The NetBSD Project

CVS log for src/share/man/man4/rnd.4

[BACK] Up to [cvs.NetBSD.org] / src / share / man / man4

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.40.2.1 / (download) - annotate - [select for diffs], Fri Aug 11 14:35:24 2023 UTC (8 months, 1 week ago) by martin
Branch: netbsd-10
CVS Tags: netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1
Changes since 1.40: +8 -2 lines
Diff to previous 1.40 (colored) next main 1.41 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by riastradh in ticket #319):

	sys/dev/pci/ubsec.c: revision 1.64
	sys/dev/pci/hifn7751.c: revision 1.82
	lib/libc/gen/getentropy.3: revision 1.5
	lib/libc/gen/getentropy.3: revision 1.6
	share/man/man4/rnd.4: revision 1.41
	lib/libc/sys/getrandom.2: revision 1.2
	lib/libc/sys/getrandom.2: revision 1.3
	share/man/man5/rc.conf.5: revision 1.193
	share/man/man7/entropy.7: revision 1.5
	share/man/man7/entropy.7: revision 1.6
	share/man/man7/entropy.7: revision 1.7
	share/man/man7/entropy.7: revision 1.8
	etc/security: revision 1.130
	share/man/man7/entropy.7: revision 1.9
	etc/security: revision 1.131
	sys/crypto/cprng_fast/cprng_fast.c: revision 1.19
	sys/sys/rndio.h: revision 1.3
	tests/lib/libc/sys/t_getrandom.c: revision 1.5
	etc/defaults/rc.conf: revision 1.164
	etc/defaults/rc.conf: revision 1.165
	sys/sys/rndsource.h: revision 1.10
	sys/kern/kern_entropy.c: revision 1.62
	sys/kern/kern_entropy.c: revision 1.63
	sys/kern/kern_entropy.c: revision 1.64
	sys/kern/subr_cprng.c: revision 1.44
	sys/kern/kern_entropy.c: revision 1.65
	sys/kern/kern_clock.c: revision 1.149
	sys/dev/pci/viornd.c: revision 1.22
	share/man/man9/rnd.9: revision 1.32
	sys/kern/subr_prf.c: revision 1.202
	sys/sys/rndsource.h: revision 1.8
	sys/sys/rndsource.h: revision 1.9
	share/man/man7/entropy.7: revision 1.10

1. Reinstate netbsd<=9 entropy estimator to unblock /dev/random, in
   parallel with assessment of only confident entropy sources (seed,
   HWRNG) for security warnings like sshd keys in motd and daily
   insecurity report.

2. Make multiuser boot wait for first /dev/random output soon after
   loading a seed and configuring rndctl, so that getentropy(3) meets
   its contract starting early at boot without introducing blocking
   paths that could cause hangs in init(8) or single-user mode.
   Operators can choose to disable this wait in rc.conf.

3. Fix some bugs left over from reducing the global entropy lock from
   a spin lock at IPL_VM to an adaptive lock at IPL_SOFTSERIAL.

4. Update man pages.

Revision 1.41 / (download) - annotate - [select for diffs], Mon Aug 7 06:27:37 2023 UTC (8 months, 1 week ago) by riastradh
Branch: MAIN
CVS Tags: HEAD
Changes since 1.40: +8 -2 lines
Diff to previous 1.40 (colored) to selected 1.15 (colored) 

rnd(4): Document `entropy: best effort' in random(4).

Revision 1.40 / (download) - annotate - [select for diffs], Sun Mar 20 18:19:57 2022 UTC (2 years, 1 month ago) by riastradh
Branch: MAIN
CVS Tags: netbsd-10-base
Branch point for: netbsd-10
Changes since 1.39: +4 -16 lines
Diff to previous 1.39 (colored) to selected 1.15 (colored) 

entropy(9): Improve entropy warning messages and documentation.

- For the main warning message, use less jargon, say `security', and
  cite the entropy(7) man page for further reading.  Document this in
  rnd(4) and entropy(7).

- For the debug-only warning message, say `entropy' only once and omit
  it from the rnd(4) man page -- it's not very important unless you're
  debugging the kernel in which case you probably know what you're
  doing enough to not need the text explained in the man page.

