CVS commit: src/share/man/man4
Module Name:src Committed By: wiz Date: Wed Sep 4 05:37:07 UTC 2019 Modified Files: src/share/man/man4: rnd.4 Log Message: New sentence, new line. Use \(em. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man4
Module Name:src Committed By: wiz Date: Wed Sep 4 05:37:07 UTC 2019 Modified Files: src/share/man/man4: rnd.4 Log Message: New sentence, new line. Use \(em. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man4/rnd.4 diff -u src/share/man/man4/rnd.4:1.27 src/share/man/man4/rnd.4:1.28 --- src/share/man/man4/rnd.4:1.27 Wed Sep 4 04:03:25 2019 +++ src/share/man/man4/rnd.4 Wed Sep 4 05:37:06 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: rnd.4,v 1.27 2019/09/04 04:03:25 riastradh Exp $ +.\" $NetBSD: rnd.4,v 1.28 2019/09/04 05:37:06 wiz Exp $ .\" .\" Copyright (c) 2014 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -187,8 +187,8 @@ quantum computers. Systems with nonvolatile storage should store a secret from .Pa /dev/urandom on disk during installation or shutdown, and feed it back during boot, -so that the work the operating system has done to gather entropy -- -including the work its operator may have done to flip a coin! -- can be +so that the work the operating system has done to gather entropy \(em +including the work its operator may have done to flip a coin! \(em can be saved from one boot to the next, and so that newly installed systems are not vulnerable to generating cryptographic keys predictably. .Pp @@ -205,7 +205,7 @@ in which is enabled by default; see .Xr rc.conf 5 . .Sh LIMITATIONS -Some people worry about recovery from state compromise -- that is, +Some people worry about recovery from state compromise \(em that is, ensuring that even if an attacker sees the entire state of the operating system, then the attacker will be unable to predict any new future outputs as long as the operating system gathers fresh entropy @@ -562,7 +562,7 @@ Past versions of the subsystem were concerned with .Sq information-theoretic security, under the premise that the number of bits of entropy out must -not exceed the number of bits of entropy in -- never mind that its +not exceed the number of bits of entropy in \(em never mind that its .Sq entropy estimation is essentially meaningless without a model for the physical processes the system is observing. @@ -571,7 +571,8 @@ But every cryptographic protocol in prac PGP, etc., expands short secrets deterministically into long streams of bits, and their security relies on conjectures that a computationally bounded attacker cannot distinguish the long streams from uniform -random. If we couldn't do that for +random. +If we couldn't do that for .Fa /dev/random , it would be hopeless to assume we could for HTTPS, SSH, PGP, etc. .Pp
CVS commit: src/sys/arch/arm/broadcom
Module Name:src Committed By: mlelstv Date: Wed Sep 4 05:10:38 UTC 2019 Modified Files: src/sys/arch/arm/broadcom: files.bcm2835 Log Message: RNG200 attachment To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sys/arch/arm/broadcom/files.bcm2835 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/arm/broadcom
Module Name:src Committed By: mlelstv Date: Wed Sep 4 05:10:38 UTC 2019 Modified Files: src/sys/arch/arm/broadcom: files.bcm2835 Log Message: RNG200 attachment To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/sys/arch/arm/broadcom/files.bcm2835 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/arm/broadcom/files.bcm2835 diff -u src/sys/arch/arm/broadcom/files.bcm2835:1.34 src/sys/arch/arm/broadcom/files.bcm2835:1.35 --- src/sys/arch/arm/broadcom/files.bcm2835:1.34 Sat Jun 22 07:58:55 2019 +++ src/sys/arch/arm/broadcom/files.bcm2835 Wed Sep 4 05:10:38 2019 @@ -1,4 +1,4 @@ -# $NetBSD: files.bcm2835,v 1.34 2019/06/22 07:58:55 skrll Exp $ +# $NetBSD: files.bcm2835,v 1.35 2019/09/04 05:10:38 mlelstv Exp $ # # Configuration info for Broadcom BCM2835 ARM Peripherals # @@ -34,6 +34,12 @@ device bcmrng attach bcmrng at fdt with bcmrng_fdt file arch/arm/broadcom/bcm2835_rng.c bcmrng +# Random number generator (BCM2835_RNG_BASE (!)) +device bcm2838rng +attach bcm2838rng at fdt with bcm2838rng_fdt +file arch/arm/broadcom/bcm2838_rng.c bcm2838rng +file dev/ic/rng200.cbcm2838rng + # AUX device bcmaux attach bcmaux at fdt with bcmaux_fdt
CVS commit: src/share/man/man4
Module Name:src Committed By: riastradh Date: Wed Sep 4 04:03:25 UTC 2019 Modified Files: src/share/man/man4: rnd.4 Log Message: Update NIST SP800-90A reference. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man4/rnd.4 diff -u src/share/man/man4/rnd.4:1.26 src/share/man/man4/rnd.4:1.27 --- src/share/man/man4/rnd.4:1.26 Wed Sep 4 04:00:04 2019 +++ src/share/man/man4/rnd.4 Wed Sep 4 04:03:25 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: rnd.4,v 1.26 2019/09/04 04:00:04 riastradh Exp $ +.\" $NetBSD: rnd.4,v 1.27 2019/09/04 04:03:25 riastradh Exp $ .\" .\" Copyright (c) 2014 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -489,10 +489,10 @@ Never blocks. .%A Elaine Barker .%A John Kelsey .%T Recommendation for Random Number Generation Using Deterministic Random Bit Generators -.%D January 2012 +.%D June 2015 .%I National Institute of Standards and Technology -.%O NIST Special Publication 800-90A -.%U http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf +.%O NIST Special Publication 800-90A, Revision 1 +.%U https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final .Re .Rs .%A Daniel J. Bernstein
CVS commit: src/share/man/man4
Module Name:src Committed By: riastradh Date: Wed Sep 4 04:03:25 UTC 2019 Modified Files: src/share/man/man4: rnd.4 Log Message: Update NIST SP800-90A reference. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man4
Module Name:src Committed By: riastradh Date: Wed Sep 4 04:00:04 UTC 2019 Modified Files: src/share/man/man4: rnd.4 Log Message: Replace slightly wrong rant by shorter and slightly less long rant. (If X and Y in Z/2Z are independent, then so are X and X+Y. What was I thinking.) To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man4/rnd.4 diff -u src/share/man/man4/rnd.4:1.25 src/share/man/man4/rnd.4:1.26 --- src/share/man/man4/rnd.4:1.25 Wed Sep 4 03:15:20 2019 +++ src/share/man/man4/rnd.4 Wed Sep 4 04:00:04 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: rnd.4,v 1.25 2019/09/04 03:15:20 riastradh Exp $ +.\" $NetBSD: rnd.4,v 1.26 2019/09/04 04:00:04 riastradh Exp $ .\" .\" Copyright (c) 2014 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -551,50 +551,27 @@ Unfortunately, no amount of software eng .Sh ENTROPY ACCOUNTING The entropy accounting described here is not grounded in any cryptography theory. -It is done because it was always done, and because it gives people a -warm fuzzy feeling about information theory. +.Sq Entropy estimation +doesn't mean much: the kernel hypothesizes an extremely simple-minded +parametric model for all entropy sources which bears little relation to +any physical processes, implicitly fits parameters from data, and +accounts for the entropy of the fitted model. .Pp -The folklore is that every -.Fa n Ns -bit -output of -.Fa /dev/random -is not merely indistinguishable from uniform random to a -computationally bounded attacker, but information-theoretically is -independent and has -.Fa n -bits of entropy even to a computationally -.Em unbounded -attacker -- that is, an attacker who can recover AES keys, compute -SHA-1 preimages, etc. -This property is not provided, nor was it ever provided in any -implementation of -.Fa /dev/random -known to the author. -.Pp -This property would require that, after each read, the system discard -all measurements from hardware in the entropy pool and begin anew. -All work done to make the system unpredictable would be thrown out, and -the system would immediately become predictable again. -Reverting the system to being predictable every time a process reads -from -.Fa /dev/random -would give attackers a tremendous advantage in predicting future -outputs, especially if they can fool the entropy estimator, e.g. by -sending carefully timed network packets. -.Pp -If you filled your entropy pool by flipping a coin 256 times, you would -have to flip it again 256 times for the next output, and so on. -In that case, if you really want information-theoretic guarantees, you -might as well take -.Fa /dev/random -out of the picture and use your coin flips verbatim. -.Pp -On the other hand, every cryptographic protocol in practice, including -HTTPS, SSH, PGP, etc., expands short secrets deterministically into -long streams of bits, and their security relies on conjectures that a -computationally bounded attacker cannot distinguish the long streams -from uniform random. -If we couldn't do that for +Past versions of the +.Nm +subsystem were concerned with +.Sq information-theoretic +security, under the premise that the number of bits of entropy out must +not exceed the number of bits of entropy in -- never mind that its +.Sq entropy estimation +is essentially meaningless without a model for the physical processes +the system is observing. +.Pp +But every cryptographic protocol in practice, including HTTPS, SSH, +PGP, etc., expands short secrets deterministically into long streams of +bits, and their security relies on conjectures that a computationally +bounded attacker cannot distinguish the long streams from uniform +random. If we couldn't do that for .Fa /dev/random , it would be hopeless to assume we could for HTTPS, SSH, PGP, etc. .Pp @@ -603,7 +580,3 @@ system engineering for random number gen Nobody has ever reported distinguishing SHA-256 hashes with secret inputs from uniform random, nor reported computing SHA-1 preimages faster than brute force. -The folklore information-theoretic defence against computationally -unbounded attackers replaces system engineering that successfully -defends against realistic threat models by imaginary theory that -defends only against fantasy threat models.
