unit_test.c \ yarrow.c \ @@ -39,7 +46,7 @@ cc -g -O0 -pthread -DRANDOM_DEBUG -DRAND ../../crypto/sha2/sha256c.c \ -lz \ -o yunit_test -cc -g -O0 -pthread -DRANDOM_DEBUG -DRANDOM_FORTUNA \ +cc -g -O0 -pthread -DRANDOM_DEBUG \ -I../.. -lstdthreads -Wall \ unit_test.c \ fortuna.c \ Modified: head/sys/dev/random/fortuna.c == --- head/sys/dev/random/fortuna.c Sun Jul 12 17:28:31 2015 (r285421) +++ head/sys/dev/random/fortuna.c Sun Jul 12 18:14:38 2015 (r285422) @@ -39,10 +39,8 @@ __FBSDID($FreeBSD$); #ifdef _KERNEL #include sys/param.h #include sys/kernel.h -#include sys/conf.h #include sys/lock.h #include sys/malloc.h -#include sys/module.h #include sys/mutex.h #include sys/random.h #include sys/sysctl.h @@ -71,6 +69,7 @@ __FBSDID($FreeBSD$); #include crypto/sha2/sha2.h #include dev/random/hash.h +#include dev/random/randomdev.h #include dev/random/uint128.h #include dev/random/fortuna.h #endif /* _KERNEL */ @@ -125,26 +124,28 @@ static uint8_t zero_region[RANDOM_ZERO_B static void random_fortuna_pre_read(void);
svn commit: r285288 - head/etc/rc.d
Author: markm
Date: Wed Jul 8 18:46:44 2015
New Revision: 285288
URL: https://svnweb.freebsd.org/changeset/base/285288
Log:
Address review.
Differential Revision: https://reviews.freebsd.org/D2924
Modified:
head/etc/rc.d/random
Modified: head/etc/rc.d/random
==
--- head/etc/rc.d/randomWed Jul 8 18:43:55 2015(r285287)
+++ head/etc/rc.d/randomWed Jul 8 18:46:44 2015(r285288)
@@ -67,7 +67,7 @@ random_start()
esac
case ${entropy_file:=/entropy} in
- [Nn][Oo] | '')
+ [Nn][Oo])
;;
*)
feed_dev_random ${entropy_file} /var/db/entropy-file
@@ -76,7 +76,7 @@ random_start()
esac
case ${entropy_boot_file:=/boot/entropy} in
- [Nn][Oo] | '')
+ [Nn][Oo])
;;
*)
save_dev_random ${entropy_boot_file}
@@ -92,7 +92,7 @@ random_stop()
# can be reseeded
#
case ${entropy_file:=/entropy} in
- [Nn][Oo] | '')
+ [Nn][Oo])
;;
*)
echo -n 'Writing entropy file:'
@@ -124,7 +124,7 @@ random_stop()
;;
esac
case ${entropy_boot_file:=/boot/entropy} in
- [Nn][Oo] | '')
+ [Nn][Oo])
;;
*)
echo -n 'Writing early boot entropy file:'
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r284960 - in head: etc/defaults etc/rc.d share/man/man5 share/man/man9 sys/boot/forth
Author: markm
Date: Tue Jun 30 17:09:41 2015
New Revision: 284960
URL: https://svnweb.freebsd.org/changeset/base/284960
Log:
Updated random(4) boot/shutdown scripting.
Fix the man pages as well.
Differential Revision: https://reviews.freebsd.org/D2924
Approved by: so (delphij)
Modified:
head/etc/defaults/rc.conf
head/etc/rc.d/random
head/share/man/man5/rc.conf.5
head/share/man/man9/random.9
head/sys/boot/forth/loader.conf
head/sys/boot/forth/loader.conf.5
Modified: head/etc/defaults/rc.conf
==
--- head/etc/defaults/rc.conf Tue Jun 30 17:00:45 2015(r284959)
+++ head/etc/defaults/rc.conf Tue Jun 30 17:09:41 2015(r284960)
@@ -630,15 +630,16 @@ kern_securelevel=-1 # range: -1..3 ; `
# in the system booting with securelevel set to 1, as
# init(8) will raise the level when rc(8) completes.
update_motd=YES # update version info in /etc/motd (or NO)
-entropy_file=/entropy# Set to NO to disable caching entropy through
reboots.
+entropy_boot_file=/boot/entropy # Set to NO to disable very early
+ # (used at early boot time) entropy caching through
reboots.
+entropy_file=/entropy# Set to NO to disable late (used when going
multi-user)
+ # entropy through reboots.
# /var/db/entropy-file is preferred if / is not avail.
entropy_dir=/var/db/entropy # Set to NO to disable caching entropy via cron.
entropy_save_sz=4096 # Size of the entropy cache files.
entropy_save_num=8 # Number of entropy cache files to save.
-harvest_interrupt=YES# Entropy device harvests interrupt randomness
-harvest_ethernet=YES # Entropy device harvests ethernet randomness
-harvest_p_to_p=YES # Entropy device harvests point-to-point randomness
-harvest_swi=YES # Entropy device harvests internal SWI randomness
+harvest_mask=511 # Entropy device harvests all but the very invasive
sources.
+ # (See 'sysctl kern.random.harvest' and random(4))
dmesg_enable=YES # Save dmesg(8) to /var/run/dmesg.boot
watchdogd_enable=NO # Start the software watchdog daemon
watchdogd_flags= # Flags to watchdogd (if enabled)
Modified: head/etc/rc.d/random
==
--- head/etc/rc.d/randomTue Jun 30 17:00:45 2015(r284959)
+++ head/etc/rc.d/randomTue Jun 30 17:09:41 2015(r284960)
@@ -41,6 +41,13 @@ feed_dev_random()
random_start()
{
+
+ if [ ${harvest_mask} -gt 0 ]; then
+ echo -n 'Setting up harvesting:'
+ ${SYSCTL} kern.random.harvest.mask=${harvest_mask} /dev/null
+ ${SYSCTL_N} kern.random.harvest.mask_symbolic
+ fi
+
echo -n 'Feeding entropy:'
if [ ! -w /dev/random ] ; then
@@ -68,6 +75,14 @@ random_start()
;;
esac
+ case ${entropy_boot_file:=/boot/entropy} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ save_dev_random ${entropy_boot_file}
+ ;;
+ esac
+
echo '.'
}
@@ -100,7 +115,33 @@ random_stop()
;;
*)
dd if=/dev/random of=${entropy_file_confirmed} \
- bs=4096 count=1 2 /dev/null
+ bs=4096 count=1 2 /dev/null ||
+ warn 'write failed (unwriteable file or full fs?)'
+ echo '.'
+ ;;
+ esac
+ umask ${oumask}
+ ;;
+ esac
+ case ${entropy_boot_file:=/boot/entropy} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ echo -n 'Writing early boot entropy file:'
+ rm -f ${entropy_boot_file} 2 /dev/null
+ oumask=`umask`
+ umask 077
+ if touch ${entropy_boot_file} 2 /dev/null; then
+ entropy_boot_file_confirmed=${entropy_boot_file}
+ fi
+ case ${entropy_boot_file_confirmed} in
+ '')
+ warn 'write failed (read-only fs?)'
+ ;;
+ *)
+ dd if=/dev/random of=${entropy_boot_file_confirmed} \
+ bs=4096 count=1 2 /dev/null ||
+ warn 'write failed (unwriteable file or full fs?)'
echo '.'
;;
esac
Modified: head/share/man/man5/rc.conf.5
==
--- head/share/man/man5/rc.conf.5 Tue Jun 30 17:00:45 2015
(r284959)
+++ head/share/man/man5/rc.conf.5 Tue Jun 30 17:09:41 2015
(r284960)
@@ -3995,27 +3995,11 @@ set from
.Va jail_ Ns Ao Ar jname Ac Ns Va
svn commit: r284959 - in head: . share/man/man4 share/man/man9 sys/conf sys/dev/glxsb sys/dev/hifn sys/dev/random sys/dev/rndtest sys/dev/safe sys/dev/syscons sys/dev/ubsec sys/dev/virtio/random sy...
