![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / share / man / man4
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.40 / (download) - annotate - [select for diffs], Sun Mar 20 18:19:57 2022 UTC (14 months, 1 week ago) by riastradh
Branch: MAIN
CVS Tags: netbsd-10-base,
netbsd-10,
HEAD
Changes since 1.39: +4 -16
lines
Diff to previous 1.39 (colored)
entropy(9): Improve entropy warning messages and documentation. - For the main warning message, use less jargon, say `security', and cite the entropy(7) man page for further reading. Document this in rnd(4) and entropy(7). - For the debug-only warning message, say `entropy' only once and omit it from the rnd(4) man page -- it's not very important unless you're debugging the kernel in which case you probably know what you're doing enough to not need the text explained in the man page.
Revision 1.39 / (download) - annotate - [select for diffs], Tue Apr 6 22:12:16 2021 UTC (2 years, 1 month ago) by riastradh
Branch: MAIN
CVS Tags: cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x
Changes since 1.38: +1 -4
lines
Diff to previous 1.38 (colored)
Remove sentence that has not been true since netbsd-6. ioctl(RNDADDDATA) is not the only way to raise the entropy estimate; privileged writes to /dev/random have the same effect.
Revision 1.38 / (download) - annotate - [select for diffs], Fri Feb 12 01:52:09 2021 UTC (2 years, 3 months ago) by riastradh
Branch: MAIN
Changes since 1.37: +2 -2
lines
Diff to previous 1.37 (colored)
rnd(4): Consistently call it the `global pool'. The `ready pool' is a term I used in a draft that I never committed.
Revision 1.37 / (download) - annotate - [select for diffs], Fri Jan 15 15:54:20 2021 UTC (2 years, 4 months ago) by riastradh
Branch: MAIN
Changes since 1.36: +2 -1
lines
Diff to previous 1.36 (colored)
rnd(4): Fix formatting of authors paragraph with `.An -nosplit'.
Revision 1.36 / (download) - annotate - [select for diffs], Sun Jan 10 23:24:25 2021 UTC (2 years, 4 months ago) by riastradh
Branch: MAIN
Changes since 1.35: +2 -1
lines
Diff to previous 1.35 (colored)
Various entropy integration improvements.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.
- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.
This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.
Revision 1.35 / (download) - annotate - [select for diffs], Wed May 6 18:38:20 2020 UTC (3 years ago) by riastradh
Branch: MAIN
Changes since 1.34: +4 -3
lines
Diff to previous 1.34 (colored)
Update to reflect change to message.
Revision 1.34 / (download) - annotate - [select for diffs], Mon May 4 15:10:40 2020 UTC (3 years ago) by wiz
Branch: MAIN
Changes since 1.33: +6 -5
lines
Diff to previous 1.33 (colored)
Break line after macro arguments end. Use \- for minus.
Revision 1.33 / (download) - annotate - [select for diffs], Fri May 1 19:56:08 2020 UTC (3 years, 1 month ago) by riastradh
Branch: MAIN
Changes since 1.32: +1 -3
lines
Diff to previous 1.32 (colored)
Combine some related paragraphs.
Revision 1.32 / (download) - annotate - [select for diffs], Fri May 1 19:54:37 2020 UTC (3 years, 1 month ago) by riastradh
Branch: MAIN
Changes since 1.31: +19 -23
lines
Diff to previous 1.31 (colored)
Tighten language so it fits in one paragraph again. This way the first two paragraphs have parallel structure: - _Applications_ should read from /dev/urandom or sysctl kern.arandom... - _Systems_ should be engineered to read once from /dev/random...
Revision 1.31 / (download) - annotate - [select for diffs], Fri May 1 12:43:33 2020 UTC (3 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.30: +3 -3
lines
Diff to previous 1.30 (colored)
rnd.4: Bump dates.
Revision 1.30 / (download) - annotate - [select for diffs], Fri May 1 12:30:16 2020 UTC (3 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.29: +26 -3
lines
Diff to previous 1.29 (colored)
rnd.4: Explain why libraries should use kern.arandom over /dev/urandom
Revision 1.29 / (download) - annotate - [select for diffs], Thu Apr 30 03:28:18 2020 UTC (3 years, 1 month ago) by riastradh
Branch: MAIN
Changes since 1.28: +238 -125
lines
Diff to previous 1.28 (colored)
Rewrite entropy subsystem.