CVS commit: src/share/man/man4
Module Name:src Committed By: riastradh Date: Wed Sep 4 04:00:04 UTC 2019 Modified Files: src/share/man/man4: rnd.4 Log Message: Replace slightly wrong rant by shorter and slightly less long rant. (If X and Y in Z/2Z are independent, then so are X and X+Y. What was I thinking.) To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man4
Module Name:src Committed By: riastradh Date: Wed Sep 4 03:15:20 UTC 2019 Modified Files: src/share/man/man4: rnd.4 Log Message: Update man page to reflect switch from CTR_DRBG to Hash_DRBG. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/man/man4/rnd.4 diff -u src/share/man/man4/rnd.4:1.24 src/share/man/man4/rnd.4:1.25 --- src/share/man/man4/rnd.4:1.24 Wed Jan 18 22:38:00 2017 +++ src/share/man/man4/rnd.4 Wed Sep 4 03:15:20 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: rnd.4,v 1.24 2017/01/18 22:38:00 abhinav Exp $ +.\" $NetBSD: rnd.4,v 1.25 2019/09/04 03:15:20 riastradh Exp $ .\" .\" Copyright (c) 2014 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 16, 2014 +.Dd September 3, 2019 .Dt RND 4 .Os .Sh NAME @@ -404,9 +404,9 @@ When a user process opens or .Pa /dev/urandom and first reads from it, the kernel draws from the entropy pool to seed -a cryptographic pseudorandom number generator, the NIST CTR_DRBG -(counter-mode deterministic random bit generator) with AES-128 as the -block cipher, and uses that to generate data. +a cryptographic pseudorandom number generator, the NIST Hash_DRBG +(hash-based deterministic random bit generator) with SHA-256 as the +hash function, and uses that to generate data. .Pp To draw a seed from the entropy pool, the kernel .Bl -bullet -offset abcd -compact @@ -600,8 +600,8 @@ it would be hopeless to assume we could .Pp History is littered with examples of broken entropy sources and failed system engineering for random number generators. -Nobody has ever reported distinguishing AES ciphertext from uniform -random without side channels, nor reported computing SHA-1 preimages +Nobody has ever reported distinguishing SHA-256 hashes with secret +inputs from uniform random, nor reported computing SHA-1 preimages faster than brute force. The folklore information-theoretic defence against computationally unbounded attackers replaces system engineering that successfully
CVS commit: src/share/man/man4
Module Name:src Committed By: riastradh Date: Wed Sep 4 03:15:20 UTC 2019 Modified Files: src/share/man/man4: rnd.4 Log Message: Update man page to reflect switch from CTR_DRBG to Hash_DRBG. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/share/man/man4/rnd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/misc
Module Name:src Committed By: sevan Date: Tue Sep 3 21:34:03 UTC 2019 Modified Files: src/share/misc: acronyms.comp Log Message: INODE STM To generate a diff of this commit: cvs rdiff -u -r1.288 -r1.289 src/share/misc/acronyms.comp Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/misc
Module Name:src Committed By: sevan Date: Tue Sep 3 21:34:03 UTC 2019 Modified Files: src/share/misc: acronyms.comp Log Message: INODE STM To generate a diff of this commit: cvs rdiff -u -r1.288 -r1.289 src/share/misc/acronyms.comp Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/share/misc/acronyms.comp diff -u src/share/misc/acronyms.comp:1.288 src/share/misc/acronyms.comp:1.289 --- src/share/misc/acronyms.comp:1.288 Mon Sep 2 10:35:15 2019 +++ src/share/misc/acronyms.comp Tue Sep 3 21:34:03 2019 @@ -1,4 +1,4 @@ -$NetBSD: acronyms.comp,v 1.288 2019/09/02 10:35:15 sevan Exp $ +$NetBSD: acronyms.comp,v 1.289 2019/09/03 21:34:03 sevan Exp $ 3WHS three-way handshake 8VSB 8-state vestigial side band modulation AA anti-aliasing @@ -727,6 +727,7 @@ IMR interrupt mask register IMS information management system IMSI international mobile subscriber identity INCITS InterNational Committee for Information Technology Standards +INODE index node IO input/output IOCTL input/output control IOM input/output managers @@ -1519,6 +1520,7 @@ SSL secure sockets layer SSP stack smashing protection STC software thermal control STD state transition diagram +STM software transactional memory STOMP Streaming Text Oriented Messaging Protocol STP Spanning Tree Protocol STP shielded twisted pair
CVS commit: src/tests/net
Module Name:src Committed By: roy Date: Tue Sep 3 19:07:50 UTC 2019 Modified Files: src/tests/net/arp: t_arp.sh src/tests/net/ndp: t_ndp.sh Log Message: tests: fix ARP and NDP tests for RTM_* messages While here add tests for RTM_MISS. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/tests/net/arp/t_arp.sh cvs rdiff -u -r1.35 -r1.36 src/tests/net/ndp/t_ndp.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/tests/net/arp/t_arp.sh diff -u src/tests/net/arp/t_arp.sh:1.38 src/tests/net/arp/t_arp.sh:1.39 --- src/tests/net/arp/t_arp.sh:1.38 Mon Aug 19 03:22:05 2019 +++ src/tests/net/arp/t_arp.sh Tue Sep 3 19:07:50 2019 @@ -1,4 +1,4 @@ -# $NetBSD: t_arp.sh,v 1.38 2019/08/19 03:22:05 ozaki-r Exp $ +# $NetBSD: t_arp.sh,v 1.39 2019/09/03 19:07:50 roy Exp $ # # Copyright (c) 2015 The NetBSD Foundation, Inc. # All rights reserved. @@ -33,6 +33,8 @@ IP4NET=10.0.1.0 IP4DST=10.0.1.2 IP4DST_PROXYARP1=10.0.1.3 IP4DST_PROXYARP2=10.0.1.4 +IP4DST_FAIL1=10.0.1.99 +IP4DST_FAIL2=10.0.99.99 DEBUG=${DEBUG:-false} TIMEOUT=1 @@ -718,7 +720,38 @@ arp_rtm_body() hdr="RTM_ADD.+" what="" - addr="$IP4DST link#2" + addr="$IP4DST $macaddr_dst" + atf_check -s exit:0 -o match:"$hdr" -o match:"$what" -o match:"$addr" \ + cat $file + + # Test ping and a resulting routing message (RTM_MISS) on subnet + rump.route -n monitor -c 1 > $file & + pid=$! + sleep 1 + # arp_maxtries = 5, second between each try + atf_check -s exit:2 -o ignore -e ignore \ + rump.ping -n -w 6 -c 6 $IP4DST_FAIL1 + wait $pid + $DEBUG && cat $file + + hdr="RTM_MISS.+" + what="" + addr="$IP4DST_FAIL1 link#2" + atf_check -s exit:0 -o match:"$hdr" -o match:"$what" -o match:"$addr" \ + cat $file + + # Test ping and a resulting routing message (RTM_MISS) off subnet + rump.route -n monitor -c 1 > $file & + pid=$! + sleep 1 + atf_check -s exit:2 -o ignore -e ignore \ + rump.ping -n -w 1 -c 1 $IP4DST_FAIL2 + wait $pid + $DEBUG && cat $file + + hdr="RTM_MISS.+" + what="" + addr="$IP4DST_FAIL2" atf_check -s exit:0 -o match:"$hdr" -o match:"$what" -o match:"$addr" \ cat $file Index: src/tests/net/ndp/t_ndp.sh diff -u src/tests/net/ndp/t_ndp.sh:1.35 src/tests/net/ndp/t_ndp.sh:1.36 --- src/tests/net/ndp/t_ndp.sh:1.35 Mon Aug 19 03:20:27 2019 +++ src/tests/net/ndp/t_ndp.sh Tue Sep 3 19:07:50 2019 @@ -1,4 +1,4 @@ -# $NetBSD: t_ndp.sh,v 1.35 2019/08/19 03:20:27 ozaki-r Exp $ +# $NetBSD: t_ndp.sh,v 1.36 2019/09/03 19:07:50 roy Exp $ # # Copyright (c) 2015 The NetBSD Foundation, Inc. # All rights reserved. @@ -31,6 +31,8 @@ IP6SRC=fc00::1 IP6SRC2=fc00::3 IP6DST=fc00::2 IP6NET=fc00::0 +IP6DST_FAIL1=fc00::99 +IP6DST_FAIL2=fc01::99 DEBUG=${DEBUG:-false} TIMEOUT=1 @@ -454,7 +456,38 @@ ndp_rtm_body() hdr="RTM_ADD.+" what="" - addr="$IP6DST link#2" + addr="$IP6DST $macaddr_dst" + atf_check -s exit:0 -o match:"$hdr" -o match:"$what" -o match:"$addr" \ + cat $file + + # Test ping and a resulting routing message (RTM_MISS) on subnet + rump.route -n monitor -c 1 > $file & + pid=$! + sleep 1 + # nd6_mmaxtries = 3, second between each try + atf_check -s exit:1 -o ignore -e ignore \ + rump.ping6 -n -X 3 -c 3 $IP6DST_FAIL1 + wait $pid + $DEBUG && cat $file + + hdr="RTM_MISS.+" + what="" + addr="$IP6DST_FAIL1 link#2" + atf_check -s exit:0 -o match:"$hdr" -o match:"$what" -o match:"$addr" \ + cat $file + + # Test ping and a resulting routing message (RTM_MISS) off subnet + rump.route -n monitor -c 1 > $file & + pid=$! + sleep 1 + atf_check -s exit:1 -o ignore -e ignore \ + rump.ping6 -n -X 1 -c 1 $IP6DST_FAIL2 + wait $pid + $DEBUG && cat $file + + hdr="RTM_MISS.+" + what="" + addr="$IP6DST_FAIL2" atf_check -s exit:0 -o match:"$hdr" -o match:"$what" -o match:"$addr" \ cat $file
CVS commit: src/tests/net
Module Name:src Committed By: roy Date: Tue Sep 3 19:07:50 UTC 2019 Modified Files: src/tests/net/arp: t_arp.sh src/tests/net/ndp: t_ndp.sh Log Message: tests: fix ARP and NDP tests for RTM_* messages While here add tests for RTM_MISS. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/tests/net/arp/t_arp.sh cvs rdiff -u -r1.35 -r1.36 src/tests/net/ndp/t_ndp.sh Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src
Well, this is the required diff, but my machine was fine anyway, please test with the new names, msaitoh! http://coypu.sdf.org/lowercase-to-new.diff
Re: CVS commit: src
> On Sep 3, 2019, at 5:04 AM, Sevan Janiyan wrote: > > On 03/09/2019 12:59, Brad Spencer wrote: >> One possible alternative to that is to install OpenZFS on MacOS and >> create a ZFS filesystem inside of whatever... > > Or a disk image which is case sensitive (hfs/apfs) problem is then that > it's slow. If your Mac has APFS, it's not quite that bad -- you can create a new file system that's case-insensitive inside the same APFS container as the file system with your home directory and space-share with that file system (the default behavior). You can do this all within Disk Utility without having to remember any command line magic. There is not a performance penalty for this. And the case-sensitive path is a well-tested, since that's what iOS uses. But there is definitely an annoyance penalty. It's an extra step (or two) that shouldn't be necessary. At least not without announcing the deprecation of support for case-insensitive host platforms, and providing a transition period for people rather than letting them be surprised (and then stuck) when they went to update their source tree. For Macs that aren't on APFS (I have an iMac at home in this situations that I build on all the time), they're just screwed by this change. Essentially, any Mac model that was not supported by macOS 10.14 is possibly stuck with HFS+ (this is because 10.13 only converted all-flash Macs to APFS; systems with HDDs remained on HFS+). While we're at it, are we going to say that pkgsrc is now case-sensitive-only, too? And if not, then why are we being lazy about src? -- thorpej
CVS commit: src