Author: markm Date: Tue Jun 30 17:00:45 2015 New Revision: 284959 URL: https://svnweb.freebsd.org/changeset/base/284959 Log: Huge cleanup of random(4) code. * GENERAL - Update copyright. - Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set neither to ON, which means we want Fortuna - If there is no 'device random' in the kernel, there will be NO random(4) device in the kernel, and the KERN_ARND sysctl will return nothing. With RANDOM_DUMMY there will be a random(4) that always blocks. - Repair kern.arandom (KERN_ARND sysctl). The old version went through arc4random(9) and was a bit weird. - Adjust arc4random stirring a bit - the existing code looks a little suspect. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Redo read_random(9) so as to duplicate random(4)'s read internals. This makes it a first-class citizen rather than a hack. - Move stuff out of locked regions when it does not need to be there. - Trim RANDOM_DEBUG printfs. Some are excess to requirement, some behind boot verbose. - Use SYSINIT to sequence the startup. - Fix init/deinit sysctl stuff. - Make relevant sysctls also tunables. - Add different harvesting styles to allow for different requirements (direct, queue, fast). - Add harvesting of FFS atime events. This needs to be checked for weighing down the FS code. - Add harvesting of slab allocator events. This needs to be checked for weighing down the allocator code. - Fix the random(9) manpage. - Loadable modules are not present for now. These will be re-engineered when the dust settles. - Use macros for locks. - Fix comments. * src/share/man/... - Update the man pages. * src/etc/... - The startup/shutdown work is done in D2924. * src/UPDATING - Add UPDATING announcement. * src/sys/dev/random/build.sh - Add copyright. - Add libz for unit tests. * src/sys/dev/random/dummy.c - Remove; no longer needed. Functionality incorporated into randomdev.*. * live_entropy_sources.c live_entropy_sources.h - Remove; content moved. - move content to randomdev.[ch] and optimise. * src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h - Remove; plugability is no longer used. Compile-time algorithm selection is the way to go. * src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h - Add early (re)boot-time randomness caching. * src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h - Remove; no longer needed. * src/sys/dev/random/uint128.h - Provide a fake uint128_t; if a real one ever arrived, we can use that instead. All that is needed here is N=0, N++, N==0, and some localised trickery is used to manufacture a 128-bit 0ULLL. * src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h - Improve unit tests; previously the testing human needed clairvoyance; now the test will do a basic check of compressibility. Clairvoyant talent is still a good idea. - This is still a long way off a proper unit test. * src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h - Improve messy union to just uint128_t. - Remove unneeded 'static struct fortuna_start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) * src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h - Improve messy union to just uint128_t. - Remove unneeded 'staic struct start_cache'. - Tighten up up arithmetic. - Provide a method to allow eternal junk to be introduced; harden it against blatant by compress/hashing. - Assert that locks are held correctly. - Fix the nasty pre- and post-read overloading by providing explictit functions to do these tasks. - Turn into self-sufficient module (no longer requires randomdev_soft.[ch]) - Fix some magic numbers elsewhere used as FAST and SLOW. Differential Revision: https://reviews.freebsd.org/D2025 Reviewed by: vsevolod,delphij,rwatson,trasz,jmg Approved by: so (delphij) Added: head/sys/dev/random/randomdev_none.c (contents, props changed) - copied, changed from r284956, head/sys/dev/random/randomdev_soft.h Deleted: head/sys/dev/random/dummy_rng.c head/sys/dev/random/live_entropy_sources.c head/sys/dev/random/live_entropy_sources.h head/sys/dev/random/random_adaptors.c head/sys/dev/random/random_adaptors.h head/sys/dev/random/randomdev_soft.c head/sys/dev/random/randomdev_soft.h head/sys/modules/random/Makefile Modified: head/UPDATING head/share/man/man4/random.4 head/share/man/man9/random.9
svn commit: r284911 - head/sys/sys
Author: markm
Date: Sun Jun 28 12:52:28 2015
New Revision: 284911
URL: https://svnweb.freebsd.org/changeset/base/284911
Log:
Add const to char * pointers. This breaks nothing, and means const
chars can be passed with no warnings.
Modified:
head/sys/sys/kthread.h
Modified: head/sys/sys/kthread.h
==
--- head/sys/sys/kthread.h Sun Jun 28 10:51:08 2015(r284910)
+++ head/sys/sys/kthread.h Sun Jun 28 12:52:28 2015(r284911)
@@ -37,14 +37,14 @@
* Note: global_procpp may be NULL for no global save area.
*/
struct kproc_desc {
- char*arg0; /* arg 0 (for 'ps' listing) */
- void(*func)(void); /* main for kernel process */
+ const char *arg0; /* arg 0 (for 'ps' listing) */
+ void(*func)(void); /* main for kernel process */
struct proc **global_procpp;/* ptr to proc ptr save area */
};
/* A kernel thread descriptor; used to start internal daemons. */
struct kthread_desc {
- char*arg0; /* arg 0 (for 'ps' listing) */
+ const char *arg0; /* arg 0 (for 'ps' listing) */
void(*func)(void); /* main for kernel thread */
struct thread **global_threadpp; /* ptr to thread ptr save area
*/
};
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r284909 - head/sys/kern
Author: markm
Date: Sun Jun 28 09:44:58 2015
New Revision: 284909
URL: https://svnweb.freebsd.org/changeset/base/284909
Log:
ANSIfy the only function that uses KR definition in this file.
Modified:
head/sys/kern/kern_kthread.c
Modified: head/sys/kern/kern_kthread.c
==
--- head/sys/kern/kern_kthread.cSun Jun 28 09:41:10 2015
(r284908)
+++ head/sys/kern/kern_kthread.cSun Jun 28 09:44:58 2015
(r284909)
@@ -55,8 +55,7 @@ __FBSDID($FreeBSD$);
* to be called from SYSINIT().
*/
void
-kproc_start(udata)
- const void *udata;
+kproc_start(const void *udata)
{
const struct kproc_desc *kp = udata;
int error;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r284910 - head/sys/kern
Author: markm
Date: Sun Jun 28 10:51:08 2015
New Revision: 284910
URL: https://svnweb.freebsd.org/changeset/base/284910
Log:
Ansify another function. This is the last in the file, I hope.
Modified:
head/sys/kern/kern_kthread.c
Modified: head/sys/kern/kern_kthread.c
==
--- head/sys/kern/kern_kthread.cSun Jun 28 09:44:58 2015
(r284909)
+++ head/sys/kern/kern_kthread.cSun Jun 28 10:51:08 2015
(r284910)
@@ -224,8 +224,7 @@ kproc_suspend_check(struct proc *p)
*/
void
-kthread_start(udata)
- const void *udata;
+kthread_start(const void *udata)
{
const struct kthread_desc *kp = udata;
int error;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r283517 - head/gnu/lib
Author: markm
Date: Mon May 25 10:51:40 2015
New Revision: 283517
URL: https://svnweb.freebsd.org/changeset/base/283517
Log:
Unbreak build where WANT_GDB == no', as libreadline is also used by ntpdc.
Modified:
head/gnu/lib/Makefile
Modified: head/gnu/lib/Makefile
==
--- head/gnu/lib/Makefile Mon May 25 09:47:16 2015(r283516)
+++ head/gnu/lib/Makefile Mon May 25 10:51:40 2015(r283517)
@@ -16,7 +16,7 @@ SUBDIR+= libssp
SUBDIR+= tests
.endif
-.if ${MK_GDB} != no
+.if ${MK_GDB} != no || ${MK_NTP} != no
SUBDIR+= libreadline
.endif
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r281463 - head/sys/sys
Author: markm
Date: Sun Apr 12 11:23:59 2015
New Revision: 281463
URL: https://svnweb.freebsd.org/changeset/base/281463
Log:
Fix a very minor typo.
Modified:
head/sys/sys/module.h
Modified: head/sys/sys/module.h
==
--- head/sys/sys/module.h Sun Apr 12 10:28:15 2015(r281462)
+++ head/sys/sys/module.h Sun Apr 12 11:23:59 2015(r281463)
@@ -71,7 +71,7 @@ typedef union modspecific {
} modspecific_t;
/*
- * Module dependency declarartion
+ * Module dependency declaration
*/
struct mod_depend {
int md_ver_minimum;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r273939 - head/sys/modules
Author: markm
Date: Sat Nov 1 17:52:04 2014
New Revision: 273939
URL: https://svnweb.freebsd.org/changeset/base/273939
Log:
Remove duplicate macro settings (probably due to an SVN merge /faux pas/ on
my part.
Spotted by: DES
Approved by: DES(implicit)
Modified:
head/sys/modules/Makefile
Modified: head/sys/modules/Makefile
==
--- head/sys/modules/Makefile Sat Nov 1 17:22:53 2014(r273938)
+++ head/sys/modules/Makefile Sat Nov 1 17:52:04 2014(r273939)
@@ -606,17 +606,6 @@ _x86bios= x86bios
_ixl= ixl
_ixlv= ixlv
_ntb= ntb
-_nvd= nvd
-_nvme= nvme
-_nvram=nvram
-_nxge= nxge
-.if ${MK_CDDL} != no || defined(ALL_MODULES)
-_opensolaris= opensolaris
-.endif
-.if ${MK_CRYPT} != no || defined(ALL_MODULES)
-_padlock= padlock
-.endif
-_pccard= pccard
_qlxge=qlxge
_qlxgb=qlxgb
_qlxgbe= qlxgbe
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r273872 - in head: etc/defaults etc/rc.d libexec/save-entropy share/examples/kld/random_adaptor sys/conf sys/dev/glxsb sys/dev/random sys/kern sys/modules sys/modules/padlock_rng sys/mo...