Primary goals:
1. Use cryptography primitives designed and vetted by cryptographers.
2. Be honest about entropy estimation.
3. Propagate full entropy as soon as possible.
4. Simplify the APIs.
5. Reduce overhead of rnd_add_data and cprng_strong.
6. Reduce side channels of HWRNG data and human input sources.
7. Improve visibility of operation with sysctl and event counters.
Caveat: rngtest is no longer used generically for RND_TYPE_RNG
rndsources. Hardware RNG devices should have hardware-specific
health tests. For example, checking for two repeated 256-bit outputs
works to detect AMD's 2019 RDRAND bug. Not all hardware RNGs are
necessarily designed to produce exactly uniform output.
ENTROPY POOL
- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1
kludge as the cryptographic primitive.
- `Entropy depletion' is available for testing purposes with a sysctl
knob kern.entropy.depletion; otherwise it is disabled, and once the
system reaches full entropy it is assumed to stay there as far as
modern cryptography is concerned.
- No `entropy estimation' based on sample values. Such `entropy
estimation' is a contradiction in terms, dishonest to users, and a
potential source of side channels. It is the responsibility of the
driver author to study the entropy of the process that generates
the samples.
- Per-CPU gathering pools avoid contention on a global queue.
- Entropy is occasionally consolidated into global pool -- as soon as
it's ready, if we've never reached full entropy, and with a rate
limit afterward. Operators can force consolidation now by running
sysctl -w kern.entropy.consolidate=1.
- rndsink(9) API has been replaced by an epoch counter which changes
whenever entropy is consolidated into the global pool.
. Usage: Cache entropy_epoch() when you seed. If entropy_epoch()
has changed when you're about to use whatever you seeded, reseed.
. Epoch is never zero, so initialize cache to 0 if you want to reseed
on first use.
. Epoch is -1 iff we have never reached full entropy -- in other
words, the old rnd_initial_entropy is (entropy_epoch() != -1) --
but it is better if you check for changes rather than for -1, so
that if the system estimated its own entropy incorrectly, entropy
consolidation has the opportunity to prevent future compromise.
- Sysctls and event counters provide operator visibility into what's
happening:
. kern.entropy.needed - bits of entropy short of full entropy
. kern.entropy.pending - bits known to be pending in per-CPU pools,
can be consolidated with sysctl -w kern.entropy.consolidate=1
. kern.entropy.epoch - number of times consolidation has happened,
never 0, and -1 iff we have never reached full entropy
CPRNG_STRONG
- A cprng_strong instance is now a collection of per-CPU NIST
Hash_DRBGs. There are only two in the system: user_cprng for
/dev/urandom and sysctl kern.?random, and kern_cprng for kernel
users which may need to operate in interrupt context up to IPL_VM.
(Calling cprng_strong in interrupt context does not strike me as a
particularly good idea, so I added an event counter to see whether
anything actually does.)
- Event counters provide operator visibility into when reseeding
happens.
INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)
- Unwired for now; will be rewired in a subsequent commit.
Revision 1.24.12.1 / (download) - annotate - [select for diffs], Mon Apr 13 08:03:25 2020 UTC (3 years, 1 month ago) by martin
Branch: phil-wifi
Changes since 1.24: +33 -59
lines
Diff to previous 1.24 (colored) next main 1.25 (colored)
Mostly merge changes from HEAD upto 20200411
Revision 1.24.14.1 / (download) - annotate - [select for diffs], Sun Dec 8 13:16:53 2019 UTC (3 years, 5 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2
Changes since 1.24: +33 -59
lines
Diff to previous 1.24 (colored) next main 1.25 (colored)
Pull up following revision(s) (requested by riastradh in ticket #504): share/man/man4/rnd.4: revision 1.26 share/man/man4/rnd.4: revision 1.27 share/man/man4/rnd.4: revision 1.28 share/man/man4/rnd.4: revision 1.25 Update man page to reflect switch from CTR_DRBG to Hash_DRBG. Replace slightly wrong rant by shorter and slightly less long rant. (If X and Y in Z/2Z are independent, then so are X and X+Y. What was I thinking.) Update NIST SP800-90A reference. New sentence, new line. Use \(em.