Revision 1.39 / (download) - annotate - [select for diffs], Tue Apr 6 22:12:16 2021 UTC (3 years ago) by riastradh
Branch: MAIN
CVS Tags: cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Changes since 1.38: +1 -4 lines
Diff to previous 1.38 (colored) to selected 1.15 (colored) 

Remove sentence that has not been true since netbsd-6.

ioctl(RNDADDDATA) is not the only way to raise the entropy estimate;
privileged writes to /dev/random have the same effect.

Revision 1.38 / (download) - annotate - [select for diffs], Fri Feb 12 01:52:09 2021 UTC (3 years, 2 months ago) by riastradh
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored) to selected 1.15 (colored) 

rnd(4): Consistently call it the `global pool'.

The `ready pool' is a term I used in a draft that I never committed.

Revision 1.37 / (download) - annotate - [select for diffs], Fri Jan 15 15:54:20 2021 UTC (3 years, 3 months ago) by riastradh
Branch: MAIN
Changes since 1.36: +2 -1 lines
Diff to previous 1.36 (colored) to selected 1.15 (colored) 

rnd(4): Fix formatting of authors paragraph with `.An -nosplit'.

Revision 1.36 / (download) - annotate - [select for diffs], Sun Jan 10 23:24:25 2021 UTC (3 years, 3 months ago) by riastradh
Branch: MAIN
Changes since 1.35: +2 -1 lines
Diff to previous 1.35 (colored) to selected 1.15 (colored) 

Various entropy integration improvements.

- New /etc/security check for entropy in daily security report.

- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
  check for entropy at boot -- in rc.conf, you can:

  . set `entropy=check' to halt multiuser boot and enter single-user
    mode if not enough entropy

  . set `entropy=wait' to make multiuser boot wait until enough entropy

  Default is to always boot without waiting -- and rely on other
  channels like security report to alert the operator if there's a
  problem.

- New man page entropy(7) discussing the higher-level concepts and
  system integration with cross-references.

- New paragraph in afterboot(8) about entropy citing entropy(7) for
  more details.

This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.

I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
  users who have power to affect the entropy estimate (maybe it is,
  just haven't decided).
- We only have a mechanism for changing once at boot; the message would
  remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
  conditionally from boot to boot.

Revision 1.35 / (download) - annotate - [select for diffs], Wed May 6 18:38:20 2020 UTC (3 years, 11 months ago) by riastradh
Branch: MAIN
Changes since 1.34: +4 -3 lines
Diff to previous 1.34 (colored) to selected 1.15 (colored) 

Update to reflect change to message.

Revision 1.34 / (download) - annotate - [select for diffs], Mon May 4 15:10:40 2020 UTC (3 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.33: +6 -5 lines
Diff to previous 1.33 (colored) to selected 1.15 (colored) 

Break line after macro arguments end. Use \- for minus.

Revision 1.33 / (download) - annotate - [select for diffs], Fri May 1 19:56:08 2020 UTC (3 years, 11 months ago) by riastradh
Branch: MAIN
Changes since 1.32: +1 -3 lines
Diff to previous 1.32 (colored) to selected 1.15 (colored) 

Combine some related paragraphs.

Revision 1.32 / (download) - annotate - [select for diffs], Fri May 1 19:54:37 2020 UTC (3 years, 11 months ago) by riastradh
Branch: MAIN
Changes since 1.31: +19 -23 lines
Diff to previous 1.31 (colored) to selected 1.15 (colored) 

Tighten language so it fits in one paragraph again.

This way the first two paragraphs have parallel structure:

- _Applications_ should read from /dev/urandom or sysctl kern.arandom...
- _Systems_ should be engineered to read once from /dev/random...

Revision 1.31 / (download) - annotate - [select for diffs], Fri May 1 12:43:33 2020 UTC (3 years, 11 months ago) by nia
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored) to selected 1.15 (colored) 

rnd.4: Bump dates.

Revision 1.30 / (download) - annotate - [select for diffs], Fri May 1 12:30:16 2020 UTC (3 years, 11 months ago) by nia
Branch: MAIN
Changes since 1.29: +26 -3 lines
Diff to previous 1.29 (colored) to selected 1.15 (colored) 

rnd.4: Explain why libraries should use kern.arandom over /dev/urandom

Revision 1.29 / (download) - annotate - [select for diffs], Thu Apr 30 03:28:18 2020 UTC (3 years, 11 months ago) by riastradh
Branch: MAIN
Changes since 1.28: +238 -125 lines
Diff to previous 1.28 (colored) to selected 1.15 (colored) 

Rewrite entropy subsystem.