Module Name:src Committed By: riastradh Date: Tue Sep 3 15:38:52 UTC 2019 Modified Files: src: UPDATING Log Message: Add UPDATING note about radeon firmware image mistake. To generate a diff of this commit: cvs rdiff -u -r1.301 -r1.302 src/UPDATING Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: riastradh Date: Tue Sep 3 15:38:52 UTC 2019 Modified Files: src: UPDATING Log Message: Add UPDATING note about radeon firmware image mistake. To generate a diff of this commit: cvs rdiff -u -r1.301 -r1.302 src/UPDATING Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/UPDATING diff -u src/UPDATING:1.301 src/UPDATING:1.302 --- src/UPDATING:1.301 Sat Jul 27 07:55:18 2019 +++ src/UPDATING Tue Sep 3 15:38:52 2019 @@ -1,4 +1,4 @@ -$NetBSD: UPDATING,v 1.301 2019/07/27 07:55:18 martin Exp $ +$NetBSD: UPDATING,v 1.302 2019/09/03 15:38:52 riastradh Exp $ This file (UPDATING) is intended to be a brief reference to recent changes that might cause problems in the build process, and a guide for @@ -19,6 +19,87 @@ See also: BUILDING, build.sh, Makefile. Recent changes: ^^^ +20190903: + + File with names that coincide with existing files' names on + case-insensitive file systems were inadvertently committed, for + radeon GPU firmware. We cannot mark these as obsolete for + postinstall to fix, so if you updated src since 2019-08-26, and + ran build.sh distribution or ran build.sh release, you must + manually delete the following files in your DESTDIR (which is + usually $OBJDIR/destir.$ARCH), or from / if you have installed + them: + + /libdata/firmware/radeon/bonaire_ce.bin + /libdata/firmware/radeon/bonaire_mc.bin + /libdata/firmware/radeon/bonaire_me.bin + /libdata/firmware/radeon/bonaire_mec.bin + /libdata/firmware/radeon/bonaire_pfp.bin + /libdata/firmware/radeon/bonaire_rlc.bin + /libdata/firmware/radeon/bonaire_sdma.bin + /libdata/firmware/radeon/bonaire_smc.bin + /libdata/firmware/radeon/bonaire_uvd.bin + /libdata/firmware/radeon/hainan_ce.bin + /libdata/firmware/radeon/hainan_mc.bin + /libdata/firmware/radeon/hainan_me.bin + /libdata/firmware/radeon/hainan_pfp.bin + /libdata/firmware/radeon/hainan_rlc.bin + /libdata/firmware/radeon/hainan_smc.bin + /libdata/firmware/radeon/hawaii_ce.bin + /libdata/firmware/radeon/hawaii_mc.bin + /libdata/firmware/radeon/hawaii_me.bin + /libdata/firmware/radeon/hawaii_mec.bin + /libdata/firmware/radeon/hawaii_pfp.bin + /libdata/firmware/radeon/hawaii_rlc.bin + /libdata/firmware/radeon/hawaii_sdma.bin + /libdata/firmware/radeon/hawaii_smc.bin + /libdata/firmware/radeon/kabini_ce.bin + /libdata/firmware/radeon/kabini_me.bin + /libdata/firmware/radeon/kabini_mec.bin + /libdata/firmware/radeon/kabini_pfp.bin + /libdata/firmware/radeon/kabini_rlc.bin + /libdata/firmware/radeon/kabini_sdma.bin + /libdata/firmware/radeon/kaveri_ce.bin + /libdata/firmware/radeon/kaveri_me.bin + /libdata/firmware/radeon/kaveri_mec.bin + /libdata/firmware/radeon/kaveri_mec2.bin + /libdata/firmware/radeon/kaveri_pfp.bin + /libdata/firmware/radeon/kaveri_rlc.bin + /libdata/firmware/radeon/kaveri_sdma.bin + /libdata/firmware/radeon/mullins_ce.bin + /libdata/firmware/radeon/mullins_me.bin + /libdata/firmware/radeon/mullins_mec.bin + /libdata/firmware/radeon/mullins_pfp.bin + /libdata/firmware/radeon/mullins_rlc.bin + /libdata/firmware/radeon/mullins_sdma.bin + /libdata/firmware/radeon/oland_ce.bin + /libdata/firmware/radeon/oland_mc.bin + /libdata/firmware/radeon/oland_me.bin + /libdata/firmware/radeon/oland_pfp.bin + /libdata/firmware/radeon/oland_rlc.bin + /libdata/firmware/radeon/oland_smc.bin + /libdata/firmware/radeon/pitcairn_ce.bin + /libdata/firmware/radeon/pitcairn_mc.bin + /libdata/firmware/radeon/pitcairn_me.bin + /libdata/firmware/radeon/pitcairn_pfp.bin + /libdata/firmware/radeon/pitcairn_rlc.bin + /libdata/firmware/radeon/pitcairn_smc.bin + /libdata/firmware/radeon/tahiti_ce.bin + /libdata/firmware/radeon/tahiti_mc.bin + /libdata/firmware/radeon/tahiti_me.bin + /libdata/firmware/radeon/tahiti_pfp.bin + /libdata/firmware/radeon/tahiti_rlc.bin + /libdata/firmware/radeon/tahiti_smc.bin + /libdata/firmware/radeon/verde_ce.bin + /libdata/firmware/radeon/verde_mc.bin + /libdata/firmware/radeon/verde_me.bin + /libdata/firmware/radeon/verde_pfp.bin + /libdata/firmware/radeon/verde_rlc.bin + /libdata/firmware/radeon/verde_smc.bin + + We will re-import these radeon firmware images another way + later. + 20190727: The uefi bootloader has gained tftp support and needs a clean build. If you do update builds, manually clean its object
CVS commit: src
Module Name:src Committed By: riastradh Date: Tue Sep 3 15:34:08 UTC 2019 Modified Files: src/distrib/sets/lists/base: mi src/sys/dev/microcode/radeon: Makefile Removed Files: src/sys/dev/microcode/radeon: bonaire_ce.bin bonaire_mc.bin bonaire_me.bin bonaire_mec.bin bonaire_pfp.bin bonaire_rlc.bin bonaire_sdma.bin bonaire_smc.bin bonaire_uvd.bin hainan_ce.bin hainan_mc.bin hainan_me.bin hainan_pfp.bin hainan_rlc.bin hainan_smc.bin hawaii_ce.bin hawaii_mc.bin hawaii_me.bin hawaii_mec.bin hawaii_pfp.bin hawaii_rlc.bin hawaii_sdma.bin hawaii_smc.bin kabini_ce.bin kabini_me.bin kabini_mec.bin kabini_pfp.bin kabini_rlc.bin kabini_sdma.bin kaveri_ce.bin kaveri_me.bin kaveri_mec.bin kaveri_mec2.bin kaveri_pfp.bin kaveri_rlc.bin kaveri_sdma.bin mullins_ce.bin mullins_me.bin mullins_mec.bin mullins_pfp.bin mullins_rlc.bin mullins_sdma.bin oland_ce.bin oland_mc.bin oland_me.bin oland_pfp.bin oland_rlc.bin oland_smc.bin pitcairn_ce.bin pitcairn_mc.bin pitcairn_me.bin pitcairn_pfp.bin pitcairn_rlc.bin pitcairn_smc.bin tahiti_ce.bin tahiti_mc.bin tahiti_me.bin tahiti_pfp.bin tahiti_rlc.bin tahiti_smc.bin verde_ce.bin verde_mc.bin verde_me.bin verde_pfp.bin verde_rlc.bin verde_smc.bin Log Message: Revert "Add more missing firmwares." This reverts https://mail-index.NetBSD.org/source-changes/2019/08/27/msg108499.html which broke the tree on case-insensitive file systems. See discussion at https://mail-index.NetBSD.org/source-changes-d/2019/08/27/msg011590.html for alternatives considered. This does _not_ simply mark the new files as `obsolete' in the set lists, because if we marked foo.bin obsolete then on a case- insensitive file system, then it would try to delete the FOO.bin that we still want installed. We'll require a manual change announced in UPDATING and on current-users. ok msaitoh To generate a diff of this commit: cvs rdiff -u -r1.1213 -r1.1214 src/distrib/sets/lists/base/mi cvs rdiff -u -r1.5 -r1.6 src/sys/dev/microcode/radeon/Makefile cvs rdiff -u -r1.1 -r0 src/sys/dev/microcode/radeon/bonaire_ce.bin \ src/sys/dev/microcode/radeon/bonaire_mc.bin \ src/sys/dev/microcode/radeon/bonaire_me.bin \ src/sys/dev/microcode/radeon/bonaire_mec.bin \ src/sys/dev/microcode/radeon/bonaire_pfp.bin \ src/sys/dev/microcode/radeon/bonaire_rlc.bin \ src/sys/dev/microcode/radeon/bonaire_sdma.bin \ src/sys/dev/microcode/radeon/bonaire_smc.bin \ src/sys/dev/microcode/radeon/bonaire_uvd.bin \ src/sys/dev/microcode/radeon/hainan_ce.bin \ src/sys/dev/microcode/radeon/hainan_mc.bin \ src/sys/dev/microcode/radeon/hainan_me.bin \ src/sys/dev/microcode/radeon/hainan_pfp.bin \ src/sys/dev/microcode/radeon/hainan_rlc.bin \ src/sys/dev/microcode/radeon/hainan_smc.bin \ src/sys/dev/microcode/radeon/hawaii_ce.bin \ src/sys/dev/microcode/radeon/hawaii_mc.bin \ src/sys/dev/microcode/radeon/hawaii_me.bin \ src/sys/dev/microcode/radeon/hawaii_mec.bin \ src/sys/dev/microcode/radeon/hawaii_pfp.bin \ src/sys/dev/microcode/radeon/hawaii_rlc.bin \ src/sys/dev/microcode/radeon/hawaii_sdma.bin \ src/sys/dev/microcode/radeon/hawaii_smc.bin \ src/sys/dev/microcode/radeon/kabini_ce.bin \ src/sys/dev/microcode/radeon/kabini_me.bin \ src/sys/dev/microcode/radeon/kabini_mec.bin \ src/sys/dev/microcode/radeon/kabini_pfp.bin \ src/sys/dev/microcode/radeon/kabini_rlc.bin \ src/sys/dev/microcode/radeon/kabini_sdma.bin \ src/sys/dev/microcode/radeon/kaveri_ce.bin \ src/sys/dev/microcode/radeon/kaveri_me.bin \ src/sys/dev/microcode/radeon/kaveri_mec.bin \ src/sys/dev/microcode/radeon/kaveri_mec2.bin \ src/sys/dev/microcode/radeon/kaveri_pfp.bin \ src/sys/dev/microcode/radeon/kaveri_rlc.bin \ src/sys/dev/microcode/radeon/kaveri_sdma.bin \ src/sys/dev/microcode/radeon/mullins_ce.bin \ src/sys/dev/microcode/radeon/mullins_me.bin \ src/sys/dev/microcode/radeon/mullins_mec.bin \ src/sys/dev/microcode/radeon/mullins_pfp.bin \ src/sys/dev/microcode/radeon/mullins_rlc.bin \ src/sys/dev/microcode/radeon/mullins_sdma.bin \ src/sys/dev/microcode/radeon/oland_ce.bin \ src/sys/dev/microcode/radeon/oland_mc.bin \ src/sys/dev/microcode/radeon/oland_me.bin \ src/sys/dev/microcode/radeon/oland_pfp.bin \ src/sys/dev/microcode/radeon/oland_rlc.bin \ src/sys/dev/microcode/radeon/oland_smc.bin \ src/sys/dev/microcode/radeon/pitcairn_ce.bin \ src/sys/dev/microcode/radeon/pitcairn_mc.bin \ src/sys/dev/microcode/radeon/pitcairn_me.bin \ src/sys/dev/microcode/radeon/pitcairn_pfp.bin \ src/sys/dev/microcode/radeon/pitcairn_rlc.bin \ src/sys/dev/microcode/radeon/pitcairn_smc.bin \ src/sys/dev/microcode/radeon/tahiti_ce.bin \
CVS commit: src
Module Name:src Committed By: riastradh Date: Tue Sep 3 15:34:08 UTC 2019 Modified Files: src/distrib/sets/lists/base: mi src/sys/dev/microcode/radeon: Makefile Removed Files: src/sys/dev/microcode/radeon: bonaire_ce.bin bonaire_mc.bin bonaire_me.bin bonaire_mec.bin bonaire_pfp.bin bonaire_rlc.bin bonaire_sdma.bin bonaire_smc.bin bonaire_uvd.bin hainan_ce.bin hainan_mc.bin hainan_me.bin hainan_pfp.bin hainan_rlc.bin hainan_smc.bin hawaii_ce.bin hawaii_mc.bin hawaii_me.bin hawaii_mec.bin hawaii_pfp.bin hawaii_rlc.bin hawaii_sdma.bin hawaii_smc.bin kabini_ce.bin kabini_me.bin kabini_mec.bin kabini_pfp.bin kabini_rlc.bin kabini_sdma.bin kaveri_ce.bin kaveri_me.bin kaveri_mec.bin kaveri_mec2.bin kaveri_pfp.bin kaveri_rlc.bin kaveri_sdma.bin mullins_ce.bin mullins_me.bin mullins_mec.bin mullins_pfp.bin mullins_rlc.bin mullins_sdma.bin oland_ce.bin oland_mc.bin oland_me.bin oland_pfp.bin oland_rlc.bin oland_smc.bin pitcairn_ce.bin pitcairn_mc.bin pitcairn_me.bin pitcairn_pfp.bin pitcairn_rlc.bin pitcairn_smc.bin tahiti_ce.bin tahiti_mc.bin tahiti_me.bin tahiti_pfp.bin tahiti_rlc.bin tahiti_smc.bin verde_ce.bin verde_mc.bin verde_me.bin verde_pfp.bin verde_rlc.bin verde_smc.bin Log Message: Revert "Add more missing firmwares." This reverts https://mail-index.NetBSD.org/source-changes/2019/08/27/msg108499.html which broke the tree on case-insensitive file systems. See discussion at https://mail-index.NetBSD.org/source-changes-d/2019/08/27/msg011590.html for alternatives considered. This does _not_ simply mark the new files as `obsolete' in the set lists, because if we marked foo.bin obsolete then on a case- insensitive file system, then it would try to delete the FOO.bin that we still want installed. We'll require a manual change announced in UPDATING and on current-users. ok msaitoh To generate a diff of this commit: cvs rdiff -u -r1.1213 -r1.1214 src/distrib/sets/lists/base/mi cvs rdiff -u -r1.5 -r1.6 src/sys/dev/microcode/radeon/Makefile cvs rdiff -u -r1.1 -r0 src/sys/dev/microcode/radeon/bonaire_ce.bin \ src/sys/dev/microcode/radeon/bonaire_mc.bin \ src/sys/dev/microcode/radeon/bonaire_me.bin \ src/sys/dev/microcode/radeon/bonaire_mec.bin \ src/sys/dev/microcode/radeon/bonaire_pfp.bin \ src/sys/dev/microcode/radeon/bonaire_rlc.bin \ src/sys/dev/microcode/radeon/bonaire_sdma.bin \ src/sys/dev/microcode/radeon/bonaire_smc.bin \ src/sys/dev/microcode/radeon/bonaire_uvd.bin \ src/sys/dev/microcode/radeon/hainan_ce.bin \ src/sys/dev/microcode/radeon/hainan_mc.bin \ src/sys/dev/microcode/radeon/hainan_me.bin \ src/sys/dev/microcode/radeon/hainan_pfp.bin \ src/sys/dev/microcode/radeon/hainan_rlc.bin \ src/sys/dev/microcode/radeon/hainan_smc.bin \ src/sys/dev/microcode/radeon/hawaii_ce.bin \ src/sys/dev/microcode/radeon/hawaii_mc.bin \ src/sys/dev/microcode/radeon/hawaii_me.bin \ src/sys/dev/microcode/radeon/hawaii_mec.bin \ src/sys/dev/microcode/radeon/hawaii_pfp.bin \ src/sys/dev/microcode/radeon/hawaii_rlc.bin \ src/sys/dev/microcode/radeon/hawaii_sdma.bin \ src/sys/dev/microcode/radeon/hawaii_smc.bin \ src/sys/dev/microcode/radeon/kabini_ce.bin \ src/sys/dev/microcode/radeon/kabini_me.bin \ src/sys/dev/microcode/radeon/kabini_mec.bin \ src/sys/dev/microcode/radeon/kabini_pfp.bin \ src/sys/dev/microcode/radeon/kabini_rlc.bin \ src/sys/dev/microcode/radeon/kabini_sdma.bin \ src/sys/dev/microcode/radeon/kaveri_ce.bin \ src/sys/dev/microcode/radeon/kaveri_me.bin \ src/sys/dev/microcode/radeon/kaveri_mec.bin \ src/sys/dev/microcode/radeon/kaveri_mec2.bin \ src/sys/dev/microcode/radeon/kaveri_pfp.bin \ src/sys/dev/microcode/radeon/kaveri_rlc.bin \ src/sys/dev/microcode/radeon/kaveri_sdma.bin \ src/sys/dev/microcode/radeon/mullins_ce.bin \ src/sys/dev/microcode/radeon/mullins_me.bin \ src/sys/dev/microcode/radeon/mullins_mec.bin \ src/sys/dev/microcode/radeon/mullins_pfp.bin \ src/sys/dev/microcode/radeon/mullins_rlc.bin \ src/sys/dev/microcode/radeon/mullins_sdma.bin \ src/sys/dev/microcode/radeon/oland_ce.bin \ src/sys/dev/microcode/radeon/oland_mc.bin \ src/sys/dev/microcode/radeon/oland_me.bin \ src/sys/dev/microcode/radeon/oland_pfp.bin \ src/sys/dev/microcode/radeon/oland_rlc.bin \ src/sys/dev/microcode/radeon/oland_smc.bin \ src/sys/dev/microcode/radeon/pitcairn_ce.bin \ src/sys/dev/microcode/radeon/pitcairn_mc.bin \ src/sys/dev/microcode/radeon/pitcairn_me.bin \ src/sys/dev/microcode/radeon/pitcairn_pfp.bin \ src/sys/dev/microcode/radeon/pitcairn_rlc.bin \ src/sys/dev/microcode/radeon/pitcairn_smc.bin \ src/sys/dev/microcode/radeon/tahiti_ce.bin \