Revision 1.24.4.1 / (download) - annotate - [select for diffs], Thu Dec 5 16:57:11 2019 UTC (3 years, 5 months ago) by bouyer
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE
Changes since 1.24: +33 -59
lines
Diff to previous 1.24 (colored) next main 1.25 (colored)
Pull up following revision(s) (requested by riastradh in ticket #1467): share/man/man4/rnd.4: revision 1.26 share/man/man4/rnd.4: revision 1.27 share/man/man4/rnd.4: revision 1.28 share/man/man4/rnd.4: revision 1.25 Update man page to reflect switch from CTR_DRBG to Hash_DRBG. Replace slightly wrong rant by shorter and slightly less long rant. (If X and Y in Z/2Z are independent, then so are X and X+Y. What was I thinking.) Update NIST SP800-90A reference. New sentence, new line. Use \(em.
Revision 1.20.10.2 / (download) - annotate - [select for diffs], Thu Dec 5 16:29:23 2019 UTC (3 years, 5 months ago) by bouyer
Branch: netbsd-7
Changes since 1.20.10.1: +33 -59
lines
Diff to previous 1.20.10.1 (colored) to branchpoint 1.20 (colored) next main 1.21 (colored)
Pull up following revision(s) (requested by riastradh in ticket #1715):
share/man/man4/rnd.4: revision 1.26
share/man/man4/rnd.4: revision 1.27
share/man/man4/rnd.4: revision 1.28
share/man/man4/rnd.4: revision 1.25
Update man page to reflect switch from CTR_DRBG to Hash_DRBG.
Replace slightly wrong rant by shorter and slightly less long rant.
(If X and Y in Z/2Z are independent, then so are X and X+Y. What was
I thinking.)
Update NIST SP800-90A reference.
New sentence, new line. Use \(em.
Revision 1.20.10.1.6.1 / (download) - annotate - [select for diffs], Thu Dec 5 16:24:28 2019 UTC (3 years, 5 months ago) by bouyer
Branch: netbsd-7-1
Changes since 1.20.10.1: +33 -59
lines
Diff to previous 1.20.10.1 (colored) next main 1.20.10.2 (colored)
Pull up following revision(s) (requested by riastradh in ticket #1715): share/man/man4/rnd.4: revision 1.26 share/man/man4/rnd.4: revision 1.27 share/man/man4/rnd.4: revision 1.28 share/man/man4/rnd.4: revision 1.25 Update man page to reflect switch from CTR_DRBG to Hash_DRBG. Replace slightly wrong rant by shorter and slightly less long rant. (If X and Y in Z/2Z are independent, then so are X and X+Y. What was I thinking.) Update NIST SP800-90A reference. New sentence, new line. Use \(em.
Revision 1.20.10.1.2.1 / (download) - annotate - [select for diffs], Thu Dec 5 16:23:22 2019 UTC (3 years, 5 months ago) by bouyer
Branch: netbsd-7-0
Changes since 1.20.10.1: +33 -59
lines
Diff to previous 1.20.10.1 (colored) next main 1.20.10.2 (colored)
Pull up following revision(s) (requested by riastradh in ticket #1715): share/man/man4/rnd.4: revision 1.26 share/man/man4/rnd.4: revision 1.27 share/man/man4/rnd.4: revision 1.28 share/man/man4/rnd.4: revision 1.25 Update man page to reflect switch from CTR_DRBG to Hash_DRBG. Replace slightly wrong rant by shorter and slightly less long rant. (If X and Y in Z/2Z are independent, then so are X and X+Y. What was I thinking.) Update NIST SP800-90A reference. New sentence, new line. Use \(em.
Revision 1.28 / (download) - annotate - [select for diffs], Wed Sep 4 05:37:06 2019 UTC (3 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
is-mlppp-base,
is-mlppp
Changes since 1.27: +7 -6
lines
Diff to previous 1.27 (colored)
New sentence, new line. Use \(em.
Revision 1.27 / (download) - annotate - [select for diffs], Wed Sep 4 04:03:25 2019 UTC (3 years, 8 months ago) by riastradh
Branch: MAIN
Changes since 1.26: +4 -4
lines
Diff to previous 1.26 (colored)
Update NIST SP800-90A reference.