Primary goals:

1. Use cryptography primitives designed and vetted by cryptographers.
2. Be honest about entropy estimation.
3. Propagate full entropy as soon as possible.
4. Simplify the APIs.
5. Reduce overhead of rnd_add_data and cprng_strong.
6. Reduce side channels of HWRNG data and human input sources.
7. Improve visibility of operation with sysctl and event counters.

Caveat: rngtest is no longer used generically for RND_TYPE_RNG
rndsources.  Hardware RNG devices should have hardware-specific
health tests.  For example, checking for two repeated 256-bit outputs
works to detect AMD's 2019 RDRAND bug.  Not all hardware RNGs are
necessarily designed to produce exactly uniform output.

ENTROPY POOL

- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1
  kludge as the cryptographic primitive.

- `Entropy depletion' is available for testing purposes with a sysctl
  knob kern.entropy.depletion; otherwise it is disabled, and once the
  system reaches full entropy it is assumed to stay there as far as
  modern cryptography is concerned.

- No `entropy estimation' based on sample values.  Such `entropy
  estimation' is a contradiction in terms, dishonest to users, and a
  potential source of side channels.  It is the responsibility of the
  driver author to study the entropy of the process that generates
  the samples.

- Per-CPU gathering pools avoid contention on a global queue.

- Entropy is occasionally consolidated into global pool -- as soon as
  it's ready, if we've never reached full entropy, and with a rate
  limit afterward.  Operators can force consolidation now by running
  sysctl -w kern.entropy.consolidate=1.

- rndsink(9) API has been replaced by an epoch counter which changes
  whenever entropy is consolidated into the global pool.
  . Usage: Cache entropy_epoch() when you seed.  If entropy_epoch()
    has changed when you're about to use whatever you seeded, reseed.
  . Epoch is never zero, so initialize cache to 0 if you want to reseed
    on first use.
  . Epoch is -1 iff we have never reached full entropy -- in other
    words, the old rnd_initial_entropy is (entropy_epoch() != -1) --
    but it is better if you check for changes rather than for -1, so
    that if the system estimated its own entropy incorrectly, entropy
    consolidation has the opportunity to prevent future compromise.

- Sysctls and event counters provide operator visibility into what's
  happening:
  . kern.entropy.needed - bits of entropy short of full entropy
  . kern.entropy.pending - bits known to be pending in per-CPU pools,
    can be consolidated with sysctl -w kern.entropy.consolidate=1
  . kern.entropy.epoch - number of times consolidation has happened,
    never 0, and -1 iff we have never reached full entropy

CPRNG_STRONG

- A cprng_strong instance is now a collection of per-CPU NIST
  Hash_DRBGs.  There are only two in the system: user_cprng for
  /dev/urandom and sysctl kern.?random, and kern_cprng for kernel
  users which may need to operate in interrupt context up to IPL_VM.

  (Calling cprng_strong in interrupt context does not strike me as a
  particularly good idea, so I added an event counter to see whether
  anything actually does.)

- Event counters provide operator visibility into when reseeding
  happens.

INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)

- Unwired for now; will be rewired in a subsequent commit.

Revision 1.24.12.1 / (download) - annotate - [select for diffs], Mon Apr 13 08:03:25 2020 UTC (4 years ago) by martin
Branch: phil-wifi
Changes since 1.24: +33 -59 lines
Diff to previous 1.24 (colored) next main 1.25 (colored) to selected 1.15 (colored) 

Mostly merge changes from HEAD upto 20200411

Revision 1.24.14.1 / (download) - annotate - [select for diffs], Sun Dec 8 13:16:53 2019 UTC (4 years, 4 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2
Changes since 1.24: +33 -59 lines
Diff to previous 1.24 (colored) next main 1.25 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by riastradh in ticket #504):

	share/man/man4/rnd.4: revision 1.26
	share/man/man4/rnd.4: revision 1.27
	share/man/man4/rnd.4: revision 1.28
	share/man/man4/rnd.4: revision 1.25

Update man page to reflect switch from CTR_DRBG to Hash_DRBG.