CVS commit: src/sys/external/bsd/drm2/dist/drm/i915
Module Name:src Committed By: msaitoh Date: Tue Sep 3 15:05:41 UTC 2019 Modified Files: src/sys/external/bsd/drm2/dist/drm/i915: i915_reg.h Log Message: Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/external/bsd/drm2/dist/drm/i915/i915_reg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/external/bsd/drm2/dist/drm/i915/i915_reg.h diff -u src/sys/external/bsd/drm2/dist/drm/i915/i915_reg.h:1.10 src/sys/external/bsd/drm2/dist/drm/i915/i915_reg.h:1.11 --- src/sys/external/bsd/drm2/dist/drm/i915/i915_reg.h:1.10 Wed Aug 7 14:58:04 2019 +++ src/sys/external/bsd/drm2/dist/drm/i915/i915_reg.h Tue Sep 3 15:05:40 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: i915_reg.h,v 1.10 2019/08/07 14:58:04 msaitoh Exp $ */ +/* $NetBSD: i915_reg.h,v 1.11 2019/09/03 15:05:40 msaitoh Exp $ */ /* Copyright 2003 Tungsten Graphics, Inc., Cedar Park, Texas. * All Rights Reserved. @@ -1785,7 +1785,7 @@ enum skl_disp_power_wells { #define FW_BLC_SELF 0x020e0 /* 915+ only */ #define FW_BLC_SELF_EN_MASK (1<<31) #define FW_BLC_SELF_FIFO_MASK(1<<16) /* 945 only */ -#define FW_BLC_SELF_EN (1<<15) /* 945 only */ +#define FW_BLC_SELF_EN (1U<<15) /* 945 only */ #define MM_BURST_LENGTH 0x0070 #define MM_FIFO_WATERMARK 0x0001F000 #define LM_BURST_LENGTH 0x0700 @@ -3683,7 +3683,7 @@ enum skl_disp_power_wells { /* TV port control */ #define TV_CTL 0x68000 /* Enables the TV encoder */ -# define TV_ENC_ENABLE (1 << 31) +# define TV_ENC_ENABLE (1U << 31) /* Sources the TV encoder input from pipe B instead of A. */ # define TV_ENC_PIPEB_SELECT (1 << 30) /* Outputs composite video (DAC A only) */ @@ -3882,7 +3882,7 @@ enum skl_disp_power_wells { #define TV_H_CTL_2 0x68034 /* Enables the colorburst (needed for non-component color) */ -# define TV_BURST_ENA (1 << 31) +# define TV_BURST_ENA (1U << 31) /* Offset of the colorburst from the start of hsync, in pixels minus one. */ # define TV_HBURST_START_SHIFT 16 # define TV_HBURST_START_MASK 0x1fff @@ -3927,7 +3927,7 @@ enum skl_disp_power_wells { #define TV_V_CTL_3 0x68044 /* Enables generation of the equalization signal */ -# define TV_EQUAL_ENA (1 << 31) +# define TV_EQUAL_ENA (1U << 31) /* Length of vsync, in half lines */ # define TV_VEQ_LEN_MASK 0x007f # define TV_VEQ_LEN_SHIFT 16 @@ -4001,7 +4001,7 @@ enum skl_disp_power_wells { #define TV_SC_CTL_1 0x68060 /* Turns on the first subcarrier phase generation DDA */ -# define TV_SC_DDA1_EN (1 << 31) +# define TV_SC_DDA1_EN (1U << 31) /* Turns on the first subcarrier phase generation DDA */ # define TV_SC_DDA2_EN (1 << 30) /* Turns on the first subcarrier phase generation DDA */ @@ -4064,7 +4064,7 @@ enum skl_disp_power_wells { * If set, the rest of the registers are ignored, and the calculated values can * be read back from the register. */ -# define TV_AUTO_SCALE (1 << 31) +# define TV_AUTO_SCALE (1U << 31) /* * Disables the vertical filter. *
CVS commit: src/sys/external/bsd/drm2/dist/drm/i915
Module Name:src Committed By: msaitoh Date: Tue Sep 3 15:05:41 UTC 2019 Modified Files: src/sys/external/bsd/drm2/dist/drm/i915: i915_reg.h Log Message: Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/sys/external/bsd/drm2/dist/drm/i915/i915_reg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/pci
Module Name:src Committed By: msaitoh Date: Tue Sep 3 14:29:26 UTC 2019 Modified Files: src/sys/dev/pci: if_alcreg.h if_alereg.h Log Message: No functional change to reduce diff against {Free,Open}BSD: - Fix typo in comment. - Modify white spaces. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/dev/pci/if_alcreg.h cvs rdiff -u -r1.2 -r1.3 src/sys/dev/pci/if_alereg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/pci/if_alcreg.h diff -u src/sys/dev/pci/if_alcreg.h:1.6 src/sys/dev/pci/if_alcreg.h:1.7 --- src/sys/dev/pci/if_alcreg.h:1.6 Thu Dec 29 19:22:51 2016 +++ src/sys/dev/pci/if_alcreg.h Tue Sep 3 14:29:26 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: if_alcreg.h,v 1.6 2016/12/29 19:22:51 leot Exp $ */ +/* $NetBSD: if_alcreg.h,v 1.7 2019/09/03 14:29:26 msaitoh Exp $ */ /* $OpenBSD: if_alcreg.h,v 1.1 2009/08/08 09:31:13 kevlo Exp $ */ /*- * Copyright (c) 2009, Pyun YongHyeon @@ -19,12 +19,12 @@ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMATES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMATE. + * SUCH DAMAGE. * * $FreeBSD: src/sys/dev/alc/if_alcreg.h,v 1.1 2009/06/10 02:07:58 yongari Exp $ */ @@ -32,10 +32,10 @@ #ifndef _IF_ALCREG_H #define _IF_ALCREG_H -#define ALC_PCIR_BAR 0x10 +#define ALC_PCIR_BAR 0x10 -#define ATHEROS_AR8152_B_V10 0xC0 -#define ATHEROS_AR8152_B_V11 0xC1 +#define ATHEROS_AR8152_B_V10 0xC0 +#define ATHEROS_AR8152_B_V11 0xC1 /* * Atheros AR816x/AR817x revisions @@ -100,12 +100,12 @@ #define PCIE_PHYMISC2_SERDES_CDR_SHIFT 16 #define PCIE_PHYMISC2_SERDES_TH_SHIFT 18 -#define ALC_TWSI_DEBUG 0x1108 -#define TWSI_DEBUG_DEV_EXIST 0x2000 - #define ALC_PDLL_TRNS1 0x1104 #define PDLL_TRNS1_D3PLLOFF_ENB 0x0800 +#define ALC_TWSI_DEBUG 0x1108 +#define TWSI_DEBUG_DEV_EXIST 0x2000 + #define ALC_EEPROM_CFG 0x12C0 #define EEPROM_CFG_DATA_HI_MASK 0x #define EEPROM_CFG_ADDR_MASK 0x03FF @@ -148,7 +148,7 @@ #define PM_CFG_PM_REQ_TIMER_SHIFT 20 #define PM_CFG_LCKDET_TIMER_SHIFT 24 -#define PM_CFG_L0S_ENTRY_TIMER_DEFAULT 6 +#define PM_CFG_L0S_ENTRY_TIMER_DEFAULT 6 #define PM_CFG_L1_ENTRY_TIMER_DEFAULT 1 #define PM_CFG_L1_ENTRY_TIMER_816X_DEFAULT 4 #define PM_CFG_LCKDET_TIMER_DEFAULT 12 @@ -480,7 +480,7 @@ #define ALC_SRAM_RX_FIFO_LEN 0x1524 #define SRAM_RX_FIFO_LEN_MASK 0x0FFF #define SRAM_RX_FIFO_LEN_SHIFT 0 - + #define ALC_SRAM_TX_FIFO_ADDR 0x1528 #define ALC_SRAM_TX_FIFO_LEN 0x152C @@ -639,7 +639,7 @@ * = 3212. */ #define RX_FIFO_PAUSE_816X_RSVD 3212 - + #define ALC_RD_DMA_CFG 0x15AC #define RD_DMA_CFG_THRESH_MASK 0x0FFF /* 8 bytes unit */ #define RD_DMA_CFG_TIMER_MASK 0x Index: src/sys/dev/pci/if_alereg.h diff -u src/sys/dev/pci/if_alereg.h:1.2 src/sys/dev/pci/if_alereg.h:1.3 --- src/sys/dev/pci/if_alereg.h:1.2 Sat Apr 25 17:04:40 2009 +++ src/sys/dev/pci/if_alereg.h Tue Sep 3 14:29:26 2019 @@ -1,5 +1,5 @@ -/* $NetBSD: if_alereg.h,v 1.2 2009/04/25 17:04:40 tsutsui Exp $ */ -/* $OpenBSD: if_alereg.h,v 1.1 2009/02/25 03:05:32 kevlo Exp $ */ +/* $NetBSD: if_alereg.h,v 1.3 2019/09/03 14:29:26 msaitoh Exp $ */ +/* $OpenBSD: if_alereg.h,v 1.2 2011/05/20 08:36:55 kevlo Exp $ */ /*- * Copyright (c) 2008, Pyun YongHyeon @@ -20,12 +20,12 @@ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMATES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMATE. + * SUCH DAMAGE. * * $FreeBSD: src/sys/dev/ale/if_alereg.h,v 1.1 2008/11/12 09:52:06 yongari Exp $ */
CVS commit: src/sys/dev/pci
Module Name:src Committed By: msaitoh Date: Tue Sep 3 14:29:26 UTC 2019 Modified Files: src/sys/dev/pci: if_alcreg.h if_alereg.h Log Message: No functional change to reduce diff against {Free,Open}BSD: - Fix typo in comment. - Modify white spaces. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/sys/dev/pci/if_alcreg.h cvs rdiff -u -r1.2 -r1.3 src/sys/dev/pci/if_alereg.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/ic
Module Name:src Committed By: msaitoh Date: Tue Sep 3 14:26:55 UTC 2019 Modified Files: src/sys/dev/ic: rt2860.c Log Message: Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/sys/dev/ic/rt2860.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/dev/ic/rt2860.c diff -u src/sys/dev/ic/rt2860.c:1.33 src/sys/dev/ic/rt2860.c:1.34 --- src/sys/dev/ic/rt2860.c:1.33 Mon Sep 3 16:29:31 2018 +++ src/sys/dev/ic/rt2860.c Tue Sep 3 14:26:55 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rt2860.c,v 1.33 2018/09/03 16:29:31 riastradh Exp $ */ +/* $NetBSD: rt2860.c,v 1.34 2019/09/03 14:26:55 msaitoh Exp $ */ /* $OpenBSD: rt2860.c,v 1.90 2016/04/13 10:49:26 mpi Exp $ */ /* $FreeBSD: head/sys/dev/ral/rt2860.c 306591 2016-10-02 20:35:55Z avos $ */ @@ -25,7 +25,7 @@ */ #include -__KERNEL_RCSID(0, "$NetBSD: rt2860.c,v 1.33 2018/09/03 16:29:31 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: rt2860.c,v 1.34 2019/09/03 14:26:55 msaitoh Exp $"); #include #include @@ -2233,7 +2233,7 @@ static void rt2860_enable_mrr(struct rt2860_softc *sc) { #define CCK(mcs) (mcs) -#define OFDM(mcs) (1 << 3 | (mcs)) +#define OFDM(mcs) (1U << 3 | (mcs)) RAL_WRITE(sc, RT2860_LG_FBK_CFG0, OFDM(6) << 28 | /* 54->48 */ OFDM(5) << 24 | /* 48->36 */ @@ -3294,7 +3294,7 @@ b4inc(uint32_t b32, int8_t delta) b4 = 0; else if (b4 > 0xf) b4 = 0xf; - b32 = b32 >> 4 | b4 << 28; + b32 = b32 >> 4 | (uint32_t)b4 << 28; } return b32; }
CVS commit: src/sys/dev/ic
Module Name:src Committed By: msaitoh Date: Tue Sep 3 14:26:55 UTC 2019 Modified Files: src/sys/dev/ic: rt2860.c Log Message: Use unsigned to avoid undefined behavior. Found by kUBSan. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/sys/dev/ic/rt2860.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src
> Date: Tue, 3 Sep 2019 04:07:16 + > From: Taylor R Campbell > > 1. We could simply revert the commits, but that will nevertheless >break checkout by date on case-insensitive file systems, which >implies breaking bisection over the past week on case-insensitive >file systems. I'm just going to revert the one commit once I've done a distribution build to confirm it worked; explain what happened in UPDATING and send an announcement to current-users about deleting the files manually; and then sort out how to reimport later. This does mean checkout-by-date will fail on case-insensitive file systems, but bisection will continue to work for everyone else -- I'm not seeing a way to improve on that outcome.