Revision 1.26 / (download) - annotate - [select for diffs], Wed Sep 4 04:00:04 2019 UTC (3 years, 8 months ago) by riastradh
Branch: MAIN
Changes since 1.25: +21 -48
lines
Diff to previous 1.25 (colored)
Replace slightly wrong rant by shorter and slightly less long rant. (If X and Y in Z/2Z are independent, then so are X and X+Y. What was I thinking.)
Revision 1.25 / (download) - annotate - [select for diffs], Wed Sep 4 03:15:20 2019 UTC (3 years, 8 months ago) by riastradh
Branch: MAIN
Changes since 1.24: +7 -7
lines
Diff to previous 1.24 (colored)
Update man page to reflect switch from CTR_DRBG to Hash_DRBG.
Revision 1.23.4.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:53:15 2017 UTC (6 years, 1 month ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.23: +3 -3
lines
Diff to previous 1.23 (colored) next main 1.24 (colored)
Sync with HEAD
Revision 1.23.2.1 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:03 2017 UTC (6 years, 2 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.23: +3 -3
lines
Diff to previous 1.23 (colored) next main 1.24 (colored)
Sync with HEAD
Revision 1.24 / (download) - annotate - [select for diffs], Wed Jan 18 22:38:00 2017 UTC (6 years, 4 months ago) by abhinav
Branch: MAIN
CVS Tags: prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
phil-wifi-base,
phil-wifi-20190609,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
pgoyette-compat-merge-20190127,
pgoyette-compat-base,
pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
pgoyette-compat,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
netbsd-9-base,
netbsd-9-0-RC1,
netbsd-8-base,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
bouyer-socketcan-base1
Branch point for: phil-wifi,
netbsd-9,
netbsd-8
Changes since 1.23: +3 -3
lines
Diff to previous 1.23 (colored)
Fix couple of typos: s/intractible/intractable s/contiuously/continuously
Revision 1.23 / (download) - annotate - [select for diffs], Fri May 6 03:04:14 2016 UTC (7 years ago) by riastradh
Branch: MAIN
CVS Tags: pgoyette-localcount-base,
pgoyette-localcount-20170107,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
localcount-20160914,
bouyer-socketcan-base
Branch point for: pgoyette-localcount,
bouyer-socketcan
Changes since 1.22: +4 -4
lines
Diff to previous 1.22 (colored)
Correct rc.conf variable for random seed. Note that it is enabled by default.
Revision 1.22 / (download) - annotate - [select for diffs], Mon Apr 13 22:23:54 2015 UTC (8 years, 1 month ago) by riastradh
Branch: MAIN
Changes since 1.21: +2 -2
lines
Diff to previous 1.21 (colored)
Update header file references in rnd man pages.
Revision 1.20.10.1 / (download) - annotate - [select for diffs], Wed Mar 18 07:54:26 2015 UTC (8 years, 2 months ago) by snj
Branch: netbsd-7
CVS Tags: netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE
Branch point for: netbsd-7-1,
netbsd-7-0
Changes since 1.20: +545 -286
lines
Diff to previous 1.20 (colored)
Pull up following revision(s) (requested by riastradh in ticket #603): share/man/man4/rnd.4: revision 1.21 Rewrite /dev/random man page. - Describe application usage up front. - State the security model. - Explain entropy. - Describe current implementation strategy near the bottom.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jan 7 18:50:18 2015 UTC (8 years, 4 months ago) by riastradh
Branch: MAIN
Changes since 1.20: +545 -286
lines
Diff to previous 1.20 (colored)
Rewrite /dev/random man page. - Describe application usage up front. - State the security model. - Explain entropy. - Describe current implementation strategy near the bottom.
Revision 1.16.8.2 / (download) - annotate - [select for diffs], Wed May 23 10:07:35 2012 UTC (11 years ago) by yamt
Branch: yamt-pagecache
CVS Tags: yamt-pagecache-tag8
Changes since 1.16.8.1: +43 -8
lines
Diff to previous 1.16.8.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
sync with head.