Replace slightly wrong rant by shorter and slightly less long rant.
(If X and Y in Z/2Z are independent, then so are X and X+Y.  What was
I thinking.)

Update NIST SP800-90A reference.

New sentence, new line. Use \(em.

Revision 1.24.4.1 / (download) - annotate - [select for diffs], Thu Dec 5 16:57:11 2019 UTC (4 years, 4 months ago) by bouyer
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE
Changes since 1.24: +33 -59 lines
Diff to previous 1.24 (colored) next main 1.25 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by riastradh in ticket #1467):
	share/man/man4/rnd.4: revision 1.26
	share/man/man4/rnd.4: revision 1.27
	share/man/man4/rnd.4: revision 1.28
	share/man/man4/rnd.4: revision 1.25
Update man page to reflect switch from CTR_DRBG to Hash_DRBG.
Replace slightly wrong rant by shorter and slightly less long rant.
(If X and Y in Z/2Z are independent, then so are X and X+Y.  What was
I thinking.)
Update NIST SP800-90A reference.
New sentence, new line. Use \(em.

Revision 1.20.10.2 / (download) - annotate - [select for diffs], Thu Dec 5 16:29:23 2019 UTC (4 years, 4 months ago) by bouyer
Branch: netbsd-7
Changes since 1.20.10.1: +33 -59 lines
Diff to previous 1.20.10.1 (colored) to branchpoint 1.20 (colored) next main 1.21 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by riastradh in ticket #1715):
        share/man/man4/rnd.4: revision 1.26
        share/man/man4/rnd.4: revision 1.27
        share/man/man4/rnd.4: revision 1.28
        share/man/man4/rnd.4: revision 1.25
Update man page to reflect switch from CTR_DRBG to Hash_DRBG.
Replace slightly wrong rant by shorter and slightly less long rant.
(If X and Y in Z/2Z are independent, then so are X and X+Y.  What was
I thinking.)
Update NIST SP800-90A reference.
New sentence, new line. Use \(em.

Revision 1.20.10.1.6.1 / (download) - annotate - [select for diffs], Thu Dec 5 16:24:28 2019 UTC (4 years, 4 months ago) by bouyer
Branch: netbsd-7-1
Changes since 1.20.10.1: +33 -59 lines
Diff to previous 1.20.10.1 (colored) next main 1.20.10.2 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by riastradh in ticket #1715):
	share/man/man4/rnd.4: revision 1.26
	share/man/man4/rnd.4: revision 1.27
	share/man/man4/rnd.4: revision 1.28
	share/man/man4/rnd.4: revision 1.25
Update man page to reflect switch from CTR_DRBG to Hash_DRBG.
Replace slightly wrong rant by shorter and slightly less long rant.
(If X and Y in Z/2Z are independent, then so are X and X+Y.  What was
I thinking.)
Update NIST SP800-90A reference.
New sentence, new line. Use \(em.

Revision 1.20.10.1.2.1 / (download) - annotate - [select for diffs], Thu Dec 5 16:23:22 2019 UTC (4 years, 4 months ago) by bouyer
Branch: netbsd-7-0
Changes since 1.20.10.1: +33 -59 lines
Diff to previous 1.20.10.1 (colored) next main 1.20.10.2 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by riastradh in ticket #1715):
	share/man/man4/rnd.4: revision 1.26
	share/man/man4/rnd.4: revision 1.27
	share/man/man4/rnd.4: revision 1.28
	share/man/man4/rnd.4: revision 1.25
Update man page to reflect switch from CTR_DRBG to Hash_DRBG.
Replace slightly wrong rant by shorter and slightly less long rant.
(If X and Y in Z/2Z are independent, then so are X and X+Y.  What was
I thinking.)
Update NIST SP800-90A reference.
New sentence, new line. Use \(em.

Revision 1.28 / (download) - annotate - [select for diffs], Wed Sep 4 05:37:06 2019 UTC (4 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, is-mlppp-base, is-mlppp
Changes since 1.27: +7 -6 lines
Diff to previous 1.27 (colored) to selected 1.15 (colored) 

New sentence, new line. Use \(em.