Author: markm Date: Thu Oct 30 21:21:53 2014 New Revision: 273872 URL: https://svnweb.freebsd.org/changeset/base/273872 Log: This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random. This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources. The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people. The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 Cryptography Engineering By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway. Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to. My thanks also to folks who helped me thresh this out on whiteboards and in the odd Hallway track, or otherwise. My Nomex pants are on. Let the feedback commence! Reviewed by: trasz,des(partial),imp(partial?),rwatson(partial?) Approved by: so(des) Added: head/sys/dev/random/build.sh (contents, props changed) head/sys/dev/random/fortuna.c (contents, props changed) head/sys/dev/random/fortuna.h (contents, props changed) head/sys/dev/random/uint128.h (contents, props changed) head/sys/dev/random/unit_test.c (contents, props changed) head/sys/dev/random/unit_test.h (contents, props changed) head/sys/modules/padlock_rng/ head/sys/modules/padlock_rng/Makefile (contents, props changed) head/sys/modules/rdrand_rng/ head/sys/modules/rdrand_rng/Makefile (contents, props changed) Deleted: head/etc/rc.d/initrandom head/sys/dev/random/harvest.c head/sys/dev/random/rwfile.c head/sys/dev/random/rwfile.h Modified: head/etc/defaults/rc.conf head/etc/rc.d/Makefile head/etc/rc.d/geli head/etc/rc.d/postrandom head/etc/rc.d/random head/libexec/save-entropy/save-entropy.sh head/share/examples/kld/random_adaptor/random_adaptor_example.c head/sys/conf/NOTES head/sys/conf/files head/sys/conf/options head/sys/dev/glxsb/glxsb.c head/sys/dev/random/dummy_rng.c head/sys/dev/random/hash.c head/sys/dev/random/hash.h head/sys/dev/random/ivy.c head/sys/dev/random/live_entropy_sources.c head/sys/dev/random/live_entropy_sources.h head/sys/dev/random/nehemiah.c head/sys/dev/random/random_adaptors.c head/sys/dev/random/random_adaptors.h head/sys/dev/random/random_harvestq.c head/sys/dev/random/random_harvestq.h head/sys/dev/random/randomdev.c head/sys/dev/random/randomdev.h head/sys/dev/random/randomdev_soft.c head/sys/dev/random/randomdev_soft.h head/sys/dev/random/yarrow.c head/sys/dev/random/yarrow.h head/sys/kern/init_main.c head/sys/kern/kern_intr.c head/sys/kern/subr_bus.c head/sys/modules/Makefile head/sys/modules/random/Makefile head/sys/net/if_ethersubr.c head/sys/net/if_tun.c head/sys/netgraph/ng_iface.c head/sys/sys/random.h head/sys/vm/uma_core.c Modified: head/etc/defaults/rc.conf == --- head/etc/defaults/rc.conf Thu Oct 30 17:58:57 2014(r273871) +++ head/etc/defaults/rc.conf Thu Oct 30 21:21:53 2014(r273872) @@ -645,7 +645,7 @@ update_motd=YES # update version info entropy_file=/entropy# Set to NO to disable caching entropy through reboots. # /var/db/entropy-file is preferred if / is not avail. entropy_dir=/var/db/entropy # Set to NO to disable caching entropy via cron. -entropy_save_sz=2048 # Size of the entropy cache files. +entropy_save_sz=4096 # Size of the entropy cache files. entropy_save_num=8 # Number of entropy cache files to save. harvest_interrupt=YES# Entropy device harvests interrupt randomness harvest_ethernet=YES # Entropy device harvests ethernet randomness Modified: head/etc/rc.d/Makefile == --- head/etc/rc.d/Makefile Thu Oct 30 17:58:57 2014(r273871) +++ head/etc/rc.d/Makefile
svn commit: r266083 - in head/sys/arm: arm include
Author: markm
Date: Wed May 14 19:11:15 2014
New Revision: 266083
URL: http://svnweb.freebsd.org/changeset/base/266083
Log:
Give suitably-endowed ARMs a register similar to the x86 TSC register.
Here, suitably endowed means that the System Control Coprocessor
(#15) has Performance Monitoring Registers, including a CCNT (Cycle
Count) register.
The CCNT register is used in a way similar to the TSC register in
x86 processors by the get_cyclecount(9) function. The entropy-harvesting
thread is a heavy user of this function, and will benefit from not
having to call binuptime(9) instead.
One problem with the CCNT register is that it is 32-bit only, so
the upper 32-bits of the returned number are always 0. The entropy
harvester does not care, but in case any one else does, follow-up
work may include an interrup trap to increment an upper-32-bit
counter on CCNT overflow.
Another problem is that the CCNT register is not readable in user-mode
code; in can be made readable by userland, but then it is also
writable, and so is a good chunk of the PMU system. For that reason,
the CCNT is not enabled for user-mode access in this commit.
Like the x86, there is one CCNT per core, so they don't all run in
perfect sync.
Reviewed by: ian@ (an earlier version)
Tested by:ian@ (same earlier version)
Committed from: WANDBOARD-QUAD
Modified:
head/sys/arm/arm/cpufunc.c
head/sys/arm/include/cpu.h
Modified: head/sys/arm/arm/cpufunc.c
==
--- head/sys/arm/arm/cpufunc.c Wed May 14 19:02:00 2014(r266082)
+++ head/sys/arm/arm/cpufunc.c Wed May 14 19:11:15 2014(r266083)
@@ -1398,6 +1398,37 @@ arm10_setup(args)
}
#endif /* CPU_ARM9E || CPU_ARM10 */
+#if defined(CPU_ARM1136) || defined(CPU_ARM1176) \
+ || defined(CPU_MV_PJ4B) \
+ || defined(CPU_CORTEXA) || defined(CPU_KRAIT)
+static __inline void
+cpu_scc_setup_ccnt(void)
+{
+/* This is how you give userland access to the CCNT and PMCn
+ * registers.
+ * BEWARE! This gives write access also, which may not be what
+ * you want!
+ */
+#ifdef _PMC_USER_READ_WRITE_
+ /* Set PMUSERENR[0] to allow userland access */
+ __asm volatile (mcrp15, 0, %0, c9, c14, 0\n\t
+ :
+ : r(0x0001));
+#endif
+/* Set up the PMCCNTR register as a cyclecounter:
+* Set PMINTENCLR to 0x to block interrupts
+* Set PMCR[2,0] to enable counters and reset CCNT
+* Set PMCNTENSET to 0x8000 to enable CCNT */
+ __asm volatile (mcrp15, 0, %0, c9, c14, 2\n\t
+ mcrp15, 0, %1, c9, c12, 0\n\t
+ mcrp15, 0, %2, c9, c12, 1\n\t
+ :
+ : r(0x),
+ r(0x0005),
+ r(0x8000));
+}
+#endif
+
#if defined(CPU_ARM1136) || defined(CPU_ARM1176)
struct cpu_option arm11_options[] = {
{ cpu.cache, BIC, OR, (CPU_CONTROL_IC_ENABLE |
CPU_CONTROL_DC_ENABLE) },
@@ -1501,6 +1532,8 @@ arm11x6_setup(char *args)
/* And again. */
cpu_idcache_wbinv_all();
+
+ cpu_scc_setup_ccnt();
}
#endif /* CPU_ARM1136 || CPU_ARM1176 */
@@ -1535,6 +1568,8 @@ pj4bv7_setup(args)
/* And again. */
cpu_idcache_wbinv_all();
+
+ cpu_scc_setup_ccnt();
}
#endif /* CPU_MV_PJ4B */
@@ -1582,6 +1617,8 @@ cortexa_setup(char *args)
#ifdef SMP
armv7_auxctrl((1 6) | (1 0), (1 6) | (1 0)); /* Enable SMP
+ TLB broadcasting */
#endif
+
+ cpu_scc_setup_ccnt();
}
#endif /* CPU_CORTEXA */
Modified: head/sys/arm/include/cpu.h
==
--- head/sys/arm/include/cpu.h Wed May 14 19:02:00 2014(r266082)
+++ head/sys/arm/include/cpu.h Wed May 14 19:11:15 2014(r266083)
@@ -14,11 +14,26 @@ voidswi_vm(void *);
static __inline uint64_t
get_cyclecount(void)
{
+/* This '#if' asks the question 'Does CP15/SCC include performance counters?'
*/
+#if defined(CPU_ARM1136) || defined(CPU_ARM1176) \
+ || defined(CPU_MV_PJ4B) \
+ || defined(CPU_CORTEXA) || defined(CPU_KRAIT)
+ uint32_t ccnt;
+ uint64_t ccnt64;
+
+ /*
+* Read PMCCNTR. Curses! Its only 32 bits.
+* TODO: Fix this by catching overflow with interrupt?
+*/
+ __asm __volatile(mrc p15, 0, %0, c9, c13, 0: =r (ccnt));
+ ccnt64 = (uint64_t)ccnt;
+ return (ccnt64);
+#else /* No performance counters, so use binuptime(9). This is slow */
struct bintime bt;
binuptime(bt);
return ((uint64_t)bt.sec 56 | bt.frac 8);
-
+#endif
}
#endif
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to
svn commit: r264969 - head/sys/dev/random
Author: markm Date: Sat Apr 26 13:21:28 2014 New Revision: 264969 URL: http://svnweb.freebsd.org/changeset/base/264969 Log: Correctly set the sysctl format to Alphanumeric, rather than letting it default. Approved by: security-officer(des) Modified: head/sys/dev/random/random_adaptors.c Modified: head/sys/dev/random/random_adaptors.c == --- head/sys/dev/random/random_adaptors.c Sat Apr 26 13:05:56 2014 (r264968) +++ head/sys/dev/random/random_adaptors.c Sat Apr 26 13:21:28 2014 (r264969) @@ -220,12 +220,12 @@ random_adaptors_init(void *unused) SYSCTL_PROC(_kern_random, OID_AUTO, adaptors, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, - NULL, 0, random_sysctl_adaptors_handler, , + NULL, 0, random_sysctl_adaptors_handler, A, Random Number Generator adaptors); SYSCTL_PROC(_kern_random, OID_AUTO, active_adaptor, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, - NULL, 0, random_sysctl_active_adaptor_handler, , + NULL, 0, random_sysctl_active_adaptor_handler, A, Active Random Number Generator Adaptor); sx_init(adaptors_lock, random_adaptors); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r256446 - head/sys/modules/random
Author: markm Date: Mon Oct 14 17:43:22 2013 New Revision: 256446 URL: http://svnweb.freebsd.org/changeset/base/256446 Log: Add needed files to the KLD random.ko. Approved by: re (kib) Modified: head/sys/modules/random/Makefile Modified: head/sys/modules/random/Makefile == --- head/sys/modules/random/MakefileMon Oct 14 16:19:52 2013 (r256445) +++ head/sys/modules/random/MakefileMon Oct 14 17:43:22 2013 (r256446) @@ -11,6 +11,7 @@ SRCS+=nehemiah.c SRCS+= ivy.c .endif SRCS+= randomdev_soft.c yarrow.c hash.c +SRCS+= random_harvestq.c live_entropy_sources.c rwfile.c SRCS+= rijndael-alg-fst.c rijndael-api-fst.c sha2.c SRCS+= bus_if.h device_if.h vnode_if.h opt_cpu.h opt_random.h ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r256412 - head/sys/dev/random
Author: markm
Date: Sun Oct 13 00:10:48 2013
New Revision: 256412
URL: http://svnweb.freebsd.org/changeset/base/256412
Log:
There is an issue (not seen in our testing) where yarrow and
dummy switch priorities, and the users are left with no usable
/dev/random. The fix assigns priories to these and gives the users
what they want. The override tuneable has a stupid name (blame me!)
and this fixes it to be something that 'sysctl kern.random' emits
and is the right thing to set.
