is any of this useful? has anybody ever manually stirred the random device or tried interpreting the nonsense spit out by sysctl kern.random?
[this would also delete the rndioctl.h header entirely.] Index: dev/rnd.c =================================================================== RCS file: /cvs/src/sys/dev/rnd.c,v retrieving revision 1.104 diff -u -r1.104 rnd.c --- dev/rnd.c 21 Nov 2010 22:58:40 -0000 1.104 +++ dev/rnd.c 22 Nov 2010 00:14:13 -0000 @@ -256,7 +256,6 @@ #include <crypto/arc4.h> #include <dev/rndvar.h> -#include <dev/rndioctl.h> #ifdef RNDEBUG int rnd_debug = 0x0000; @@ -521,7 +520,6 @@ struct rand_event *rnd_event_tail = rnd_event_space; struct timeout rnd_timeout; struct selinfo rnd_rsel; -struct rndstats rndstats; int rnd_attached; /* must be called at a proper spl, returns ptr to the next event */ @@ -593,7 +591,6 @@ if (!rnd_attached) { if ((rep = rnd_put()) == NULL) { - rndstats.rnd_drops++; return; } @@ -658,7 +655,6 @@ * in hope for dequeuing to be more randomfull */ if (rnd_qlen() > QEVSLOW && nbits < QEVSBITS) { - rndstats.rnd_drople++; return; } p->last_time = time; @@ -673,7 +669,6 @@ mtx_enter(&rndlock); if ((rep = rnd_put()) == NULL) { - rndstats.rnd_drops++; mtx_leave(&rndlock); return; } @@ -683,11 +678,6 @@ rep->re_time = tv.tv_nsec ^ (tv.tv_sec << 20); rep->re_val = val; - rndstats.rnd_enqs++; - rndstats.rnd_ed[nbits]++; - rndstats.rnd_sc[state]++; - rndstats.rnd_sb[state] += nbits; - if (rnd_qlen() > QEVSLOW/2 && !random_state.tmo) { random_state.tmo++; timeout_add(&rnd_timeout, 1); @@ -704,7 +694,6 @@ u_int nbits; timeout_del(&rnd_timeout); - rndstats.rnd_deqs++; mtx_enter(&rndlock); while ((rep = rnd_get())) { @@ -716,7 +705,6 @@ add_entropy_words(buf, 2); - rndstats.rnd_total += nbits; rs->entropy_count += nbits; if (rs->entropy_count > POOLBITS) rs->entropy_count = POOLBITS; @@ -761,7 +749,6 @@ struct timeout arc4_timeout; struct rc4_ctx arc4random_state; int arc4random_initialized; -u_long arc4random_count = 0; /* * This function returns some number of good random numbers but is quite @@ -773,7 +760,6 @@ get_random_bytes(void *buf, size_t nbytes) { extract_entropy((u_int8_t *) buf, nbytes); - rndstats.rnd_used += nbytes * 8; } static void @@ -781,6 +767,7 @@ { u_int8_t buf[256]; int len; + static int arc4_nstirs; nanotime((struct timespec *) buf); len = sizeof(buf) - sizeof(struct timespec); @@ -788,13 +775,11 @@ len += sizeof(struct timespec); mtx_enter(&rndlock); - if (rndstats.arc4_nstirs > 0) + if (arc4_nstirs > 0) rc4_crypt(&arc4random_state, buf, buf, sizeof(buf)); rc4_keysetup(&arc4random_state, buf, sizeof(buf)); - arc4random_count = 0; - rndstats.arc4_stirs += len; - rndstats.arc4_nstirs++; + arc4_nstirs++; /* * Throw away the first N words of output, as suggested in the @@ -868,8 +853,6 @@ arc4maybeinit(); mtx_enter(&rndlock); rc4_getbytes(&arc4random_state, (u_char*)&ret, sizeof(ret)); - rndstats.arc4_reads += sizeof(ret); - arc4random_count += sizeof(ret); mtx_leave(&rndlock); return ret; } @@ -886,8 +869,6 @@ mtx_enter(&rndlock); rc4_getbytes(&arc4random_state, lbuf, sizeof(lbuf)); - rndstats.arc4_reads += n; - arc4random_count += sizeof(lbuf); mtx_leave(&rndlock); rc4_keysetup(&lctx, lbuf, sizeof(lbuf)); @@ -913,8 +894,6 @@ mtx_enter(&rndlock); rc4_getbytes(&arc4random_state, (u_char*)buf, n); - rndstats.arc4_reads += n; - arc4random_count += n; mtx_leave(&rndlock); } @@ -1138,7 +1117,6 @@ randomioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p) { int ret = 0; - u_int cnt; switch (cmd) { case FIOASYNC: @@ -1149,52 +1127,6 @@ /* Handled in the upper FS layer. */ break; - case RNDGETENTCNT: - mtx_enter(&rndlock); - *(u_int *)data = random_state.entropy_count; - mtx_leave(&rndlock); - break; - case RNDADDTOENTCNT: - if (suser(p, 0) != 0) - ret = EPERM; - else { - cnt = *(u_int *)data; - mtx_enter(&rndlock); - random_state.entropy_count += cnt; - if (random_state.entropy_count > POOLBITS) - random_state.entropy_count = POOLBITS; - mtx_leave(&rndlock); - } - break; - case RNDZAPENTCNT: - if (suser(p, 0) != 0) - ret = EPERM; - else { - mtx_enter(&rndlock); - random_state.entropy_count = 0; - mtx_leave(&rndlock); - } - break; - case RNDSTIRARC4: - if (suser(p, 0) != 0) - ret = EPERM; - else if (random_state.entropy_count < 64) - ret = EAGAIN; - else { - mtx_enter(&rndlock); - arc4random_initialized = 0; - mtx_leave(&rndlock); - } - break; - case RNDCLRSTATS: - if (suser(p, 0) != 0) - ret = EPERM; - else { - mtx_enter(&rndlock); - bzero(&rndstats, sizeof(rndstats)); - mtx_leave(&rndlock); - } - break; default: ret = ENOTTY; } Index: dev/rndvar.h =================================================================== RCS file: /cvs/src/sys/dev/rndvar.h,v retrieving revision 1.22 diff -u -r1.22 rndvar.h --- dev/rndvar.h 10 Oct 2008 20:13:11 -0000 1.22 +++ dev/rndvar.h 22 Nov 2010 00:14:13 -0000 @@ -50,27 +50,6 @@ #define RND_SRC_VIDEO 7 #define RND_SRC_NUM 8 -struct rndstats { - quad_t rnd_total; /* total bits of entropy generated */ - quad_t rnd_used; /* strong data bits read so far */ - quad_t rnd_reads; /* strong read calls */ - quad_t arc4_reads; /* aRC4 data bytes read so far */ - quad_t arc4_nstirs; /* arc4 pool stirs */ - quad_t arc4_stirs; /* arc4 pool stirs (bits used) */ - - quad_t rnd_pad[5]; - - quad_t rnd_waits; /* sleeps for data */ - quad_t rnd_enqs; /* enqueue calls */ - quad_t rnd_deqs; /* dequeue calls */ - quad_t rnd_drops; /* queue-full drops */ - quad_t rnd_drople; /* queue low watermark low entropy drops */ - - quad_t rnd_ed[32]; /* entropy feed distribution */ - quad_t rnd_sc[RND_SRC_NUM]; /* add* calls */ - quad_t rnd_sb[RND_SRC_NUM]; /* add* bits */ -}; - #ifdef _KERNEL extern struct rndstats rndstats; Index: kern/kern_sysctl.c =================================================================== RCS file: /cvs/src/sys/kern/kern_sysctl.c,v retrieving revision 1.195 diff -u -r1.195 kern_sysctl.c --- kern/kern_sysctl.c 19 Nov 2010 18:35:16 -0000 1.195 +++ kern/kern_sysctl.c 22 Nov 2010 00:14:15 -0000 @@ -402,9 +402,6 @@ return (sysctl_int(oldp, oldlenp, newp, newlen, &sominconn)); case KERN_USERMOUNT: return (sysctl_int(oldp, oldlenp, newp, newlen, &usermount)); - case KERN_RND: - return (sysctl_rdstruct(oldp, oldlenp, newp, &rndstats, - sizeof(rndstats))); case KERN_ARND: { char buf[256];