CVS commit: src/sys/arch/prep/stand/boot
Module Name:src Committed By: martin Date: Tue Sep 3 14:18:32 UTC 2019 Modified Files: src/sys/arch/prep/stand/boot: Makefile boot.c Log Message: PR 54394: do not compile in experimental SCSI support by default, #ifdef it out as it breaks some machines. Based on a patch by Ulrich Teichert, with #ifdef instead of comments suggested by nonaka@. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/sys/arch/prep/stand/boot/Makefile cvs rdiff -u -r1.20 -r1.21 src/sys/arch/prep/stand/boot/boot.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/prep/stand/boot
Module Name:src Committed By: martin Date: Tue Sep 3 14:18:32 UTC 2019 Modified Files: src/sys/arch/prep/stand/boot: Makefile boot.c Log Message: PR 54394: do not compile in experimental SCSI support by default, #ifdef it out as it breaks some machines. Based on a patch by Ulrich Teichert, with #ifdef instead of comments suggested by nonaka@. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/sys/arch/prep/stand/boot/Makefile cvs rdiff -u -r1.20 -r1.21 src/sys/arch/prep/stand/boot/boot.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/arch/prep/stand/boot/Makefile diff -u src/sys/arch/prep/stand/boot/Makefile:1.30 src/sys/arch/prep/stand/boot/Makefile:1.31 --- src/sys/arch/prep/stand/boot/Makefile:1.30 Sat Apr 8 19:53:22 2017 +++ src/sys/arch/prep/stand/boot/Makefile Tue Sep 3 14:18:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.30 2017/04/08 19:53:22 christos Exp $ +# $NetBSD: Makefile,v 1.31 2019/09/03 14:18:32 martin Exp $ NOMAN= # defined @@ -32,6 +32,7 @@ CPPFLAGS= -nostdinc -I${.OBJDIR} -I${MKB CPPFLAGS+= -D_STANDALONE -DRELOC=${RELOC} -DUSE_SCAN CPPFLAGS+= -D__daddr_t=int32_t #CPPFLAGS+= -DDBMONITOR +#CPPFLAGS+= -DSCSI_SUPPORT# experimental .if (${BASE} == "boot") CPPFLAGS+= -DCONS_VGA -DVGA_RESET Index: src/sys/arch/prep/stand/boot/boot.c diff -u src/sys/arch/prep/stand/boot/boot.c:1.20 src/sys/arch/prep/stand/boot/boot.c:1.21 --- src/sys/arch/prep/stand/boot/boot.c:1.20 Fri Aug 8 19:45:48 2014 +++ src/sys/arch/prep/stand/boot/boot.c Tue Sep 3 14:18:32 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: boot.c,v 1.20 2014/08/08 19:45:48 joerg Exp $ */ +/* $NetBSD: boot.c,v 1.21 2019/09/03 14:18:32 martin Exp $ */ /* * Copyright (C) 1995, 1996 Wolfgang Solfrank. @@ -46,7 +46,9 @@ #include "sdvar.h" char *names[] = { +#ifdef SCSI_SUPPORT "sd(0,0,0)netbsd", "sd(0,0,0)onetbsd", +#endif "in()", }; #define NUMNAMES (sizeof (names) / sizeof (names[0])) @@ -142,10 +144,12 @@ boot(void *resp, u_long loadaddr) printf(">> %s, Revision %s\n", bootprog_name, bootprog_rev); printf("\n"); +#ifdef SCSI_SUPPORT /* * Initialize siop@pci0 dev 16 func 0 */ siop_init(0, 16, 0); +#endif for (;;) { name = names[n++];
Re: CVS commit: src
> On Sep 2, 2019, at 10:36 PM, Robert Elz wrote: > > I doubt that any of them really are truly > case insensitive ... rather than are insenstive to the case of ascii > chars, and that's usually it. APFS on macOS is truly case-insensitive, not just for ASCII. FWIW. -- thorpej
CVS commit: src/lib/libcurses
Module Name:src Committed By: roy Date: Tue Sep 3 13:43:35 UTC 2019 Modified Files: src/lib/libcurses: Makefile curses.h version.c Removed Files: src/lib/libcurses: cursesrelease.sh Log Message: curses: believe in unicorns Hopefully this ends the bikeshed. If you don't believe in unicorns, please #if 0 it out to preserve the humour. To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 src/lib/libcurses/Makefile cvs rdiff -u -r1.125 -r1.126 src/lib/libcurses/curses.h cvs rdiff -u -r1.1 -r0 src/lib/libcurses/cursesrelease.sh cvs rdiff -u -r1.2 -r1.3 src/lib/libcurses/version.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libcurses/Makefile diff -u src/lib/libcurses/Makefile:1.92 src/lib/libcurses/Makefile:1.93 --- src/lib/libcurses/Makefile:1.92 Tue Sep 3 10:36:17 2019 +++ src/lib/libcurses/Makefile Tue Sep 3 13:43:34 2019 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.92 2019/09/03 10:36:17 roy Exp $ +# $NetBSD: Makefile,v 1.93 2019/09/03 13:43:34 roy Exp $ # @(#)Makefile 8.2 (Berkeley) 1/2/94 .include @@ -210,8 +210,5 @@ SUBDIR.roff+= PSD.doc fileio.h: shlib_version genfileioh.awk ${TOOL_AWK} -f ${.CURDIR}/genfileioh.awk < ${.CURDIR}/shlib_version > ${.CURDIR}/fileio.h -CURSES_VERSION!= ${HOST_SH} ${.CURDIR}/cursesrelease.sh -CPPFLAGS.version.c+= -DCURSES_VERSION=\"${CURSES_VERSION}\" - .include .include Index: src/lib/libcurses/curses.h diff -u src/lib/libcurses/curses.h:1.125 src/lib/libcurses/curses.h:1.126 --- src/lib/libcurses/curses.h:1.125 Tue Sep 3 10:36:17 2019 +++ src/lib/libcurses/curses.h Tue Sep 3 13:43:34 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: curses.h,v 1.125 2019/09/03 10:36:17 roy Exp $ */ +/* $NetBSD: curses.h,v 1.126 2019/09/03 13:43:34 roy Exp $ */ /* * Copyright (c) 1981, 1993, 1994 @@ -48,23 +48,6 @@ #include /* - * #define __NetBSD_Curses_Version__ MMmmrrpp00 - * - * M = major version - * m = minor version; a minor number of 99 indicates current - * r = 0 (*) - * p = patchlevel - * - * This is similar to __NetBSD_Version__ as found in sys/param.h - * It is maintained seperately and has no correlation to it or the - * ELF symver libcurses is built as. - */ -#define __NetBSD_Curses_Version__ 02 /* NetBSD-Curses 2.0.0 */ - -#define __NetBSD_Curses_Prereq__(M,m,p) (M) * 1) + \ - (m) * 100) + (p) * 100) <= __NetBSD_Curses_Version__) - -/* * attr_t must be the same size as wchar_t (see ) to avoid padding * in __LDATA. */ Index: src/lib/libcurses/version.c diff -u src/lib/libcurses/version.c:1.2 src/lib/libcurses/version.c:1.3 --- src/lib/libcurses/version.c:1.2 Tue Sep 3 10:36:17 2019 +++ src/lib/libcurses/version.c Tue Sep 3 13:43:34 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: version.c,v 1.2 2019/09/03 10:36:17 roy Exp $ */ +/* $NetBSD: version.c,v 1.3 2019/09/03 13:43:34 roy Exp $ */ /*- * Copyright (c) 2019 The NetBSD Foundation, Inc. @@ -31,14 +31,36 @@ #include #ifndef lint -__RCSID("$NetBSD: version.c,v 1.2 2019/09/03 10:36:17 roy Exp $"); +__RCSID("$NetBSD: version.c,v 1.3 2019/09/03 13:43:34 roy Exp $"); #endif #include "curses.h" +#ifndef CURSES_VERSION +/* + * Bikeshed about what the version should be, if any: + * https://mail-index.netbsd.org/tech-userlevel/2019/09/02/msg012101.html + * This is the end result and should at least provide some amusement :) + */ +#define CURSES_VERSION "believe in unicorns" +#endif + +#ifdef CURSES_VERSION +/* + * Any version given should be braced to give some indication it's not + * really a version recognised by NetBSD. + * It should also have some product branding to indicate from whence + * if came. For example, if FrobozzCo packaged it: + * CFLAGS+= -DCURSES_VERSION="\"FrobozzCo 1.2.3\"" + */ +#define _CURSES_VERSION " (" CURSES_VERSION ")" +#else +#define _CURSES_VERSION +#endif + const char * curses_version() { - return "NetBSD-Curses " CURSES_VERSION; + return "NetBSD-Curses" _CURSES_VERSION; }
CVS commit: src/lib/libcurses
Module Name:src Committed By: roy Date: Tue Sep 3 13:43:35 UTC 2019 Modified Files: src/lib/libcurses: Makefile curses.h version.c Removed Files: src/lib/libcurses: cursesrelease.sh Log Message: curses: believe in unicorns Hopefully this ends the bikeshed. If you don't believe in unicorns, please #if 0 it out to preserve the humour. To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 src/lib/libcurses/Makefile cvs rdiff -u -r1.125 -r1.126 src/lib/libcurses/curses.h cvs rdiff -u -r1.1 -r0 src/lib/libcurses/cursesrelease.sh cvs rdiff -u -r1.2 -r1.3 src/lib/libcurses/version.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src
On 2019/09/03 20:35, Sevan Janiyan wrote: On 03/09/2019 12:32, Robert Elz wrote: but doesn't macos have the ability to turn that off? Nope, it's set when you create the filesystem. :/ To make matters worse, some third party softwares cannot handle case sensitive filesystems. At least, Adobe CS does not work when installed to case sensitive filesystems. That's really disappointing... Thanks, rin
Re: CVS commit: src
> Date: Tue, 03 Sep 2019 12:36:31 +0700 > From: Robert Elz > > Date:Tue, 3 Sep 2019 04:07:16 + > From:Taylor R Campbell > > Message-ID: <20190903040716.a6abe60...@jupiter.mumble.net> > > | How do we clean it up? > > | I am not seeing a good way out of this. > > I do, but you are all refusing to permit it ... simply abandon support > for case insensitive filesystems. That's not a good way out of it. Instead of causing bisection to fail on one week for ordinary users on macOS, it prevents them from working on NetBSD at all without jumping through hoops to pass a considerably higher barrier to entry. Yes, there are ways to overcome that barrier to entry with enough effort. But if that barrier to entry had been around when I started using NetBSD, I probably wouldn't be here today.