Revision 1.27 / (download) - annotate - [select for diffs], Wed Sep 4 04:03:25 2019 UTC (4 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.26: +4 -4 lines
Diff to previous 1.26 (colored) to selected 1.15 (colored) 

Update NIST SP800-90A reference.

Revision 1.26 / (download) - annotate - [select for diffs], Wed Sep 4 04:00:04 2019 UTC (4 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.25: +21 -48 lines
Diff to previous 1.25 (colored) to selected 1.15 (colored) 

Replace slightly wrong rant by shorter and slightly less long rant.

(If X and Y in Z/2Z are independent, then so are X and X+Y.  What was
I thinking.)

Revision 1.25 / (download) - annotate - [select for diffs], Wed Sep 4 03:15:20 2019 UTC (4 years, 7 months ago) by riastradh
Branch: MAIN
Changes since 1.24: +7 -7 lines
Diff to previous 1.24 (colored) to selected 1.15 (colored) 

Update man page to reflect switch from CTR_DRBG to Hash_DRBG.

Revision 1.23.4.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:53:15 2017 UTC (6 years, 11 months ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored) next main 1.24 (colored) to selected 1.15 (colored) 

Sync with HEAD

Revision 1.23.2.1 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:03 2017 UTC (7 years, 1 month ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored) next main 1.24 (colored) to selected 1.15 (colored) 

Sync with HEAD

Revision 1.24 / (download) - annotate - [select for diffs], Wed Jan 18 22:38:00 2017 UTC (7 years, 3 months ago) by abhinav
Branch: MAIN
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, phil-wifi-base, phil-wifi-20190609, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-compat-merge-20190127, pgoyette-compat-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, pgoyette-compat, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-9-base, netbsd-9-0-RC1, netbsd-8-base, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1, matt-nb8-mediatek-base, matt-nb8-mediatek, bouyer-socketcan-base1
Branch point for: phil-wifi, netbsd-9, netbsd-8
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored) to selected 1.15 (colored) 

Fix couple of typos:
	s/intractible/intractable
	s/contiuously/continuously

Revision 1.23 / (download) - annotate - [select for diffs], Fri May 6 03:04:14 2016 UTC (7 years, 11 months ago) by riastradh
Branch: MAIN
CVS Tags: pgoyette-localcount-base, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, localcount-20160914, bouyer-socketcan-base
Branch point for: pgoyette-localcount, bouyer-socketcan
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored) to selected 1.15 (colored) 

Correct rc.conf variable for random seed.

Note that it is enabled by default.

Revision 1.22 / (download) - annotate - [select for diffs], Mon Apr 13 22:23:54 2015 UTC (9 years ago) by riastradh
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored) to selected 1.15 (colored) 

Update header file references in rnd man pages.

Revision 1.20.10.1 / (download) - annotate - [select for diffs], Wed Mar 18 07:54:26 2015 UTC (9 years, 1 month ago) by snj
Branch: netbsd-7
CVS Tags: netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE
Branch point for: netbsd-7-1, netbsd-7-0
Changes since 1.20: +545 -286 lines
Diff to previous 1.20 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by riastradh in ticket #603):
	share/man/man4/rnd.4: revision 1.21
Rewrite /dev/random man page.
- Describe application usage up front.
- State the security model.
- Explain entropy.
- Describe current implementation strategy near the bottom.

Revision 1.21 / (download) - annotate - [select for diffs], Wed Jan 7 18:50:18 2015 UTC (9 years, 3 months ago) by riastradh
Branch: MAIN
Changes since 1.20: +545 -286 lines
Diff to previous 1.20 (colored) to selected 1.15 (colored) 

Rewrite /dev/random man page.

- Describe application usage up front.
- State the security model.
- Explain entropy.
- Describe current implementation strategy near the bottom.

Revision 1.16.8.2 / (download) - annotate - [select for diffs], Wed May 23 10:07:35 2012 UTC (11 years, 10 months ago) by yamt
Branch: yamt-pagecache
CVS Tags: yamt-pagecache-tag8
Changes since 1.16.8.1: +43 -8 lines
Diff to previous 1.16.8.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored) to selected 1.15 (colored) 

sync with head.