Approved by: re (gjb)
Approved by: secteam (cperciva)
Modified:
head/sys/dev/random/dummy_rng.c
head/sys/dev/random/random_adaptors.c
head/sys/dev/random/randomdev.h
head/sys/dev/random/randomdev_soft.c
Directory Properties:
head/sys/ (props changed)
Modified: head/sys/dev/random/dummy_rng.c
==
--- head/sys/dev/random/dummy_rng.c Sat Oct 12 23:51:00 2013
(r256411)
+++ head/sys/dev/random/dummy_rng.c Sun Oct 13 00:10:48 2013
(r256412)
@@ -102,6 +102,7 @@ struct random_adaptor dummy_random = {
.read = (random_read_func_t *)random_null_func,
.reseed = (random_reseed_func_t *)random_null_func,
.seeded = 0, /* This device can never be seeded */
+ .priority = 1, /* Bottom priority, so goes to last position */
};
static int
Modified: head/sys/dev/random/random_adaptors.c
==
--- head/sys/dev/random/random_adaptors.c Sat Oct 12 23:51:00 2013
(r256411)
+++ head/sys/dev/random/random_adaptors.c Sun Oct 13 00:10:48 2013
(r256412)
@@ -104,12 +104,13 @@ void
random_adaptor_choose(struct random_adaptor **adaptor)
{
char rngs[128], *token, *cp;
- struct random_adaptors *rpp;
+ struct random_adaptors *rppi, *ramax;
+ unsigned primax;
KASSERT(adaptor != NULL, (pre-conditions failed));
*adaptor = NULL;
- if (TUNABLE_STR_FETCH(rngs_want, rngs, sizeof(rngs))) {
+ if (TUNABLE_STR_FETCH(kern.random.active_adaptor, rngs,
sizeof(rngs))) {
cp = rngs;
while ((token = strsep(cp, ,)) != NULL)
@@ -120,16 +121,23 @@ random_adaptor_choose(struct random_adap
skipping\n, token);
}
+ primax = 0U;
if (*adaptor == NULL) {
/*
-* Fallback to the first thing that's on the list of
-* available RNGs.
+* Fall back to the highest priority item on the available
+* RNG list.
*/
sx_slock(adaptors_lock);
- rpp = LIST_FIRST(adaptors);
- if (rpp != NULL)
- *adaptor = rpp-rsp;
+ ramax = NULL;
+ LIST_FOREACH(rppi, adaptors, entries) {
+ if (rppi-rsp-priority = primax) {
+ ramax = rppi;
+ primax = rppi-rsp-priority;
+ }
+ }
+ if (ramax != NULL)
+ *adaptor = ramax-rsp;
sx_sunlock(adaptors_lock);
Modified: head/sys/dev/random/randomdev.h
==
--- head/sys/dev/random/randomdev.h Sat Oct 12 23:51:00 2013
(r256411)
+++ head/sys/dev/random/randomdev.h Sun Oct 13 00:10:48 2013
(r256412)
@@ -44,6 +44,7 @@ struct random_adaptor {
struct selinfo rsel;
const char *ident;
int seeded;
+ unsignedpriority;
random_init_func_t *init;
random_deinit_func_t*deinit;
random_block_func_t *block;
Modified: head/sys/dev/random/randomdev_soft.c
==
--- head/sys/dev/random/randomdev_soft.cSat Oct 12 23:51:00 2013
(r256411)
+++ head/sys/dev/random/randomdev_soft.cSun Oct 13 00:10:48 2013
(r256412)
@@ -84,6 +84,7 @@ static struct random_adaptor random_cont
.poll = randomdev_poll,
.reseed = randomdev_flush_reseed,
.seeded = 0, /* This will be seeded during entropy processing */
+ .priority = 90, /* High priority, so top of the list. Fortuna may still
win. */
};
#define RANDOM_MODULE_NAME yarrow
#define RANDOM_CSPRNG_NAME yarrow
@@ -99,6 +100,7 @@ static struct random_adaptor random_cont
.poll = randomdev_poll,
.reseed = randomdev_flush_reseed,
.seeded = 0, /* This will be excplicitly seeded at startup when secured
*/
+ .priority = 100, /* High priority, so top of the list. Beat Yarrow. */
};
#define RANDOM_MODULE_NAME fortuna
#define RANDOM_CSPRNG_NAME fortuna
svn commit: r255391 - head/sys/dev/random
Author: markm Date: Sun Sep 8 16:48:03 2013 New Revision: 255391 URL: http://svnweb.freebsd.org/changeset/base/255391 Log: Fix verbose output line; needs NL Submitted by: Sean Bruno sean_br...@yahoo.com Approved by: re (glebius) Modified: head/sys/dev/random/random_adaptors.c Modified: head/sys/dev/random/random_adaptors.c == --- head/sys/dev/random/random_adaptors.c Sun Sep 8 15:44:34 2013 (r255390) +++ head/sys/dev/random/random_adaptors.c Sun Sep 8 16:48:03 2013 (r255391) @@ -177,7 +177,7 @@ random_adaptor_choose(struct random_adap } if (bootverbose *adaptor) - printf(Falling back to %s random adaptor, + printf(Falling back to %s random adaptor\n, (*adaptor)-ident); } } ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r255362 - in head: share/examples/kld share/examples/kld/random_adaptor sys/conf sys/dev/glxsb sys/dev/hifn sys/dev/random sys/dev/rndtest sys/dev/safe sys/dev/ubsec sys/kern sys/mips/c...
Author: markm
Date: Sat Sep 7 14:15:13 2013
New Revision: 255362
URL: http://svnweb.freebsd.org/changeset/base/255362
Log:
Bring in some behind-the-scenes development, mainly By Arthur Mesh,
the rest by me.
o Namespace cleanup; the Yarrow name is now restricted to where it
really applies; this is in anticipation of being augmented or
replaced by Fortuna in the future. Fortuna is mentioned, but behind
#if logic, and is ignorable for now.
o The harvest queue is pulled out into its own modules.
o Entropy harvesting is emproved, both by being made more conservative,
and by separating (a bit!) the sources. Available entropy crumbs are
marginally improved.
o Selection of sources is made clearer. With recent revelations,
this will receive more work in the weeks and months to come.