Revision 1.18.2.1 / (download) - annotate - [select for diffs], Fri Apr 20 23:35:20 2012 UTC (11 years, 1 month ago) by riz
Branch: netbsd-6
CVS Tags: netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE,
netbsd-6-1,
netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
netbsd-6-0,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus
Changes since 1.18: +35 -2
lines
Diff to previous 1.18 (colored) next main 1.19 (colored)
Pull up following revision(s) (requested by tls in ticket #190): sys/sys/rnd.h: revision 1.31 sys/sys/rnd.h: revision 1.32 sys/sys/cprng.h: revision 1.5 sys/kern/subr_cprng.c: revision 1.8 share/man/man4/rnd.4: revision 1.19 sys/kern/kern_rndq.c: revision 1.3 sys/dev/rndpseudo.c: revision 1.8 sys/dev/rndpseudo.c: revision 1.9 sys/kern/kern_rndpool.c: revision 1.2 Address multiple problems with rnd(4)/cprng(9): 1) Add a per-cpu CPRNG to handle short reads from /dev/urandom so that programs like perl don't drain the entropy pool dry by repeatedly opening, reading 4 bytes, closing. 2) Really fix the locking around reseeds and destroys. 3) Fix the opportunistic-reseed strategy so it actually works, reseeding existing RNGs once each (as they are used, so idle RNGs don't get reseeded) until the pool is half empty or newly full again. Fix a bug and a compilation problem. Bug: spin mutexes don't have owners, so KASSERT(!mutex_owned()) shouldn't be used to assert that the current LWP does not have the mutex. Compilation problem: explicitly include sys/mutex.h from rnd.h so evbarm builds again.
Revision 1.20 / (download) - annotate - [select for diffs], Tue Apr 17 08:28:20 2012 UTC (11 years, 1 month ago) by wiz
Branch: MAIN
CVS Tags: yamt-pagecache-base9,
yamt-pagecache-base8,
yamt-pagecache-base7,
yamt-pagecache-base6,
yamt-pagecache-base5,
tls-maxphys-base,
tls-maxphys,
tls-earlyentropy-base,
tls-earlyentropy,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15,
riastradh-drm2-base3,
riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2,
netbsd-7-base,
agc-symver-base,
agc-symver
Branch point for: netbsd-7
Changes since 1.19: +24 -22
lines
Diff to previous 1.19 (colored)
New sentence, new line. Sort type descriptions. Bump date for previous.
Revision 1.19 / (download) - annotate - [select for diffs], Tue Apr 17 02:50:39 2012 UTC (11 years, 1 month ago) by tls
Branch: MAIN
Changes since 1.18: +35 -2
lines
Diff to previous 1.18 (colored)
Address multiple problems with rnd(4)/cprng(9): 1) Add a per-cpu CPRNG to handle short reads from /dev/urandom so that programs like perl don't drain the entropy pool dry by repeatedly opening, reading 4 bytes, closing. 2) Really fix the locking around reseeds and destroys. 3) Fix the opportunistic-reseed strategy so it actually works, reseeding existing RNGs once each (as they are used, so idle RNGs don't get reseeded) until the pool is half empty or newly full again.
Revision 1.16.8.1 / (download) - annotate - [select for diffs], Tue Apr 17 00:05:46 2012 UTC (11 years, 1 month ago) by yamt
Branch: yamt-pagecache
Changes since 1.16: +126 -84
lines
Diff to previous 1.16 (colored)
sync with head
Revision 1.18 / (download) - annotate - [select for diffs], Sat Dec 17 21:21:59 2011 UTC (11 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: yamt-pagecache-base4,
netbsd-6-base
Branch point for: netbsd-6
Changes since 1.17: +37 -27
lines
Diff to previous 1.17 (colored)
New sentence, new line. Bump date for previous.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Dec 17 20:05:38 2011 UTC (11 years, 5 months ago) by tls
Branch: MAIN
Changes since 1.16: +116 -84
lines
Diff to previous 1.16 (colored)
Separate /dev/random pseudodevice implemenation from kernel entropy pool implementation. Rewrite pseudodevice code to use cprng_strong(9). The new pseudodevice is cloning, so each caller gets bits from a stream generated with its own key. Users of /dev/urandom get their generators keyed on a "best effort" basis -- the kernel will rekey generators whenever the entropy pool hits the high water mark -- while users of /dev/random get their generators rekeyed every time key-length bits are output. The underlying cprng_strong API can use AES-256 or AES-128, but we use AES-128 because of concerns about related-key attacks on AES-256. This improves performance (and reduces entropy pool depletion) significantly for users of /dev/urandom but does cause users of /dev/random to rekey twice as often. Also fixes various bugs (including some missing locking and a reseed-counter overflow in the CTR_DRBG code) found while testing this. For long reads, this generator is approximately 20 times as fast as the old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of 2.5MB/sec) and also uses a separate mutex per instance so concurrency is greatly improved. For reads of typical key sizes for modern cryptosystems (16-32 bytes) performance is about the same as the old code: a little better for 32 bytes, a little worse for 16 bytes.