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 12:31:11 UTC 2019 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: Ticket #1705 To generate a diff of this commit: cvs rdiff -u -r1.1.2.148 -r1.1.2.149 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.0.3 diff -u src/doc/CHANGES-7.0.3:1.1.2.148 src/doc/CHANGES-7.0.3:1.1.2.149 --- src/doc/CHANGES-7.0.3:1.1.2.148 Thu Aug 29 16:17:08 2019 +++ src/doc/CHANGES-7.0.3 Tue Sep 3 12:31:11 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0.3,v 1.1.2.148 2019/08/29 16:17:08 martin Exp $ +# $NetBSD: CHANGES-7.0.3,v 1.1.2.149 2019/09/03 12:31:11 martin Exp $ A complete list of changes from the NetBSD 7.0.2 release to the NetBSD 7.0.3 release: @@ -5861,3 +5861,26 @@ sys/miscfs/procfs/procfs_vnops.c 1.207 Add missing operation VOP_GETPAGES() returning EFAULT. [hannken, ticket #1703] +sys/conf/files 1.1238 +sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg delete +sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h delete +sys/crypto/nist_hash_drbg/files.nist_hash_drbg 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.c 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.h 1.1 +sys/dev/rndpseudo.c1.38 +sys/kern/subr_cprng.c1.31 +sys/rump/kern/lib/libcrypto/Makefile 1.5 +sys/rump/librump/rumpkern/Makefile.rumpkern 1.176 +sys/sys/cprng.h 1.13-1.15 + + cprng.h: use static __inline for consistency with other include + headers and remove an unused function. + + Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. + [riastradh, ticket #1705] +
CVS commit: [netbsd-7-0] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 12:31:11 UTC 2019 Modified Files: src/doc [netbsd-7-0]: CHANGES-7.0.3 Log Message: Ticket #1705 To generate a diff of this commit: cvs rdiff -u -r1.1.2.148 -r1.1.2.149 src/doc/CHANGES-7.0.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-0] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 12:30:46 UTC 2019 Modified Files: src/sys/conf [netbsd-7-0]: files src/sys/dev [netbsd-7-0]: rndpseudo.c src/sys/kern [netbsd-7-0]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-7-0]: Makefile src/sys/rump/librump/rumpkern [netbsd-7-0]: Makefile.rumpkern src/sys/sys [netbsd-7-0]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-7-0]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-7-0]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... To generate a diff of this commit: cvs rdiff -u -r1.1096.2.6 -r1.1096.2.6.2.1 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r0 -r1.1.10.2 \ src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.21.2.1 -r1.21.2.1.2.1 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.24.2.1 -r1.24.2.1.2.1 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.3 -r1.3.8.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.148 -r1.148.4.1 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.10 -r1.10.6.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/conf/files diff -u src/sys/conf/files:1.1096.2.6 src/sys/conf/files:1.1096.2.6.2.1 --- src/sys/conf/files:1.1096.2.6 Tue May 19 04:42:31 2015 +++ src/sys/conf/files Tue Sep 3 12:30:46 2019 @@ -1,4 +1,4 @@ -# $NetBSD: files,v 1.1096.2.6 2015/05/19 04:42:31 snj Exp $ +# $NetBSD: files,v 1.1096.2.6.2.1 2019/09/03 12:30:46 martin Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 version 20100430 @@ -167,8 +167,8 @@ include "crypto/camellia/files.camellia" # General-purpose crypto processing framework. include "opencrypto/files.opencrypto" -# NIST SP800.90 CTR DRBG -include "crypto/nist_ctr_drbg/files.nist_ctr_drbg" +# NIST SP800-90A Hash_DRBG +include "crypto/nist_hash_drbg/files.nist_hash_drbg" # ChaCha-based fast PRNG include "crypto/cprng_fast/files.cprng_fast" Index: src/sys/dev/rndpseudo.c diff -u src/sys/dev/rndpseudo.c:1.21.2.1 src/sys/dev/rndpseudo.c:1.21.2.1.2.1 --- src/sys/dev/rndpseudo.c:1.21.2.1 Sun Nov 2 09:47:04 2014 +++ src/sys/dev/rndpseudo.c Tue Sep 3 12:30:46 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rndpseudo.c,v 1.21.2.1 2014/11/02
CVS commit: [netbsd-7-0] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 12:30:46 UTC 2019 Modified Files: src/sys/conf [netbsd-7-0]: files src/sys/dev [netbsd-7-0]: rndpseudo.c src/sys/kern [netbsd-7-0]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-7-0]: Makefile src/sys/rump/librump/rumpkern [netbsd-7-0]: Makefile.rumpkern src/sys/sys [netbsd-7-0]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-7-0]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-7-0]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... To generate a diff of this commit: cvs rdiff -u -r1.1096.2.6 -r1.1096.2.6.2.1 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r0 -r1.1.10.2 \ src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.21.2.1 -r1.21.2.1.2.1 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.24.2.1 -r1.24.2.1.2.1 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.3 -r1.3.8.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.148 -r1.148.4.1 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.10 -r1.10.6.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 12:29:08 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1705 To generate a diff of this commit: cvs rdiff -u -r1.1.2.55 -r1.1.2.56 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.1.3 diff -u src/doc/CHANGES-7.1.3:1.1.2.55 src/doc/CHANGES-7.1.3:1.1.2.56 --- src/doc/CHANGES-7.1.3:1.1.2.55 Thu Aug 29 16:15:06 2019 +++ src/doc/CHANGES-7.1.3 Tue Sep 3 12:29:08 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.1.3,v 1.1.2.55 2019/08/29 16:15:06 martin Exp $ +# $NetBSD: CHANGES-7.1.3,v 1.1.2.56 2019/09/03 12:29:08 martin Exp $ A complete list of changes from the NetBSD 7.1.2 release to the NetBSD 7.1.3 release: @@ -553,3 +553,26 @@ sys/miscfs/procfs/procfs_vnops.c 1.207 Add missing operation VOP_GETPAGES() returning EFAULT. [hannken, ticket #1703] +sys/conf/files 1.1238 +sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg delete +sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h delete +sys/crypto/nist_hash_drbg/files.nist_hash_drbg 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.c 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.h 1.1 +sys/dev/rndpseudo.c1.38 +sys/kern/subr_cprng.c1.31 +sys/rump/kern/lib/libcrypto/Makefile 1.5 +sys/rump/librump/rumpkern/Makefile.rumpkern 1.176 +sys/sys/cprng.h 1.13-1.15 + + cprng.h: use static __inline for consistency with other include + headers and remove an unused function. + + Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. + [riastradh, ticket #1705] +
CVS commit: [netbsd-7-1] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 12:28:31 UTC 2019 Modified Files: src/sys/conf [netbsd-7-1]: files src/sys/dev [netbsd-7-1]: rndpseudo.c src/sys/kern [netbsd-7-1]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-7-1]: Makefile src/sys/rump/librump/rumpkern [netbsd-7-1]: Makefile.rumpkern src/sys/sys [netbsd-7-1]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-7-1]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-7-1]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... To generate a diff of this commit: cvs rdiff -u -r1.1096.2.8 -r1.1096.2.8.2.1 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r0 -r1.1.8.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.21.2.1 -r1.21.2.1.6.1 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.24.2.1 -r1.24.2.1.6.1 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.3 -r1.3.12.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.148 -r1.148.8.1 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.10 -r1.10.10.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/conf/files diff -u src/sys/conf/files:1.1096.2.8 src/sys/conf/files:1.1096.2.8.2.1 --- src/sys/conf/files:1.1096.2.8 Sun Nov 13 07:27:22 2016 +++ src/sys/conf/files Tue Sep 3 12:28:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: files,v 1.1096.2.8 2016/11/13 07:27:22 snj Exp $ +# $NetBSD: files,v 1.1096.2.8.2.1 2019/09/03 12:28:31 martin Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 version 20100430 @@ -167,8 +167,8 @@ include "crypto/camellia/files.camellia" # General-purpose crypto processing framework. include "opencrypto/files.opencrypto" -# NIST SP800.90 CTR DRBG -include "crypto/nist_ctr_drbg/files.nist_ctr_drbg" +# NIST SP800-90A Hash_DRBG +include "crypto/nist_hash_drbg/files.nist_hash_drbg" # ChaCha-based fast PRNG include "crypto/cprng_fast/files.cprng_fast" Index: src/sys/dev/rndpseudo.c diff -u src/sys/dev/rndpseudo.c:1.21.2.1 src/sys/dev/rndpseudo.c:1.21.2.1.6.1 --- src/sys/dev/rndpseudo.c:1.21.2.1 Sun Nov 2 09:47:04 2014 +++ src/sys/dev/rndpseudo.c Tue Sep 3 12:28:31 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rndpseudo.c,v 1.21.2.1 2014/11/02 09:47:04
CVS commit: [netbsd-7-1] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 12:29:08 UTC 2019 Modified Files: src/doc [netbsd-7-1]: CHANGES-7.1.3 Log Message: Ticket #1705 To generate a diff of this commit: cvs rdiff -u -r1.1.2.55 -r1.1.2.56 src/doc/CHANGES-7.1.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7-1] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 12:28:31 UTC 2019 Modified Files: src/sys/conf [netbsd-7-1]: files src/sys/dev [netbsd-7-1]: rndpseudo.c src/sys/kern [netbsd-7-1]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-7-1]: Makefile src/sys/rump/librump/rumpkern [netbsd-7-1]: Makefile.rumpkern src/sys/sys [netbsd-7-1]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-7-1]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-7-1]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... To generate a diff of this commit: cvs rdiff -u -r1.1096.2.8 -r1.1096.2.8.2.1 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r0 -r1.1.8.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.21.2.1 -r1.21.2.1.6.1 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.24.2.1 -r1.24.2.1.6.1 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.3 -r1.3.12.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.148 -r1.148.8.1 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.10 -r1.10.10.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 12:21:49 UTC 2019 Modified Files: src/doc [netbsd-7]: CHANGES-7.3 Log Message: Ticket #1705 To generate a diff of this commit: cvs rdiff -u -r1.1.2.59 -r1.1.2.60 src/doc/CHANGES-7.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-7.3 diff -u src/doc/CHANGES-7.3:1.1.2.59 src/doc/CHANGES-7.3:1.1.2.60 --- src/doc/CHANGES-7.3:1.1.2.59 Sun Sep 1 10:03:09 2019 +++ src/doc/CHANGES-7.3 Tue Sep 3 12:21:49 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.3,v 1.1.2.59 2019/09/01 10:03:09 martin Exp $ +# $NetBSD: CHANGES-7.3,v 1.1.2.60 2019/09/03 12:21:49 martin Exp $ A complete list of changes from the NetBSD 7.2 release to the NetBSD 7.3 release: @@ -643,3 +643,26 @@ external/gpl3/gdb/dist/bfd/srec.c (appl fall-through warnings. [mrg, ticket #1704] +sys/conf/files 1.1238 +sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg delete +sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h delete +sys/crypto/nist_hash_drbg/files.nist_hash_drbg 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.c 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.h 1.1 +sys/dev/rndpseudo.c1.38 +sys/kern/subr_cprng.c1.31 +sys/rump/kern/lib/libcrypto/Makefile 1.5 +sys/rump/librump/rumpkern/Makefile.rumpkern 1.176 +sys/sys/cprng.h 1.13-1.15 + + cprng.h: use static __inline for consistency with other include + headers and remove an unused function. + + Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. + [riastradh, ticket #1705] +