Submitted by: Arthur Mesh (partly) arthurm...@gmail.com
Added:
head/share/examples/kld/random_adaptor/
- copied from r255353,
projects/random_number_generator/share/examples/kld/random_adaptor/
head/sys/dev/random/pseudo_rng.c
- copied unchanged from r255353,
projects/random_number_generator/sys/dev/random/pseudo_rng.c
head/sys/dev/random/random_harvestq.c
- copied unchanged from r255353,
projects/random_number_generator/sys/dev/random/random_harvestq.c
head/sys/dev/random/random_harvestq.h
- copied unchanged from r255353,
projects/random_number_generator/sys/dev/random/random_harvestq.h
Deleted:
head/sys/dev/random/probe.c
Modified:
head/share/examples/kld/Makefile
head/sys/conf/files
head/sys/dev/glxsb/glxsb.c
head/sys/dev/hifn/hifn7751.c
head/sys/dev/random/harvest.c
head/sys/dev/random/hash.c
head/sys/dev/random/hash.h
head/sys/dev/random/random_adaptors.c
head/sys/dev/random/random_adaptors.h
head/sys/dev/random/randomdev.c
head/sys/dev/random/randomdev.h
head/sys/dev/random/randomdev_soft.c
head/sys/dev/random/randomdev_soft.h
head/sys/dev/random/yarrow.c
head/sys/dev/random/yarrow.h
head/sys/dev/rndtest/rndtest.c
head/sys/dev/safe/safe.c
head/sys/dev/ubsec/ubsec.c
head/sys/kern/kern_intr.c
head/sys/mips/cavium/octeon_rnd.c
head/sys/modules/random/Makefile
head/sys/net/if_ethersubr.c
head/sys/net/if_tun.c
head/sys/netgraph/ng_iface.c
head/sys/sys/random.h
Directory Properties:
head/ (props changed)
head/sys/ (props changed)
Modified: head/share/examples/kld/Makefile
==
--- head/share/examples/kld/MakefileSat Sep 7 14:04:10 2013
(r255361)
+++ head/share/examples/kld/MakefileSat Sep 7 14:15:13 2013
(r255362)
@@ -67,6 +67,6 @@
# $FreeBSD$
#
-SUBDIR=cdev dyn_sysctl firmware khelp syscall
+SUBDIR=cdev dyn_sysctl firmware khelp random_adaptor syscall
.include bsd.subdir.mk
Modified: head/sys/conf/files
==
--- head/sys/conf/files Sat Sep 7 14:04:10 2013(r255361)
+++ head/sys/conf/files Sat Sep 7 14:15:13 2013(r255362)
@@ -2042,8 +2042,9 @@ rt2860.fw optional rt2860fw | ralfw
\
clean rt2860.fw
dev/random/harvest.c standard
dev/random/hash.c optional random
-dev/random/probe.c optional random
+dev/random/pseudo_rng.cstandard
dev/random/random_adaptors.c standard
+dev/random/random_harvestq.c standard
dev/random/randomdev.c optional random
dev/random/randomdev_soft.coptional random
dev/random/yarrow.coptional random
Modified: head/sys/dev/glxsb/glxsb.c
==
--- head/sys/dev/glxsb/glxsb.c Sat Sep 7 14:04:10 2013(r255361)
+++ head/sys/dev/glxsb/glxsb.c Sat Sep 7 14:15:13 2013(r255362)
@@ -476,7 +476,7 @@ glxsb_rnd(void *v)
if (status SB_RNS_TRNG_VALID) {
value = bus_read_4(sc-sc_sr, SB_RANDOM_NUM);
/* feed with one uint32 */
- random_harvest(value, 4, 32, 0, RANDOM_PURE);
+ random_harvest(value, 4, 32/2, 0, RANDOM_PURE);
}
callout_reset(sc-sc_rngco, sc-sc_rnghz, glxsb_rnd, sc);
Modified: head/sys/dev/hifn/hifn7751.c
==
--- head/sys/dev/hifn/hifn7751.cSat Sep 7 14:04:10 2013
(r255361)
+++ head/sys/dev/hifn/hifn7751.cSat Sep 7 14:15:13 2013
(r255362)
@@ -258,7 +258,7 @@ hifn_partname(struct hifn_softc *sc)
static void
default_harvest(struct rndtest_state *rsp, void *buf, u_int count)
{
- random_harvest(buf, count, count*NBBY, 0, RANDOM_PURE);
+ random_harvest(buf, count, count*NBBY/2, 0, RANDOM_PURE);
}
static u_int
Modified: head/sys/dev/random/harvest.c
==
---
svn commit: r255379 - head/sys/dev/random
Author: markm
Date: Sat Sep 7 22:07:36 2013
New Revision: 255379
URL: http://svnweb.freebsd.org/changeset/base/255379
Log:
Fix the build; Certain linkable symbols need to always be present.
Pass the pointy hat please.
Also unblock the software (Yarrow) generator for now. This will be
reverted; Yarrow needs to block until secure, not this behaviour
of serving as soon as asked.
Folks with specific requiremnts will be able to (can!) unblock this
device with any write, and are encouraged to do so in /etc/rc.d/*
scripting. (Any in this case could be echo '' /dev/random as
root).
Modified:
head/sys/dev/random/pseudo_rng.c
head/sys/dev/random/random_adaptors.c
head/sys/dev/random/random_adaptors.h
head/sys/dev/random/randomdev.c
head/sys/dev/random/randomdev.h
head/sys/dev/random/randomdev_soft.c
Modified: head/sys/dev/random/pseudo_rng.c
==
--- head/sys/dev/random/pseudo_rng.cSat Sep 7 20:52:31 2013
(r255378)
+++ head/sys/dev/random/pseudo_rng.cSat Sep 7 22:07:36 2013
(r255379)
@@ -39,6 +39,12 @@ __FBSDID($FreeBSD$);
static struct mtx pseudo_random_block_mtx;
+/* Used to fake out unused random calls in random_adaptor */
+void
+random_null_func(void)
+{
+}
+
static int
pseudo_random_block_read(void *buf __unused, int c __unused)
{
Modified: head/sys/dev/random/random_adaptors.c
==
--- head/sys/dev/random/random_adaptors.c Sat Sep 7 20:52:31 2013
(r255378)
+++ head/sys/dev/random/random_adaptors.c Sat Sep 7 22:07:36 2013
(r255379)
@@ -53,6 +53,8 @@ static struct sx adaptors_lock; /* need
/* List for the dynamic sysctls */
static struct sysctl_ctx_list random_clist;
+struct random_adaptor *random_adaptor;
+
MALLOC_DEFINE(M_RANDOM_ADAPTORS, random_adaptors, Random adaptors buffers);
int
@@ -230,7 +232,7 @@ random_sysctl_active_adaptor_handler(SYS
int error;
name = NULL;
- rsp = random_get_active_adaptor();
+ rsp = random_adaptor;
if (rsp != NULL) {
sx_slock(adaptors_lock);
Modified: head/sys/dev/random/random_adaptors.h
==
--- head/sys/dev/random/random_adaptors.h Sat Sep 7 20:52:31 2013
(r255378)
+++ head/sys/dev/random/random_adaptors.h Sat Sep 7 22:07:36 2013
(r255379)
@@ -41,6 +41,8 @@ struct random_adaptor *random_adaptor_ge
int random_adaptor_register(const char *, struct random_adaptor *);
void random_adaptor_choose(struct random_adaptor **);
+extern struct random_adaptor *random_adaptor;
+
/*
* random_adaptor's should be registered prior to
* random module (SI_SUB_DRIVERS/SI_ORDER_MIDDLE)
Modified: head/sys/dev/random/randomdev.c
==
--- head/sys/dev/random/randomdev.c Sat Sep 7 20:52:31 2013
(r255378)
+++ head/sys/dev/random/randomdev.c Sat Sep 7 22:07:36 2013
(r255379)
@@ -72,27 +72,12 @@ static struct cdevsw random_cdevsw = {
.d_name = random,
};
-static struct random_adaptor *random_adaptor;
static eventhandler_tag attach_tag;
static int random_inited;
-
/* For use with make_dev(9)/destroy_dev(9). */
static struct cdev *random_dev;
-/* Used to fake out unused random calls in random_adaptor */
-void
-random_null_func(void)
-{
-}
-
-struct random_adaptor *
-random_get_active_adaptor(void)
-{
-
- return (random_adaptor);
-}
-
/* ARGSUSED */
static int
random_close(struct cdev *dev __unused, int flags, int fmt __unused,
Modified: head/sys/dev/random/randomdev.h
==
--- head/sys/dev/random/randomdev.h Sat Sep 7 20:52:31 2013
(r255378)
+++ head/sys/dev/random/randomdev.h Sat Sep 7 22:07:36 2013
(r255379)
@@ -53,4 +53,3 @@ struct random_adaptor {
extern void random_ident_hardware(struct random_adaptor **);
extern void random_null_func(void);
-struct random_adaptor *random_get_active_adaptor(void);
Modified: head/sys/dev/random/randomdev_soft.c
==
--- head/sys/dev/random/randomdev_soft.cSat Sep 7 20:52:31 2013
(r255378)
+++ head/sys/dev/random/randomdev_soft.cSat Sep 7 22:07:36 2013
(r255379)
@@ -79,7 +79,7 @@ static struct random_adaptor random_cont
.write = randomdev_write,
.poll = randomdev_poll,
.reseed = randomdev_flush_reseed,
- .seeded = 0,
+ .seeded = 1,
};
#define RANDOM_MODULE_NAME yarrow
#define RANDOM_CSPRNG_NAME yarrow
@@ -95,7 +95,7 @@ static struct random_adaptor random_cont
.write = randomdev_write,
.poll = randomdev_poll,
.reseed =
Re: svn commit: r253779 - in head: . share/man/man4 sys/amd64/conf sys/arm/conf sys/conf sys/dev/random sys/i386/conf sys/ia64/conf sys/mips/conf sys/modules sys/modules/random sys/pc98/conf sys/power
This looks like a Good Thing(™), thank you! I'm doing an implementation of Fortuna CSPRNG, and this is going to save me a BUNCH of work! M On 29 Jul 2013, at 21:26, David E. O'Brien obr...@freebsd.org wrote: Author: obrien Date: Mon Jul 29 20:26:27 2013 New Revision: 253779 URL: http://svnweb.freebsd.org/changeset/base/253779 Log: Decouple yarrow from random(4) device. -- Mark R V Murray ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r230230 - head/sys/dev/random