Revision 1.18.2.1 / (download) - annotate - [select for diffs], Fri Apr 20 23:35:20 2012 UTC (12 years ago) by riz
Branch: netbsd-6
CVS Tags: netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus
Changes since 1.18: +35 -2 lines
Diff to previous 1.18 (colored) next main 1.19 (colored) to selected 1.15 (colored) 

Pull up following revision(s) (requested by tls in ticket #190):
	sys/sys/rnd.h: revision 1.31
	sys/sys/rnd.h: revision 1.32
	sys/sys/cprng.h: revision 1.5
	sys/kern/subr_cprng.c: revision 1.8
	share/man/man4/rnd.4: revision 1.19
	sys/kern/kern_rndq.c: revision 1.3
	sys/dev/rndpseudo.c: revision 1.8
	sys/dev/rndpseudo.c: revision 1.9
	sys/kern/kern_rndpool.c: revision 1.2
Address multiple problems with rnd(4)/cprng(9):
1) Add a per-cpu CPRNG to handle short reads from /dev/urandom so that
   programs like perl don't drain the entropy pool dry by repeatedly
   opening, reading 4 bytes, closing.
2) Really fix the locking around reseeds and destroys.
3) Fix the opportunistic-reseed strategy so it actually works, reseeding
   existing RNGs once each (as they are used, so idle RNGs don't get
   reseeded) until the pool is half empty or newly full again.
Fix a bug and a compilation problem.  Bug: spin mutexes don't have owners,
so KASSERT(!mutex_owned()) shouldn't be used to assert that the current
LWP does not have the mutex.  Compilation problem: explicitly include
sys/mutex.h from rnd.h so evbarm builds again.

Revision 1.20 / (download) - annotate - [select for diffs], Tue Apr 17 08:28:20 2012 UTC (12 years ago) by wiz
Branch: MAIN
CVS Tags: yamt-pagecache-base9, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, tls-maxphys-base, tls-maxphys, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, netbsd-7-base, agc-symver-base, agc-symver
Branch point for: netbsd-7
Changes since 1.19: +24 -22 lines
Diff to previous 1.19 (colored) to selected 1.15 (colored) 

New sentence, new line.
Sort type descriptions.
Bump date for previous.

Revision 1.19 / (download) - annotate - [select for diffs], Tue Apr 17 02:50:39 2012 UTC (12 years ago) by tls
Branch: MAIN
Changes since 1.18: +35 -2 lines
Diff to previous 1.18 (colored) to selected 1.15 (colored) 

Address multiple problems with rnd(4)/cprng(9):

1) Add a per-cpu CPRNG to handle short reads from /dev/urandom so that
   programs like perl don't drain the entropy pool dry by repeatedly
   opening, reading 4 bytes, closing.

2) Really fix the locking around reseeds and destroys.

3) Fix the opportunistic-reseed strategy so it actually works, reseeding
   existing RNGs once each (as they are used, so idle RNGs don't get
   reseeded) until the pool is half empty or newly full again.

Revision 1.16.8.1 / (download) - annotate - [select for diffs], Tue Apr 17 00:05:46 2012 UTC (12 years ago) by yamt
Branch: yamt-pagecache
Changes since 1.16: +126 -84 lines
Diff to previous 1.16 (colored) to selected 1.15 (colored) 

sync with head

Revision 1.18 / (download) - annotate - [select for diffs], Sat Dec 17 21:21:59 2011 UTC (12 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: yamt-pagecache-base4, netbsd-6-base
Branch point for: netbsd-6
Changes since 1.17: +37 -27 lines
Diff to previous 1.17 (colored) to selected 1.15 (colored) 

New sentence, new line.
Bump date for previous.

Revision 1.17 / (download) - annotate - [select for diffs], Sat Dec 17 20:05:38 2011 UTC (12 years, 4 months ago) by tls
Branch: MAIN
Changes since 1.16: +116 -84 lines
Diff to previous 1.16 (colored) to selected 1.15 (colored) 


Separate /dev/random pseudodevice implemenation from kernel entropy pool
implementation.  Rewrite pseudodevice code to use cprng_strong(9).

The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key.  Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.

The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256.  This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.

Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.

For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved.  For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.