Revision 1.16.2.2 / (download) - annotate - [select for diffs], Mon Mar 22 18:58:32 2010 UTC (13 years, 2 months ago) by joerg
Branch: uebayasi-xip
Changes since 1.16.2.1: +273 -0
lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
Use .In instead of .Aq Pa for header files.
Revision 1.16.2.1, Mon Mar 22 18:58:31 2010 UTC (13 years, 2 months ago) by joerg
Branch: uebayasi-xip
Changes since 1.16: +0 -273
lines
FILE REMOVED
file rnd.4 was added on branch uebayasi-xip on 2010-03-22 18:58:32 +0000
Revision 1.16 / (download) - annotate - [select for diffs], Mon Mar 22 18:58:31 2010 UTC (13 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base,
uebayasi-xip-base7,
uebayasi-xip-base6,
uebayasi-xip-base5,
uebayasi-xip-base4,
uebayasi-xip-base3,
uebayasi-xip-base2,
uebayasi-xip-base1,
matt-mips64-premerge-20101231,
cherry-xenmp-base,
cherry-xenmp,
bouyer-quota2-nbase,
bouyer-quota2-base,
bouyer-quota2
Branch point for: yamt-pagecache,
uebayasi-xip
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
Use .In instead of .Aq Pa for header files.
Revision 1.12.30.1 / (download) - annotate - [select for diffs], Wed May 13 19:19:09 2009 UTC (14 years ago) by jym
Branch: jym-xensuspend
Changes since 1.12: +65 -30
lines
Diff to previous 1.12 (colored) next main 1.13 (colored)
Sync with HEAD. Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
Revision 1.15 / (download) - annotate - [select for diffs], Sun Mar 15 10:31:44 2009 UTC (14 years, 2 months ago) by joerg
Branch: MAIN
CVS Tags: matt-premerge-20091211,
jym-xensuspend-nbase,
jym-xensuspend-base
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored)
Fix markup.
Revision 1.14 / (download) - annotate - [select for diffs], Sun Feb 22 12:18:32 2009 UTC (14 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.13: +46 -29
lines
Diff to previous 1.13 (colored)
New sentence, new line. Remove trailing whitespace.
Revision 1.13 / (download) - annotate - [select for diffs], Sun Feb 22 11:04:03 2009 UTC (14 years, 3 months ago) by plunky
Branch: MAIN
Changes since 1.12: +20 -2
lines
Diff to previous 1.12 (colored)
document the RNDGETPOOLSTAT ioctl.