Andrey Chernov writes: On Thu, Jan 26, 2012 at 10:13:41PM +0400, Andrey Chernov wrote: On Thu, Jan 26, 2012 at 12:52:43PM -0500, David Schultz wrote: Why complicate things with atomics at all? A race might result in arc4random(9) being seeded multiple times, but that's harmless. Multiply seeding in line is harmless, just waste of time and resources. Other case is one missing seeding when variable is set concurrently with its read. I see no complication using atomic. Latest version is even shorter than previous ones. Well, I almost forget about my special case: I have personal prohibition from @secteam (5 years old already) to commit anything to all RNG areas. So, the question is: could anyone of you commit some version from this thread, please? Sure; I'll do it. Please give me your test code/cases. I don't insist of atomics in this sutuation, so you can peek any version you like. I'll need to clearly see what works. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r230230 - head/sys/dev/random
David Schultz writes: Although current version with current kernel flags works, I forget it is implementation defined in general and not always equal to sizeof(int), f.e. with gcc --short-enums. I'll remade it with #defines, thanx again. Why complicate things with atomics at all? A race might result in arc4random(9) being seeded multiple times, but that's harmless. The race that worries me is that consumers that call arc4random() before it is properly seeded will get predictable numbers. To fix that robustly, we'd either have to move arc4random() into the random module (tricky given all the places where it's used), or make the random module a mandatory part of the kernel. There is a VERY old problem here, and it is of the chicken vs egg variety. The random device won't unlock until it has enough entropy, and there are things in the kernel that appear to need random enough numbers earlier than that. It ought to be possible to unlock the CSPRNG by harvesting entropy earlier, but this is hard work. Very hard work. Unless you have entropy-generating hardware. In the meanwhile, you are left with other alternatives; reseed arc4random() with some early entropy; try to move entropy consumers to later in the boot sequence; try to not depend on entropy early on, and correct for this later (where necessary). There are loads of other alternatives. What you can't do is unlock before you have enough entropy, and that won't happen until the running kernel has had some time to accumulate this. I am in favour of treating arc4random() as a PRNG with (say) the date/time, the TSC register and other easy-to-get data as the first seed. After that its treated as a CSPRNG. This requires that early consumers know the limitations and adapt to them. The notion of making arc4random() block would be silly; the point of the thing is that it always returns numbers, and after the random device seeds, it should always be good. OpenSSL addresses the issue by providing two APIs: RAND_bytes() requires a good entropy source and produces cryptographically strong pseudorandomness. RAND_pseudo_bytes() produces good (but not necessarily unpredictable) randomness, even in the absence of an entropy source. Applications call one interface or the other, depending on whether they require cryptographic- quality randomness. You are treading on graves here :-). An ancient bikeshed is buried in the vicinty. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r230230 - head/sys/dev/random
Andrey Chernov writes: The usual way round this is with a flag. Set a static, volatile flag, defaulting off, and set it to on when the seeding has happened. Then arc4random() can do the right thing, depending on this flag. Ok, what about this version, is it right? libkern/arc4rand.c is not a module but always present in the kernel, so arc4rand_iniseed_state will be always accessible. --- dev/random/randomdev_soft.c.old 2011-09-26 07:35:48.0 +0400 +++ dev/random/randomdev_soft.c 2012-01-21 01:41:37.0 +0400 @@ -55,6 +55,8 @@ __FBSDID($FreeBSD: src/sys/dev/random/r #define RANDOM_FIFO_MAX 256 /* How many events to queue up */ +extern int arc4rand_iniseed_state; + Should be in a header file, nad _possibly_ should be volatile. If it works without being volatile, then OK. The rest is OK. I've not tested it, so this is not a review, simply an OK :-) M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r230230 - head/sys/dev/random
Andrey Chernov writes: Should be in a header file, nad _possibly_ should be volatile. If it works without being volatile, then OK. It was preliminary patch just to confirm/deny my understanding of your idea. Ah, OK - in which case you got the idea correctly! I'll put it into header. Cool. In the final version I also plan to move that lines + if (arc4rand_iniseed_state == 1) + arc4rand_iniseed_state = -1; into arc4_randomstir() where they will be protected with mutex lock, so volatile will be not needed. It will be more logical, because other reseeding conditions are resetted there too. Great. The rest is OK. I've not tested it, so this is not a review, simply an OK :-) Thanx for review! I'll send final version to this thread a bit later when I'll find more free time. No problem. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r230230 - head/sys/dev/random
Andrey Chernov writes: Look at the function random_yarrow_unblock(). Thats where yopu want to be doing this. This function is where the random device is unblocked once safely seeded. Thanx for your hint, but I fear one moment using random_yarrow_unblock(). It is called under mtx_lock(random_reseed_mtx) in reseed(). And when arc4rand() seeding is called, it uses read_random(), so I see possible deadlock can happens. The usual way round this is with a flag. Set a static, volatile flag, defaulting off, and set it to on when the seeding has happened. Then arc4random() can do the right thing, depending on this flag. In my version arc4rand() seeding happens only when this lock is released, so no blocking is possible. Sure, but the dependancies created are problematic in their own right. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r230230 - head/sys/dev/random
Andrey Chernov writes: On Mon, Jan 16, 2012 at 08:18:10PM +, David Schultz wrote: Author: das Date: Mon Jan 16 20:18:10 2012 New Revision: 230230 URL: http://svn.freebsd.org/changeset/base/230230 Log: Generate a warning if the kernel's arc4random() is seeded with bogus entropy. While you are here, could you review/commit my patch to fix bad 31bit arc4rand() seeding, please? --- yarrow.c.bak 2011-09-26 07:35:48.0 +0400 +++ yarrow.c 2012-01-18 10:13:47.0 +0400 This is the wrong place for this; it may achieve the desired result, but the file is where the Yarrow algorithm is implepeneted; ARC4 reseeds are not a part of that, which makes this proposal a layering violation at best, and an unwarranted dependancy at worst. Look at the function random_yarrow_unblock(). Thats where yopu want to be doing this. This function is where the random device is unblocked once safely seeded. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r220497 - head/lib/libcrypt
David O'Brien writes: On Sat, Apr 09, 2011 at 02:02:04PM +, Mark Murray wrote: Log: Add SHA256/512 ($5$ and $6$) to crypt(3). Used in linux-world, doesn't hurt us. Would you mind if I committed this to be a more consistent with the existing naming? Be my guest. M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r220496 - head/lib/libmd
Author: markm
Date: Sat Apr 9 13:56:29 2011
New Revision: 220496
URL: http://svn.freebsd.org/changeset/base/220496
Log:
Add SHA512 (Actually, this is Colin Percival's code for SHA256, with
relevant constants changed).
While I'm here clean up the tests and Makefile.
PR: misc/124164
Submitted by: KIMURA Yasuhiro yasu utahime org
MFC after:1 month
Added:
head/lib/libmd/sha512.3 (contents, props changed)
head/lib/libmd/sha512.h (contents, props changed)
head/lib/libmd/sha512c.c (contents, props changed)
Modified:
head/lib/libmd/Makefile
head/lib/libmd/mddriver.c
head/lib/libmd/rmddriver.c
head/lib/libmd/shadriver.c
Modified: head/lib/libmd/Makefile
==
--- head/lib/libmd/Makefile Sat Apr 9 13:45:13 2011(r220495)
+++ head/lib/libmd/Makefile Sat Apr 9 13:56:29 2011(r220496)
@@ -5,12 +5,13 @@ SHLIBDIR?= /lib
SRCS= md2c.c md4c.c md5c.c md2hl.c md4hl.c md5hl.c \
rmd160c.c rmd160hl.c \
sha0c.c sha0hl.c sha1c.c sha1hl.c \
- sha256c.c sha256hl.c
-INCS= md2.h md4.h md5.h ripemd.h sha.h sha256.h
+ sha256c.c sha256hl.c \
+ sha512c.c sha512hl.c
+INCS= md2.h md4.h md5.h ripemd.h sha.h sha256.h sha512.h
WARNS?=0
-MAN+= md2.3 md4.3 md5.3 ripemd.3 sha.3 sha256.3
+MAN+= md2.3 md4.3 md5.3 ripemd.3 sha.3 sha256.3 sha512.3
MLINKS+=md2.3 MD2Init.3 md2.3 MD2Update.3 md2.3 MD2Final.3
MLINKS+=md2.3 MD2End.3 md2.3 MD2File.3 md2.3 MD2FileChunk.3
MLINKS+=md2.3 MD2Data.3
@@ -34,10 +35,15 @@ MLINKS+=sha256.3 SHA256_Init.3 sha256.3
MLINKS+=sha256.3 SHA256_Final.3 sha256.3 SHA256_End.3
MLINKS+=sha256.3 SHA256_File.3 sha256.3 SHA256_FileChunk.3
MLINKS+=sha256.3 SHA256_Data.3
+MLINKS+=sha512.3 SHA512_Init.3 sha512.3 SHA512_Update.3
+MLINKS+=sha512.3 SHA512_Final.3 sha512.3 SHA512_End.3
+MLINKS+=sha512.3 SHA512_File.3 sha512.3 SHA512_FileChunk.3
+MLINKS+=sha512.3 SHA512_Data.3
CLEANFILES+= md[245]hl.c md[245].ref md[245].3 mddriver \
rmd160.ref rmd160hl.c rmddriver \
sha0.ref sha0hl.c sha1.ref sha1hl.c shadriver \
- sha256.ref sha256hl.c
+ sha256.ref sha256hl.c sha512.ref sha512hl.c
+
CFLAGS+= -I${.CURDIR}
.PATH: ${.CURDIR}/${MACHINE_ARCH}
@@ -81,6 +87,12 @@ sha256hl.c: mdXhl.c
-e 's/SHA256__/SHA256_/g' \
${.ALLSRC}) ${.TARGET}
+sha512hl.c: mdXhl.c
+ (echo '#define LENGTH 64'; \
+ sed -e 's/mdX/sha512/g' -e 's/MDX/SHA512_/g'\
+ -e 's/SHA512__/SHA512_/g' \
+ ${.ALLSRC}) ${.TARGET}
+
rmd160hl.c: mdXhl.c
(echo '#define LENGTH 20'; \
sed -e 's/mdX/ripemd/g' -e 's/MDX/RIPEMD160_/g' \
@@ -110,8 +122,10 @@ md4.ref:
@echo 'MD4 (abc) = a448017aaf21d8525fc10ae87aa6729d' ${.TARGET}
@echo 'MD4 (message digest) = d9130a8164549fe818874806e1c7014b'
${.TARGET}
@echo 'MD4 (abcdefghijklmnopqrstuvwxyz) =
d79e1c308aa5bbcdeea8ed63df412da9' ${.TARGET}
- @echo 'MD4
(ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789) =
043f8582f241db351ce627e153e7f0e4' ${.TARGET}
- @echo 'MD4
(12345678901234567890123456789012345678901234567890123456789012345678901234567890)
= e33b4ddc9c38f2199c3e7b164fcc0536' ${.TARGET}
+ @echo 'MD4
(ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789) =' \
+ '043f8582f241db351ce627e153e7f0e4' ${.TARGET}
+ @echo 'MD4
(12345678901234567890123456789012345678901234567890123456789012345678901234567890)
=' \
+ 'e33b4ddc9c38f2199c3e7b164fcc0536' ${.TARGET}
md5.ref:
echo 'MD5 test suite:' ${.TARGET}
@@ -124,54 +138,74 @@ md5.ref:
@echo 'MD5
(12345678901234567890123456789012345678901234567890123456789012345678901234567890)
= 57edf4a22be3c955ac49da2e2107b67a' ${.TARGET}
sha0.ref:
- (echo 'SHA-0 test suite:'; \
- echo 'SHA-0 () = f96cea198ad1dd5617ac084a3d92c6107708c0ef'; \
- echo 'SHA-0 (abc) = 0164b8a914cd2a5e74c4f7ff082c4d97f1edf880'; \
- echo 'SHA-0 (message digest) =' \
- 'c1b0f222d150ebb9aa36a40cafdc8bcbed830b14'; \
- echo 'SHA-0 (abcdefghijklmnopqrstuvwxyz) =' \
- 'b40ce07a430cfd3c033039b9fe9afec95dc1bdcd'; \
- echo 'SHA-0
(ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789) =' \
- '79e966f7a3a990df33e40e3d7f8f18d2caebadfa'; \
- echo 'SHA-0
(12345678901234567890123456789012345678901234567890123456789012345678901234567890)
=' \
- '4aa29d14d171522ece47bee8957e35a41f3e9cff' ) ${.TARGET}
+ echo 'SHA-0 test suite:' ${.TARGET}
+ @echo 'SHA-0 () = f96cea198ad1dd5617ac084a3d92c6107708c0ef'
${.TARGET}
+ @echo 'SHA-0 (abc) = 0164b8a914cd2a5e74c4f7ff082c4d97f1edf880'
${.TARGET}
+ @echo 'SHA-0 (message digest) =' \
+
svn commit: r220497 - head/lib/libcrypt
Author: markm
Date: Sat Apr 9 14:02:04 2011
New Revision: 220497
URL: http://svn.freebsd.org/changeset/base/220497
Log:
Add SHA256/512 ($5$ and $6$) to crypt(3). Used in linux-world, doesn't
hurt us.
PR: misc/124164
Submitted by: KIMURA Yasuhiro yasu utahime org
MFC after:1 month
Added:
head/lib/libcrypt/crypt-sha256.c (contents, props changed)
head/lib/libcrypt/crypt-sha512.c (contents, props changed)
Modified:
head/lib/libcrypt/Makefile
head/lib/libcrypt/crypt.c
head/lib/libcrypt/crypt.h
head/lib/libcrypt/misc.c
Modified: head/lib/libcrypt/Makefile
==
--- head/lib/libcrypt/Makefile Sat Apr 9 13:56:29 2011(r220496)
+++ head/lib/libcrypt/Makefile Sat Apr 9 14:02:04 2011(r220497)
@@ -12,7 +12,9 @@ LIB= crypt
.PATH: ${.CURDIR}/../libmd
SRCS= crypt.c misc.c \
crypt-md5.c md5c.c \
- crypt-nthash.c md4c.c
+ crypt-nthash.c md4c.c \
+ crypt-sha256.c sha256c.c \
+ crypt-sha512.c sha512c.c
MAN= crypt.3
MLINKS=crypt.3 crypt_get_format.3 crypt.3 crypt_set_format.3
CFLAGS+= -I${.CURDIR}/../libmd -I${.CURDIR}/../libutil
Added: head/lib/libcrypt/crypt-sha256.c
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libcrypt/crypt-sha256.cSat Apr 9 14:02:04 2011
(r220497)
@@ -0,0 +1,477 @@
+/*
+ * Copyright (c) 2011 The FreeBSD Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/* Based on:
+ * SHA256-based Unix crypt implementation. Released into the Public Domain by
+ * Ulrich Drepper drep...@redhat.com. */
+
+#include sys/cdefs.h
+__FBSDID($FreeBSD$);
+
+#include sys/endian.h
+#include sys/param.h
+
+#include errno.h
+#include limits.h
+#include sha256.h
+#include stdbool.h
+#include stdint.h
+#include stdio.h
+#include stdlib.h
+#include string.h
+
+#include crypt.h
+
+/* Define our magic string to mark salt for SHA256 encryption replacement. */
+static const char sha256_salt_prefix[] = $5$;
+
+/* Prefix for optional rounds specification. */
+static const char sha256_rounds_prefix[] = rounds=;
+
+/* Maximum salt string length. */
+#define SALT_LEN_MAX 16
+/* Default number of rounds if not explicitly specified. */
+#define ROUNDS_DEFAULT 5000
+/* Minimum number of rounds. */
+#define ROUNDS_MIN 1000
+/* Maximum number of rounds. */
+#define ROUNDS_MAX 9
+
+static char *
+sha256_crypt_r(const char *key, const char *salt, char *buffer, int buflen)
+{
+ u_long srounds;
+ int n;
+ uint8_t alt_result[32], temp_result[32];
+ SHA256_CTX ctx, alt_ctx;
+ size_t salt_len, key_len, cnt, rounds;
+ char *cp, *copied_key, *copied_salt, *p_bytes, *s_bytes, *endp;
+ const char *num;
+ bool rounds_custom;
+
+ copied_key = NULL;
+ copied_salt = NULL;
+
+ /* Default number of rounds. */
+ rounds = ROUNDS_DEFAULT;
+ rounds_custom = false;
+
+ /* Find beginning of salt string. The prefix should normally always
+* be present. Just in case it is not. */
+ if (strncmp(sha256_salt_prefix, salt, sizeof(sha256_salt_prefix) - 1)
== 0)
+ /* Skip salt prefix. */
+ salt += sizeof(sha256_salt_prefix) - 1;
+
+ if (strncmp(salt, sha256_rounds_prefix, sizeof(sha256_rounds_prefix) -
1)
+ == 0) {
+ num = salt + sizeof(sha256_rounds_prefix) - 1;
+ srounds = strtoul(num, endp, 10);
+
+ if (*endp == '$')
svn commit: r215455 - in head: . cddl
Author: markm
Date: Thu Nov 18 16:32:52 2010
New Revision: 215455
URL: http://svn.freebsd.org/changeset/base/215455
Log:
Do not lint code beyond necessity (with apologies to Wiliam of Ockham).
Don't lint externally maintained CDDL code, or relint the 32-bit libraries
in amd64 mode.
Modified:
head/Makefile.inc1
head/cddl/Makefile.inc
Modified: head/Makefile.inc1
==
--- head/Makefile.inc1 Thu Nov 18 13:38:33 2010(r215454)
+++ head/Makefile.inc1 Thu Nov 18 16:32:52 2010(r215455)
@@ -322,7 +322,7 @@ LIB32WMAKEENV+= MAKEOBJDIRPREFIX=${OBJTR
LIB32WMAKE=${LIB32WMAKEENV} ${MAKE} -DNO_CPU_CFLAGS -DCOMPAT_32BIT \
-DWITHOUT_BIND -DWITHOUT_MAN -DWITHOUT_INFO \
- -DWITHOUT_HTML -DNO_CTF DESTDIR=${LIB32TMP}
+ -DWITHOUT_HTML -DNO_CTF -DNO_LINT DESTDIR=${LIB32TMP}
LIB32IMAKE=${LIB32WMAKE:NINSTALL=*:NDESTDIR=*} -DNO_INCS
.endif
Modified: head/cddl/Makefile.inc
==
--- head/cddl/Makefile.inc Thu Nov 18 13:38:33 2010(r215454)
+++ head/cddl/Makefile.inc Thu Nov 18 16:32:52 2010(r215455)
@@ -9,3 +9,8 @@ CFLAGS+=-DNEED_SOLARIS_BOOLEAN
WARNS?=6
CSTD?= gnu89
+
+# Do not lint the CDDL stuff. It is all externally maintained and
+# lint output is wasteful noise here.