CVS commit: [netbsd-7] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 12:21:49 UTC 2019 Modified Files: src/doc [netbsd-7]: CHANGES-7.3 Log Message: Ticket #1705 To generate a diff of this commit: cvs rdiff -u -r1.1.2.59 -r1.1.2.60 src/doc/CHANGES-7.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 12:20:43 UTC 2019 Modified Files: src/sys/conf [netbsd-7]: files src/sys/dev [netbsd-7]: rndpseudo.c src/sys/kern [netbsd-7]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-7]: Makefile src/sys/rump/librump/rumpkern [netbsd-7]: Makefile.rumpkern src/sys/sys [netbsd-7]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-7]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-7]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... To generate a diff of this commit: cvs rdiff -u -r1.1096.2.9 -r1.1096.2.10 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r0 -r1.1.6.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.21.2.1 -r1.21.2.2 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.24.2.1 -r1.24.2.2 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.3 -r1.3.4.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.148 -r1.148.2.1 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.10 -r1.10.2.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 12:21:15 UTC 2019 Modified Files: src/doc [netbsd-8]: CHANGES-8.2 Log Message: Ticket #1365 To generate a diff of this commit: cvs rdiff -u -r1.1.2.32 -r1.1.2.33 src/doc/CHANGES-8.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-7] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 12:20:43 UTC 2019 Modified Files: src/sys/conf [netbsd-7]: files src/sys/dev [netbsd-7]: rndpseudo.c src/sys/kern [netbsd-7]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-7]: Makefile src/sys/rump/librump/rumpkern [netbsd-7]: Makefile.rumpkern src/sys/sys [netbsd-7]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-7]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-7]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1705): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... To generate a diff of this commit: cvs rdiff -u -r1.1096.2.9 -r1.1096.2.10 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r0 -r1.1.6.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.21.2.1 -r1.21.2.2 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.24.2.1 -r1.24.2.2 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.3 -r1.3.4.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.148 -r1.148.2.1 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.10 -r1.10.2.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/conf/files diff -u src/sys/conf/files:1.1096.2.9 src/sys/conf/files:1.1096.2.10 --- src/sys/conf/files:1.1096.2.9 Wed Apr 5 19:54:18 2017 +++ src/sys/conf/files Tue Sep 3 12:20:43 2019 @@ -1,4 +1,4 @@ -# $NetBSD: files,v 1.1096.2.9 2017/04/05 19:54:18 snj Exp $ +# $NetBSD: files,v 1.1096.2.10 2019/09/03 12:20:43 martin Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 version 20100430 @@ -167,8 +167,8 @@ include "crypto/camellia/files.camellia" # General-purpose crypto processing framework. include "opencrypto/files.opencrypto" -# NIST SP800.90 CTR DRBG -include "crypto/nist_ctr_drbg/files.nist_ctr_drbg" +# NIST SP800-90A Hash_DRBG +include "crypto/nist_hash_drbg/files.nist_hash_drbg" # ChaCha-based fast PRNG include "crypto/cprng_fast/files.cprng_fast" Index: src/sys/dev/rndpseudo.c diff -u src/sys/dev/rndpseudo.c:1.21.2.1 src/sys/dev/rndpseudo.c:1.21.2.2 --- src/sys/dev/rndpseudo.c:1.21.2.1 Sun Nov 2 09:47:04 2014 +++ src/sys/dev/rndpseudo.c Tue Sep 3 12:20:43 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rndpseudo.c,v 1.21.2.1 2014/11/02 09:47:04 martin Exp $ */ +/* $NetBSD:
CVS commit: [netbsd-8] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 12:21:15 UTC 2019 Modified Files: src/doc [netbsd-8]: CHANGES-8.2 Log Message: Ticket #1365 To generate a diff of this commit: cvs rdiff -u -r1.1.2.32 -r1.1.2.33 src/doc/CHANGES-8.2 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-8.2 diff -u src/doc/CHANGES-8.2:1.1.2.32 src/doc/CHANGES-8.2:1.1.2.33 --- src/doc/CHANGES-8.2:1.1.2.32 Mon Sep 2 17:20:47 2019 +++ src/doc/CHANGES-8.2 Tue Sep 3 12:21:15 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-8.2,v 1.1.2.32 2019/09/02 17:20:47 martin Exp $ +# $NetBSD: CHANGES-8.2,v 1.1.2.33 2019/09/03 12:21:15 martin Exp $ A complete list of changes from the NetBSD 8.1 release to the NetBSD 8.2 release: @@ -828,3 +828,26 @@ share/man/man9/arp.91.27 Improve grammar and readability. Minor cosmetics. [sevan, tickets #1352 - #1364] +sys/conf/files 1.1238 +sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg delete +sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h delete +sys/crypto/nist_hash_drbg/files.nist_hash_drbg 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.c 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.h 1.1 +sys/dev/rndpseudo.c1.38 +sys/kern/subr_cprng.c1.31 +sys/rump/kern/lib/libcrypto/Makefile 1.5 +sys/rump/librump/rumpkern/Makefile.rumpkern 1.176 +sys/sys/cprng.h 1.13-1.15 + + cprng.h: use static __inline for consistency with other include + headers and remove an unused function. + + Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. + [riastradh, ticket #1365] +
CVS commit: [netbsd-8] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 12:08:22 UTC 2019 Modified Files: src/sys/conf [netbsd-8]: files src/sys/dev [netbsd-8]: rndpseudo.c src/sys/kern [netbsd-8]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-8]: Makefile src/sys/rump/librump/rumpkern [netbsd-8]: Makefile.rumpkern src/sys/sys [netbsd-8]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-8]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-8]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1365): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... To generate a diff of this commit: cvs rdiff -u -r1.1173.2.7 -r1.1173.2.8 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r0 -r1.1.4.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.35 -r1.35.10.1 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.27 -r1.27.10.1 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.4 -r1.4.10.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.169.6.1 -r1.169.6.2 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.12 -r1.12.10.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/conf/files diff -u src/sys/conf/files:1.1173.2.7 src/sys/conf/files:1.1173.2.8 --- src/sys/conf/files:1.1173.2.7 Wed Apr 10 07:39:31 2019 +++ src/sys/conf/files Tue Sep 3 12:08:22 2019 @@ -1,4 +1,4 @@ -# $NetBSD: files,v 1.1173.2.7 2019/04/10 07:39:31 martin Exp $ +# $NetBSD: files,v 1.1173.2.8 2019/09/03 12:08:22 martin Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 version 20170615 @@ -186,8 +186,8 @@ include "crypto/camellia/files.camellia" # General-purpose crypto processing framework. include "opencrypto/files.opencrypto" -# NIST SP800.90 CTR DRBG -include "crypto/nist_ctr_drbg/files.nist_ctr_drbg" +# NIST SP800-90A Hash_DRBG +include "crypto/nist_hash_drbg/files.nist_hash_drbg" # ChaCha-based fast PRNG include "crypto/cprng_fast/files.cprng_fast" Index: src/sys/dev/rndpseudo.c diff -u src/sys/dev/rndpseudo.c:1.35 src/sys/dev/rndpseudo.c:1.35.10.1 --- src/sys/dev/rndpseudo.c:1.35 Thu Aug 20 14:40:17 2015 +++ src/sys/dev/rndpseudo.c Tue Sep 3 12:08:22 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rndpseudo.c,v 1.35 2015/08/20 14:40:17 christos Exp $ */ +/* $NetBSD: rndpseudo.c,v
CVS commit: [netbsd-8] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 12:08:22 UTC 2019 Modified Files: src/sys/conf [netbsd-8]: files src/sys/dev [netbsd-8]: rndpseudo.c src/sys/kern [netbsd-8]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-8]: Makefile src/sys/rump/librump/rumpkern [netbsd-8]: Makefile.rumpkern src/sys/sys [netbsd-8]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-8]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-8]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #1365): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.13 - 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal cprng.h: use static __inline for consistency with other include headers and remove an unused function. - Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... To generate a diff of this commit: cvs rdiff -u -r1.1173.2.7 -r1.1173.2.8 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r0 -r1.1.4.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.35 -r1.35.10.1 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.27 -r1.27.10.1 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.4 -r1.4.10.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.169.6.1 -r1.169.6.2 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.12 -r1.12.10.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src
On 03/09/2019 12:59, Brad Spencer wrote: > One possible alternative to that is to install OpenZFS on MacOS and > create a ZFS filesystem inside of whatever... Or a disk image which is case sensitive (hfs/apfs) problem is then that it's slow. Sevan
Re: CVS commit: src/lib/libcurses
On 03.09.2019 12:36, Roy Marples wrote: > Module Name: src > Committed By: roy > Date: Tue Sep 3 10:36:17 UTC 2019 > > Modified Files: > src/lib/libcurses: Makefile curses.h version.c > Added Files: > src/lib/libcurses: cursesrelease.sh > > Log Message: > curses: Add __NetBSD_Curses_Version__ > > Similar to __NetBSD_Version__ from sys/param.h but has no > correlation to it or the ELF symver libcurses is built as. > Rationale for this? What was wrong with the previous version? signature.asc Description: OpenPGP digital signature
Re: CVS commit: src
Sevan Janiyan writes: > On 03/09/2019 12:32, Robert Elz wrote: >> but doesn't macos have the ability to turn that off? > > Nope, it's set when you create the filesystem. :/ > > > Sevan One possible alternative to that is to install OpenZFS on MacOS and create a ZFS filesystem inside of whatever... (Install OpenZFS for your version of MacOS) dd if=/dev/zero of=/Users/bspencer/ZFSTEST/file1 bs=1048576 count=100 zpool create zfspool /Users/bspencer/ZFSTEST/file1 this will give you a new volume in /Volumes that will be case sensitive even if the outer filesystem isn't.. The big disadvantage is that you will have to preallocate the space, but this isn't too bad for building NetBSD, as those estimates are knowable. -- Brad Spencer - b...@anduin.eldar.org - KC8VKS - http://anduin.eldar.org
Re: CVS commit: src
On 03/09/2019 12:32, Robert Elz wrote: > but doesn't macos have the ability to turn that off? Nope, it's set when you create the filesystem. :/ Sevan
Re: CVS commit: src
Date:Tue, 3 Sep 2019 11:30:03 +0100 From:Sevan Janiyan Message-ID: | That would break support for building on macos Yes, I guessed that was the incentive for keeping it, but doesn't macos have the ability to turn that off? Is it really such a huge imposition to expect people building NetBSD on MacOS to put the NetBSD sources (and objects, destdir, ...) on filesystems mounted without that? kre
CVS commit: src/lib/libcurses
Module Name:src Committed By: roy Date: Tue Sep 3 10:36:17 UTC 2019 Modified Files: src/lib/libcurses: Makefile curses.h version.c Added Files: src/lib/libcurses: cursesrelease.sh Log Message: curses: Add __NetBSD_Curses_Version__ Similar to __NetBSD_Version__ from sys/param.h but has no correlation to it or the ELF symver libcurses is built as. If we say that v1 was everything prior to this, it makes sense to start this from v2. To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/lib/libcurses/Makefile cvs rdiff -u -r1.124 -r1.125 src/lib/libcurses/curses.h cvs rdiff -u -r0 -r1.1 src/lib/libcurses/cursesrelease.sh cvs rdiff -u -r1.1 -r1.2 src/lib/libcurses/version.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/lib/libcurses
