Commit Graph

12 Commits

Author SHA1 Message Date
Mark Murray
bbf09ad887 Upgrade the random device to use a "real" hash instead of building
one out of a block cipher. This has 2 advantages:
1) The code is _much_ simpler
2) We aren't committing our security to one algorithm (much as we
   may think we trust AES).

While I'm here, make an explicit reseed do a slow reseed instead
of a fast; this is in line with what the original paper suggested.
2002-07-15 13:58:35 +00:00
Ruslan Ermilov
17d6c63672 Drop <bsd.man.mk> support from <bsd.kmod.mk>.
Not objected to by:	-current
2002-01-11 15:49:02 +00:00
Mark Murray
add3f7f3df The /dev/random driver used Rijndael, not Blowfish, now. 2001-03-10 12:57:08 +00:00
Mark Murray
c202cd74f8 Clean up Makefile, and remove the last vestiges of NOBLOCKRANDOM. 2001-01-15 19:35:00 +00:00
David E. O'Brien
c68159a6d8 Use a consistent style and one much closer to the rest of /usr/src 2001-01-06 14:00:42 +00:00
Mark Murray
5f7f65f124 Default the /dev/random loadable module to blocking-on-bootup,
but leave a commented-out macro to change this.
2000-12-02 18:29:18 +00:00
Mark Murray
5f3431b5ad As the blocking model has seems to be troublesome for many, disable
it for now with an option.

This option is already deprecated, and will be removed when the
entropy-harvesting code is fast enough to warrant it.
2000-10-27 06:06:04 +00:00
Mark Murray
a6278a2a42 After some complaints about the dir names, the random device is
now in dirs called sys/*/random/ instead of sys/*/randomdev/*.

Introduce blocking, but only at startup; the random device will
block until the first reseed happens to prevent clients from
using untrustworthy output.

Provide a read_random() call for the rest of the kernel so that
the entropy device does not need to be present. This means that
things like IPX no longer need to have "device random" hardcoded
into thir kernel config. The downside is that read_random() will
provide very poor output until the entropy device is loaded and
reseeded. It is recommended that developers do NOT use the
read_random() call; instead, they should use arc4random() which
internally uses read_random().

Clean up the mutex and locking code a bit; this makes it possible
to unload the module again.
2000-10-14 10:59:56 +00:00
Mark Murray
4d87a031c0 Large upgrade to the entropy device; mainly inspired by feedback
from many folk.

o The reseed process is now a kthread. With SMPng, kthreads are
  pre-emptive, so the annoying jerkiness of the mouse is gone.

o The data structures are protected by mutexes now, not splfoo()/splx().

o The cryptographic routines are broken out into their own subroutines.
  this facilitates review, and possible replacement if that is ever
  found necessary.

Thanks to:		kris, green, peter, jasone, grog, jhb
Forgotten to thank:	You know who you are; no offense intended.
2000-09-10 13:52:19 +00:00
Mark Murray
c9ec235ca1 Add entropy gathering code. This will work whether the module is
compiled in or loaded.
2000-07-07 09:03:59 +00:00
Mark Murray
d040e2d053 Better style(9) for the module build. 2000-06-26 12:18:09 +00:00
Mark Murray
dc47848738 Build the entropy device (/dev/random) as a module. This may not
be a permanent rule, because this device may eventually be deemed
"effectively compulsory", and built by default directly into the
kernel. For the moment, however, this is useful for debugging and
development.

Reviewed by:	dfr
2000-06-25 10:12:33 +00:00