Revision 1.12 / (download) - annotate - [select for diffs], Mon Dec 26 19:48:12 2005 UTC (17 years, 5 months ago) by perry
Branch: MAIN
CVS Tags: yamt-pf42-baseX,
yamt-pf42-base4,
yamt-pf42-base3,
yamt-pf42-base2,
yamt-pf42-base,
yamt-pf42,
wrstuden-revivesa-base-3,
wrstuden-revivesa-base-2,
wrstuden-revivesa-base-1,
wrstuden-revivesa-base,
wrstuden-revivesa,
wrstuden-fixsa-newbase,
wrstuden-fixsa-base-1,
wrstuden-fixsa-base,
wrstuden-fixsa,
netbsd-5-base,
netbsd-5-2-RELEASE,
netbsd-5-2-RC1,
netbsd-5-2-3-RELEASE,
netbsd-5-2-2-RELEASE,
netbsd-5-2-1-RELEASE,
netbsd-5-2,
netbsd-5-1-RELEASE,
netbsd-5-1-RC4,
netbsd-5-1-RC3,
netbsd-5-1-RC2,
netbsd-5-1-RC1,
netbsd-5-1-5-RELEASE,
netbsd-5-1-4-RELEASE,
netbsd-5-1-3-RELEASE,
netbsd-5-1-2-RELEASE,
netbsd-5-1-1-RELEASE,
netbsd-5-1,
netbsd-5-0-RELEASE,
netbsd-5-0-RC4,
netbsd-5-0-RC3,
netbsd-5-0-RC2,
netbsd-5-0-RC1,
netbsd-5-0-2-RELEASE,
netbsd-5-0-1-RELEASE,
netbsd-5-0,
netbsd-5,
netbsd-4-base,
netbsd-4-0-RELEASE,
netbsd-4-0-RC5,
netbsd-4-0-RC4,
netbsd-4-0-RC3,
netbsd-4-0-RC2,
netbsd-4-0-RC1,
netbsd-4-0-1-RELEASE,
netbsd-4-0,
netbsd-4,
mjf-devfs2-base,
mjf-devfs2,
matt-nb5-pq3-base,
matt-nb5-pq3,
matt-nb5-mips64-u2-k2-k4-k7-k8-k9,
matt-nb5-mips64-u1-k1-k5,
matt-nb5-mips64-premerge-20101231,
matt-nb5-mips64-premerge-20091211,
matt-nb5-mips64-k15,
matt-nb5-mips64,
matt-nb4-mips64-k7-u2a-k9b,
matt-mips64-base2,
matt-mips64-base,
matt-mips64,
matt-armv6-prevmlocking,
matt-armv6-nbase,
matt-armv6-base,
matt-armv6,
keiichi-mipv6-nbase,
keiichi-mipv6-base,
keiichi-mipv6,
hpcarm-cleanup-nbase,
hpcarm-cleanup-base,
hpcarm-cleanup,
cube-autoconf-base,
cube-autoconf,
chap-midi-nbase,
chap-midi-base,
chap-midi,
abandoned-netbsd-4-base,
abandoned-netbsd-4
Branch point for: jym-xensuspend
Changes since 1.11: +15 -15
lines
Diff to previous 1.11 (colored)
u_intN_t -> uintN_t
Revision 1.11 / (download) - annotate - [select for diffs], Tue Aug 20 00:48:31 2002 UTC (20 years, 9 months ago) by enami
Branch: MAIN
CVS Tags: netbsd-3-base,
netbsd-3-1-RELEASE,
netbsd-3-1-RC4,
netbsd-3-1-RC3,
netbsd-3-1-RC2,
netbsd-3-1-RC1,
netbsd-3-1-1-RELEASE,
netbsd-3-1,
netbsd-3-0-RELEASE,
netbsd-3-0-RC6,
netbsd-3-0-RC5,
netbsd-3-0-RC4,
netbsd-3-0-RC3,
netbsd-3-0-RC2,
netbsd-3-0-RC1,
netbsd-3-0-3-RELEASE,
netbsd-3-0-2-RELEASE,
netbsd-3-0-1-RELEASE,
netbsd-3-0,
netbsd-3,
netbsd-2-base,
netbsd-2-1-RELEASE,
netbsd-2-1-RC6,
netbsd-2-1-RC5,
netbsd-2-1-RC4,
netbsd-2-1-RC3,
netbsd-2-1-RC2,
netbsd-2-1-RC1,
netbsd-2-1,
netbsd-2-0-base,
netbsd-2-0-RELEASE,
netbsd-2-0-RC5,
netbsd-2-0-RC4,
netbsd-2-0-RC3,
netbsd-2-0-RC2,
netbsd-2-0-RC1,
netbsd-2-0-3-RELEASE,
netbsd-2-0-2-RELEASE,
netbsd-2-0-1-RELEASE,
netbsd-2-0,
netbsd-2,
fvdl_fs64_base
Changes since 1.10: +3 -1
lines
Diff to previous 1.10 (colored)
Mention RND_TYPE_RNG.