Module Name:src Committed By: roy Date: Tue Sep 3 10:36:17 UTC 2019 Modified Files: src/lib/libcurses: Makefile curses.h version.c Added Files: src/lib/libcurses: cursesrelease.sh Log Message: curses: Add __NetBSD_Curses_Version__ Similar to __NetBSD_Version__ from sys/param.h but has no correlation to it or the ELF symver libcurses is built as. If we say that v1 was everything prior to this, it makes sense to start this from v2. To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/lib/libcurses/Makefile cvs rdiff -u -r1.124 -r1.125 src/lib/libcurses/curses.h cvs rdiff -u -r0 -r1.1 src/lib/libcurses/cursesrelease.sh cvs rdiff -u -r1.1 -r1.2 src/lib/libcurses/version.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/lib/libcurses/Makefile diff -u src/lib/libcurses/Makefile:1.91 src/lib/libcurses/Makefile:1.92 --- src/lib/libcurses/Makefile:1.91 Mon Sep 2 09:08:29 2019 +++ src/lib/libcurses/Makefile Tue Sep 3 10:36:17 2019 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.91 2019/09/02 09:08:29 roy Exp $ +# $NetBSD: Makefile,v 1.92 2019/09/03 10:36:17 roy Exp $ # @(#)Makefile 8.2 (Berkeley) 1/2/94 .include @@ -210,10 +210,8 @@ SUBDIR.roff+= PSD.doc fileio.h: shlib_version genfileioh.awk ${TOOL_AWK} -f ${.CURDIR}/genfileioh.awk < ${.CURDIR}/shlib_version > ${.CURDIR}/fileio.h -NETBSD_VERSION!= ${HOST_SH} ${NETBSDSRCDIR}/sys/conf/osrelease.sh -CPPFLAGS.version.c+= -DNETBSD_VERSION=\"${NETBSD_VERSION}\" -.PATH: ${NETBSDSRCDIR}/sys/sys -version.o: param.h +CURSES_VERSION!= ${HOST_SH} ${.CURDIR}/cursesrelease.sh +CPPFLAGS.version.c+= -DCURSES_VERSION=\"${CURSES_VERSION}\" .include .include Index: src/lib/libcurses/curses.h diff -u src/lib/libcurses/curses.h:1.124 src/lib/libcurses/curses.h:1.125 --- src/lib/libcurses/curses.h:1.124 Mon Sep 2 09:08:29 2019 +++ src/lib/libcurses/curses.h Tue Sep 3 10:36:17 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: curses.h,v 1.124 2019/09/02 09:08:29 roy Exp $ */ +/* $NetBSD: curses.h,v 1.125 2019/09/03 10:36:17 roy Exp $ */ /* * Copyright (c) 1981, 1993, 1994 @@ -48,6 +48,23 @@ #include /* + * #define __NetBSD_Curses_Version__ MMmmrrpp00 + * + * M = major version + * m = minor version; a minor number of 99 indicates current + * r = 0 (*) + * p = patchlevel + * + * This is similar to __NetBSD_Version__ as found in sys/param.h + * It is maintained seperately and has no correlation to it or the + * ELF symver libcurses is built as. + */ +#define __NetBSD_Curses_Version__ 02 /* NetBSD-Curses 2.0.0 */ + +#define __NetBSD_Curses_Prereq__(M,m,p) (M) * 1) + \ + (m) * 100) + (p) * 100) <= __NetBSD_Curses_Version__) + +/* * attr_t must be the same size as wchar_t (see ) to avoid padding * in __LDATA. */ Index: src/lib/libcurses/version.c diff -u src/lib/libcurses/version.c:1.1 src/lib/libcurses/version.c:1.2 --- src/lib/libcurses/version.c:1.1 Mon Sep 2 09:08:29 2019 +++ src/lib/libcurses/version.c Tue Sep 3 10:36:17 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: version.c,v 1.1 2019/09/02 09:08:29 roy Exp $ */ +/* $NetBSD: version.c,v 1.2 2019/09/03 10:36:17 roy Exp $ */ /*- * Copyright (c) 2019 The NetBSD Foundation, Inc. @@ -31,7 +31,7 @@ #include #ifndef lint -__RCSID("$NetBSD: version.c,v 1.1 2019/09/02 09:08:29 roy Exp $"); +__RCSID("$NetBSD: version.c,v 1.2 2019/09/03 10:36:17 roy Exp $"); #endif #include "curses.h" @@ -40,5 +40,5 @@ const char * curses_version() { - return "NetBSD-Curses " NETBSD_VERSION; + return "NetBSD-Curses " CURSES_VERSION; } Added files: Index: src/lib/libcurses/cursesrelease.sh diff -u /dev/null src/lib/libcurses/cursesrelease.sh:1.1 --- /dev/null Tue Sep 3 10:36:17 2019 +++ src/lib/libcurses/cursesrelease.sh Tue Sep 3 10:36:17 2019 @@ -0,0 +1,59 @@ +#!/bin/sh + +# $NetBSD: cursesrelease.sh,v 1.1 2019/09/03 10:36:17 roy Exp $ +# +# Copyright (c) 1997 The NetBSD Foundation, Inc. +# All rights reserved. +# +# This code is derived from software contributed to The NetBSD Foundation +# by Luke Mewburn. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +#notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +#notice, this list of conditions and the following disclaimer in the +#documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT,
Re: CVS commit: src
On 03/09/2019 06:36, Robert Elz wrote: > simply abandon support for case insensitive filesystems. That would break support for building on macos which defaults to the case insensitive version of filesystems to this day. Sevan
CVS commit: [netbsd-9] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 07:48:51 UTC 2019 Modified Files: src/doc [netbsd-9]: CHANGES-9.0 Log Message: Ticket #173 To generate a diff of this commit: cvs rdiff -u -r1.1.2.38 -r1.1.2.39 src/doc/CHANGES-9.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/doc/CHANGES-9.0 diff -u src/doc/CHANGES-9.0:1.1.2.38 src/doc/CHANGES-9.0:1.1.2.39 --- src/doc/CHANGES-9.0:1.1.2.38 Mon Sep 2 17:28:28 2019 +++ src/doc/CHANGES-9.0 Tue Sep 3 07:48:51 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-9.0,v 1.1.2.38 2019/09/02 17:28:28 martin Exp $ +# $NetBSD: CHANGES-9.0,v 1.1.2.39 2019/09/03 07:48:51 martin Exp $ A complete list of changes from the initial NetBSD 9.0 branch on 2019-07-30 until the 9.0 release: @@ -2686,3 +2686,23 @@ share/man/man9/arp.91.27 Improve grammar and readability. Minor cosmetics. [sevan, tickets #154 - #164] +sys/conf/files 1.1238 +sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg delete +sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h delete +sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h delete +sys/crypto/nist_hash_drbg/files.nist_hash_drbg 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.c 1.1 +sys/crypto/nist_hash_drbg/nist_hash_drbg.h 1.1 +sys/dev/rndpseudo.c1.38 +sys/kern/subr_cprng.c1.31 +sys/rump/kern/lib/libcrypto/Makefile 1.5 +sys/rump/librump/rumpkern/Makefile.rumpkern 1.176 +sys/sys/cprng.h 1.15 + + Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. + [riastradh, ticket #173] +
CVS commit: [netbsd-9] src/doc
Module Name:src Committed By: martin Date: Tue Sep 3 07:48:51 UTC 2019 Modified Files: src/doc [netbsd-9]: CHANGES-9.0 Log Message: Ticket #173 To generate a diff of this commit: cvs rdiff -u -r1.1.2.38 -r1.1.2.39 src/doc/CHANGES-9.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-9] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 07:48:00 UTC 2019 Modified Files: src/sys/conf [netbsd-9]: files src/sys/dev [netbsd-9]: rndpseudo.c src/sys/kern [netbsd-9]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-9]: Makefile src/sys/rump/librump/rumpkern [netbsd-9]: Makefile.rumpkern src/sys/sys [netbsd-9]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-9]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-9]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #173): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... XXX pullup-7 XXX pullup-8 XXX pullup-9 To generate a diff of this commit: cvs rdiff -u -r1.1237 -r1.1237.2.1 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r1.3 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h cvs rdiff -u -r0 -r1.1.2.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.37 -r1.37.4.1 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.30 -r1.30.2.1 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.4 -r1.4.22.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.175 -r1.175.2.1 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.14 -r1.14.6.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/sys/conf/files diff -u src/sys/conf/files:1.1237 src/sys/conf/files:1.1237.2.1 --- src/sys/conf/files:1.1237 Sat Jun 15 06:40:34 2019 +++ src/sys/conf/files Tue Sep 3 07:47:59 2019 @@ -1,4 +1,4 @@ -# $NetBSD: files,v 1.1237 2019/06/15 06:40:34 maxv Exp $ +# $NetBSD: files,v 1.1237.2.1 2019/09/03 07:47:59 martin Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 version 20171118 @@ -196,8 +196,8 @@ include "crypto/camellia/files.camellia" # General-purpose crypto processing framework. include "opencrypto/files.opencrypto" -# NIST SP800.90 CTR DRBG -include "crypto/nist_ctr_drbg/files.nist_ctr_drbg" +# NIST SP800-90A Hash_DRBG +include "crypto/nist_hash_drbg/files.nist_hash_drbg" # ChaCha-based fast PRNG include "crypto/cprng_fast/files.cprng_fast" Index: src/sys/dev/rndpseudo.c diff -u src/sys/dev/rndpseudo.c:1.37 src/sys/dev/rndpseudo.c:1.37.4.1 --- src/sys/dev/rndpseudo.c:1.37 Mon Sep 3 16:29:30 2018 +++ src/sys/dev/rndpseudo.c Tue Sep 3 07:48:00 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: rndpseudo.c,v 1.37 2018/09/03 16:29:30 riastradh Exp $ */ +/* $NetBSD: rndpseudo.c,v 1.37.4.1 2019/09/03 07:48:00 martin Exp $ */ /*- * Copyright (c) 1997-2013 The
CVS commit: [netbsd-9] src/sys
Module Name:src Committed By: martin Date: Tue Sep 3 07:48:00 UTC 2019 Modified Files: src/sys/conf [netbsd-9]: files src/sys/dev [netbsd-9]: rndpseudo.c src/sys/kern [netbsd-9]: subr_cprng.c src/sys/rump/kern/lib/libcrypto [netbsd-9]: Makefile src/sys/rump/librump/rumpkern [netbsd-9]: Makefile.rumpkern src/sys/sys [netbsd-9]: cprng.h Added Files: src/sys/crypto/nist_hash_drbg [netbsd-9]: files.nist_hash_drbg nist_hash_drbg.c nist_hash_drbg.h Removed Files: src/sys/crypto/nist_ctr_drbg [netbsd-9]: files.nist_ctr_drbg nist_ctr_aes_rijndael.h nist_ctr_drbg.c nist_ctr_drbg.h nist_ctr_drbg_aes128.h nist_ctr_drbg_aes256.h nist_ctr_drbg_config.h Log Message: Pull up following revision(s) (requested by riastradh in ticket #173): sys/crypto/nist_hash_drbg/nist_hash_drbg.c: revision 1.1 sys/crypto/nist_hash_drbg/nist_hash_drbg.h: revision 1.1 sys/rump/kern/lib/libcrypto/Makefile: revision 1.5 sys/crypto/nist_hash_drbg/files.nist_hash_drbg: revision 1.1 sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.176 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h: file removal sys/conf/files: revision 1.1238 sys/dev/rndpseudo.c: revision 1.38 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c: file removal sys/sys/cprng.h: revision 1.15 sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h: file removal sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h: file removal sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg: file removal sys/kern/subr_cprng.c: revision 1.31 sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h: file removal Switch from NIST CTR_DRBG with AES to NIST Hash_DRBG with SHA-256. Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349;>https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... XXX pullup-7 XXX pullup-8 XXX pullup-9 To generate a diff of this commit: cvs rdiff -u -r1.1237 -r1.1237.2.1 src/sys/conf/files cvs rdiff -u -r1.1 -r0 src/sys/crypto/nist_ctr_drbg/files.nist_ctr_drbg \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.c \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_config.h cvs rdiff -u -r1.2 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_aes_rijndael.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes128.h \ src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg_aes256.h cvs rdiff -u -r1.3 -r0 src/sys/crypto/nist_ctr_drbg/nist_ctr_drbg.h cvs rdiff -u -r0 -r1.1.2.2 src/sys/crypto/nist_hash_drbg/files.nist_hash_drbg \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.c \ src/sys/crypto/nist_hash_drbg/nist_hash_drbg.h cvs rdiff -u -r1.37 -r1.37.4.1 src/sys/dev/rndpseudo.c cvs rdiff -u -r1.30 -r1.30.2.1 src/sys/kern/subr_cprng.c cvs rdiff -u -r1.4 -r1.4.22.1 src/sys/rump/kern/lib/libcrypto/Makefile cvs rdiff -u -r1.175 -r1.175.2.1 \ src/sys/rump/librump/rumpkern/Makefile.rumpkern cvs rdiff -u -r1.14 -r1.14.6.1 src/sys/sys/cprng.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.