+
+NO_LINT=
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r215463 - head/contrib/ipfilter/man
Author: markm Date: Thu Nov 18 18:22:58 2010 New Revision: 215463 URL: http://svn.freebsd.org/changeset/base/215463 Log: Fix paths for example files. Modified: head/contrib/ipfilter/man/ipnat.8 head/contrib/ipfilter/man/mkfilters.1 Modified: head/contrib/ipfilter/man/ipnat.8 == --- head/contrib/ipfilter/man/ipnat.8 Thu Nov 18 18:09:25 2010 (r215462) +++ head/contrib/ipfilter/man/ipnat.8 Thu Nov 18 18:22:58 2010 (r215463) @@ -66,6 +66,6 @@ and active rules/table entries. .SH FILES /dev/ipnat .br -/usr/share/examples/ipf Directory with examples. +/usr/share/examples/ipfilter Directory with examples. .SH SEE ALSO ipnat(5), ipf(8), ipfstat(8) Modified: head/contrib/ipfilter/man/mkfilters.1 == --- head/contrib/ipfilter/man/mkfilters.1 Thu Nov 18 18:09:25 2010 (r215462) +++ head/contrib/ipfilter/man/mkfilters.1 Thu Nov 18 18:22:58 2010 (r215463) @@ -6,7 +6,7 @@ mkfilters \- generate a minimal firewall .SH SYNOPSIS .B mkfilters .SH FILES -/usr/share/examples/ipf/mkfilters +/usr/share/examples/ipfilter/mkfilters .SH DESCRIPTION .PP \fBmkfilters\fP is a perl script that generates a minimal filter rule set for ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r213585 - head/tools/build/mk
Alexander Leidinger writes: src/usr.sbin/mailwrapper/Makefile What am I doing wrong? I did not do a correct copypaste... put the result is the same. ---snip--- % grep rmail /usr/src/usr.sbin/mailwrapper % grep rmail /usr/src/usr.sbin/mailwrapper/Makefile My foul-up, sorry. It looks like I managed to not properly undo a local commit. I'll be committing the relevant bits shortly (properly this time!) Sorry about that! M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r213749 - head/usr.sbin/mailwrapper
Author: markm
Date: Tue Oct 12 21:01:26 2010
New Revision: 213749
URL: http://svn.freebsd.org/changeset/base/213749
Log:
Create the /bin/rmail symlink (which mailers such as postfix
and Exim can use).
This is something I thought I committed MONTHS ago, but it appears
that I fatfingered it and made a local commit.
Pass the pointy hat, please.
Modified:
head/usr.sbin/mailwrapper/Makefile
Modified: head/usr.sbin/mailwrapper/Makefile
==
--- head/usr.sbin/mailwrapper/Makefile Tue Oct 12 20:53:12 2010
(r213748)
+++ head/usr.sbin/mailwrapper/Makefile Tue Oct 12 21:01:26 2010
(r213749)
@@ -22,6 +22,10 @@ SYMLINKS+= /usr/libexec/sendmail/sendmai
.endif
.endif
+.if ${MK_MAILWRAPPER} != no ${MK_SENDMAIL} == no
+SYMLINKS+= ${BINDIR}/mailwrapper /bin/rmail
+.endif
+
.if ${MK_MAILWRAPPER} != no
.if !exists(${DESTDIR}/etc/mail/mailer.conf)
FILES= ${.CURDIR}/../../etc/mail/mailer.conf
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r213749 - head/usr.sbin/mailwrapper
Mark Murray writes: URL: http://svn.freebsd.org/changeset/base/213749 Log: Create the /bin/rmail symlink (which mailers such as postfix and Exim can use). This is something I thought I committed MONTHS ago, but it appears that I fatfingered it and made a local commit. Pass the pointy hat, please. Modified: head/usr.sbin/mailwrapper/Makefile Diligent prodding by: Alexander Leidinger M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r213585 - head/tools/build/mk
Alexander Leidinger writes: Can you please point out where rmail is installed when MK_SENDMAIL=no and MK_MAILWRAPPER!=no? I can not find such a place. src/usr.sbin/mailwrapper/Makefile M -- Mark R V Murray Cert APS(Open) Dip Phys(Open) BSc Open(Open) BSc(Hons)(Open) Pi: 132511160 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r213585 - head/tools/build/mk
Author: markm
Date: Fri Oct 8 17:42:09 2010
New Revision: 213585
URL: http://svn.freebsd.org/changeset/base/213585
Log:
Don't blow away /bin/rmail symlink if we are keeping mailwrapper.
Mailwrapper can provide a perfectly good rmail with other
mailers.
Modified:
head/tools/build/mk/OptionalObsoleteFiles.inc
Modified: head/tools/build/mk/OptionalObsoleteFiles.inc
==
--- head/tools/build/mk/OptionalObsoleteFiles.inc Fri Oct 8 16:33:25
2010(r213584)
+++ head/tools/build/mk/OptionalObsoleteFiles.inc Fri Oct 8 17:42:09
2010(r213585)
@@ -2003,7 +2003,9 @@ OLD_FILES+=etc/periodic/daily/210.backup
OLD_FILES+=etc/periodic/daily/440.status-mailq
OLD_FILES+=etc/periodic/daily/460.status-mail-rejects
OLD_FILES+=etc/periodic/daily/500.queuerun
+.if ${MK_MAILWRAPPER} == no
OLD_FILES+=bin/rmail
+.endif
OLD_FILES+=usr/bin/vacation
OLD_FILES+=usr/include/libmilter/mfapi.h
OLD_FILES+=usr/include/libmilter/mfdef.h
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r213609 - head/share/man/man5
Author: markm Date: Fri Oct 8 20:13:12 2010 New Revision: 213609 URL: http://svn.freebsd.org/changeset/base/213609 Log: Extend the example section a bit, for other mailers. Modified: head/share/man/man5/mailer.conf.5 Modified: head/share/man/man5/mailer.conf.5 == --- head/share/man/man5/mailer.conf.5 Fri Oct 8 20:12:00 2010 (r213608) +++ head/share/man/man5/mailer.conf.5 Fri Oct 8 20:13:12 2010 (r213609) @@ -31,7 +31,7 @@ .\ .\ $FreeBSD$ .\ -.Dd May 31, 2006 +.Dd October 8, 2010 .Dt MAILER.CONF 5 .Os .Sh NAME @@ -99,8 +99,9 @@ mailq /usr/libexec/sendmail/sendmail newaliases /usr/libexec/sendmail/sendmail .Ed .Pp -This example shows how to invoke a sendmail-workalike like Postfix in -place of +This example shows how to invoke a sendmail-workalike like +.Nm Postfix +in place of .Xr sendmail 8 : .Bd -literal -offset indent # Emulate sendmail using postfix @@ -110,6 +111,22 @@ mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail .Ed .Pp +This example shows +how to invoke +a sendmail-workalike with +.Nm Exim +(from ports) +in place of +.Xr sendmail 8 : +.Bd -literal -offset indent +# Emulate sendmail using exim +sendmail /usr/local/sbin/exim +send-mail /usr/local/sbin/exim +mailq /usr/local/sbin/exim -bp +newaliases /usr/bin/true +rmail /usr/local/sbin/exim -i -oee +.Ed +.Pp This example shows the use of the .Nm mini_sendmail package from ports in place of ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r213611 - head/usr.sbin/ypbind
Author: markm
Date: Fri Oct 8 20:17:17 2010
New Revision: 213611
URL: http://svn.freebsd.org/changeset/base/213611
Log:
Don't let the available/not available logs flap quite so badly. In the
case of a multi-interfaced host, sub-second flapping can fill up the logs
too quickly. This fixes that.
Modified:
head/usr.sbin/ypbind/ypbind.c
Modified: head/usr.sbin/ypbind/ypbind.c
==
--- head/usr.sbin/ypbind/ypbind.c Fri Oct 8 20:13:42 2010
(r213610)
+++ head/usr.sbin/ypbind/ypbind.c Fri Oct 8 20:17:17 2010
(r213611)
@@ -116,6 +116,9 @@ int ypsetmode = YPSET_NO;
int ypsecuremode = 0;
int ppid;
+#define NOT_RESPONDING_HYSTERESIS 10
+static int not_responding_count = 0;
+
/*
* Special restricted mode variables: when in restricted mode, only the
* specified restricted_domain will be bound, and only the servers listed
@@ -654,9 +657,13 @@ broadcast(struct _dom_binding *ypdb)
return;
}
- if (ypdb-dom_vers == -1 (long)ypdb-dom_server_addr.sin_addr.s_addr)
- syslog(LOG_WARNING, NIS server [%s] for domain \%s\ not
responding,
- inet_ntoa(ypdb-dom_server_addr.sin_addr), ypdb-dom_domain);
+ if (ypdb-dom_vers == -1
(long)ypdb-dom_server_addr.sin_addr.s_addr) {
+ if (not_responding_count++ = NOT_RESPONDING_HYSTERESIS) {
+ not_responding_count = NOT_RESPONDING_HYSTERESIS;
+ syslog(LOG_WARNING, NIS server [%s] for domain \%s\
not responding,
+ inet_ntoa(ypdb-dom_server_addr.sin_addr),
ypdb-dom_domain);
+ }
+ }
broad_domain = ypdb;
flock(ypdb-dom_lockfd, LOCK_UN);
@@ -886,9 +893,13 @@ rpc_received(char *dom, struct sockaddr_
}
/* We've recovered from a crash: inform the world. */
- if (ypdb-dom_vers == -1 ypdb-dom_server_addr.sin_addr.s_addr)
- syslog(LOG_WARNING, NIS server [%s] for domain \%s\ OK,
- inet_ntoa(raddrp-sin_addr), ypdb-dom_domain);
+ if (ypdb-dom_vers == -1 ypdb-dom_server_addr.sin_addr.s_addr) {
+ if (not_responding_count = NOT_RESPONDING_HYSTERESIS) {
+ not_responding_count = 0;
+ syslog(LOG_WARNING, NIS server [%s] for domain \%s\
OK,
+ inet_ntoa(raddrp-sin_addr), ypdb-dom_domain);
+ }
+ }
bcopy(raddrp, ypdb-dom_server_addr,
sizeof ypdb-dom_server_addr);
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