Revision 1.10 / (download) - annotate - [select for diffs], Wed Feb 13 08:17:44 2002 UTC (21 years, 3 months ago) by ross
Branch: MAIN
CVS Tags: netbsd-1-6-base,
netbsd-1-6-RELEASE,
netbsd-1-6-RC3,
netbsd-1-6-RC2,
netbsd-1-6-RC1,
netbsd-1-6-PATCH002-RELEASE,
netbsd-1-6-PATCH002-RC4,
netbsd-1-6-PATCH002-RC3,
netbsd-1-6-PATCH002-RC2,
netbsd-1-6-PATCH002-RC1,
netbsd-1-6-PATCH002,
netbsd-1-6-PATCH001-RELEASE,
netbsd-1-6-PATCH001-RC3,
netbsd-1-6-PATCH001-RC2,
netbsd-1-6-PATCH001-RC1,
netbsd-1-6-PATCH001,
netbsd-1-6
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored)
Generate <>& symbolically. I'm avoiding .../dist/... directories for now.
Revision 1.9 / (download) - annotate - [select for diffs], Sat Sep 22 16:03:58 2001 UTC (21 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored)
Sort SEE ALSO, and paragraph fixes.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 11 00:08:29 2001 UTC (21 years, 8 months ago) by wiz
Branch: MAIN
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Use standard section headers; uppercase .Sh argument; remove quotes in .Sh arguments.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jun 11 01:23:24 2001 UTC (21 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.6: +3 -3
lines
Diff to previous 1.6 (colored)
Typos and whitespace fixes.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jul 5 15:45:34 2000 UTC (22 years, 11 months ago) by msaitoh
Branch: MAIN
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
remove extra period in SEE ALL section
Revision 1.5 / (download) - annotate - [select for diffs], Tue Mar 16 01:19:17 1999 UTC (24 years, 2 months ago) by garbled
Branch: MAIN
CVS Tags: wrstuden-devbsize-base,
wrstuden-devbsize-19991221,
wrstuden-devbsize,
netbsd-1-5-base,
netbsd-1-5-RELEASE,
netbsd-1-5-PATCH003,
netbsd-1-5-PATCH002,
netbsd-1-5-PATCH001,
netbsd-1-5-BETA2,
netbsd-1-5-BETA,
netbsd-1-5-ALPHA2,
netbsd-1-5,
netbsd-1-4-base,
netbsd-1-4-RELEASE,
netbsd-1-4-PATCH003,
netbsd-1-4-PATCH002,
netbsd-1-4-PATCH001,
netbsd-1-4,
minoura-xpg4dl-base,
minoura-xpg4dl,
comdex-fall-1999-base,
comdex-fall-1999
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored)
More and more of .Os cleanups. .Os is defined in the tmac.doc-common file, so we shouldn't override it with versions in the manpages. Many more to come.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Feb 28 17:08:05 1999 UTC (24 years, 3 months ago) by explorer
Branch: MAIN
Changes since 1.3: +7 -29
lines
Diff to previous 1.3 (colored)
Update to slightly altered rnd_attach_source() api
Revision 1.3 / (download) - annotate - [select for diffs], Tue Nov 4 05:50:54 1997 UTC (25 years, 7 months ago) by explorer
Branch: MAIN
Changes since 1.2: +4 -1
lines
Diff to previous 1.2 (colored)
add experimental warning
Revision 1.2.2.1 / (download) - annotate - [select for diffs], Tue Nov 4 05:48:51 1997 UTC (25 years, 7 months ago) by explorer
Branch: netbsd-1-3
CVS Tags: netbsd-1-3-RELEASE,
netbsd-1-3-PATCH003-CANDIDATE2,
netbsd-1-3-PATCH003-CANDIDATE1,
netbsd-1-3-PATCH003-CANDIDATE0,
netbsd-1-3-PATCH003,
netbsd-1-3-PATCH002,
netbsd-1-3-PATCH001,
netbsd-1-3-BETA
Changes since 1.2: +4 -1
lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
add experimental warning
Revision 1.2 / (download) - annotate - [select for diffs], Wed Oct 15 14:16:17 1997 UTC (25 years, 7 months ago) by is
Branch: MAIN
CVS Tags: netbsd-1-3-base
Branch point for: netbsd-1-3
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
fix permissions
Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 15 07:00:20 1997 UTC (25 years, 7 months ago) by explorer
Branch: MAIN
add a man page for user-level code and a little about the random internals