Revision 1.16.2.2 / (download) - annotate - [select for diffs], Mon Mar 22 18:58:32 2010 UTC (14 years, 1 month ago) by joerg
Branch: uebayasi-xip
Changes since 1.16.2.1: +273 -0 lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored) to selected 1.15 (colored) 

Use .In instead of .Aq Pa for header files.

Revision 1.16.2.1, Mon Mar 22 18:58:31 2010 UTC (14 years, 1 month ago) by joerg
Branch: uebayasi-xip
Changes since 1.16: +0 -273 lines
FILE REMOVED 

file rnd.4 was added on branch uebayasi-xip on 2010-03-22 18:58:32 +0000

Revision 1.16 / (download) - annotate - [select for diffs], Mon Mar 22 18:58:31 2010 UTC (14 years, 1 month ago) by joerg
Branch: MAIN
CVS Tags: yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, uebayasi-xip-base7, uebayasi-xip-base6, uebayasi-xip-base5, uebayasi-xip-base4, uebayasi-xip-base3, uebayasi-xip-base2, uebayasi-xip-base1, matt-mips64-premerge-20101231, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2
Branch point for: yamt-pagecache, uebayasi-xip
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored) 

Use .In instead of .Aq Pa for header files.

Revision 1.12.30.1 / (download) - annotate - [select for diffs], Wed May 13 19:19:09 2009 UTC (14 years, 11 months ago) by jym
Branch: jym-xensuspend
Changes since 1.12: +65 -30 lines
Diff to previous 1.12 (colored) next main 1.13 (colored) to selected 1.15 (colored) 

Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html

Revision 1.15 / (download) - annotate - [selected], Sun Mar 15 10:31:44 2009 UTC (15 years, 1 month ago) by joerg
Branch: MAIN
CVS Tags: matt-premerge-20091211, jym-xensuspend-nbase, jym-xensuspend-base
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored) 

Fix markup.

Revision 1.14 / (download) - annotate - [select for diffs], Sun Feb 22 12:18:32 2009 UTC (15 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.13: +46 -29 lines
Diff to previous 1.13 (colored) to selected 1.15 (colored) 

New sentence, new line.
Remove trailing whitespace.

Revision 1.13 / (download) - annotate - [select for diffs], Sun Feb 22 11:04:03 2009 UTC (15 years, 1 month ago) by plunky
Branch: MAIN
Changes since 1.12: +20 -2 lines
Diff to previous 1.12 (colored) to selected 1.15 (colored) 

document the RNDGETPOOLSTAT ioctl.

Revision 1.12 / (download) - annotate - [select for diffs], Mon Dec 26 19:48:12 2005 UTC (18 years, 3 months ago) by perry
Branch: MAIN
CVS Tags: yamt-pf42-baseX, yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, wrstuden-revivesa, wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, wrstuden-fixsa, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, netbsd-4-0-1-RELEASE, netbsd-4-0, netbsd-4, mjf-devfs2-base, mjf-devfs2, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b, matt-mips64-base2, matt-mips64-base, matt-mips64, matt-armv6-prevmlocking, matt-armv6-nbase, matt-armv6-base, matt-armv6, keiichi-mipv6-nbase, keiichi-mipv6-base, keiichi-mipv6, hpcarm-cleanup-nbase, hpcarm-cleanup-base, hpcarm-cleanup, cube-autoconf-base, cube-autoconf, chap-midi-nbase, chap-midi-base, chap-midi, abandoned-netbsd-4-base, abandoned-netbsd-4
Branch point for: jym-xensuspend
Changes since 1.11: +15 -15 lines
Diff to previous 1.11 (colored) to selected 1.15 (colored) 

u_intN_t -> uintN_t

Revision 1.11 / (download) - annotate - [select for diffs], Tue Aug 20 00:48:31 2002 UTC (21 years, 8 months ago) by enami
Branch: MAIN
CVS Tags: netbsd-3-base, netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1, netbsd-3-1-1-RELEASE, netbsd-3-1, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, netbsd-3-0-3-RELEASE, netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE, netbsd-3-0, netbsd-3, netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-1, netbsd-2-0-base, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE, netbsd-2-0, netbsd-2, fvdl_fs64_base
Changes since 1.10: +3 -1 lines
Diff to previous 1.10 (colored) to selected 1.15 (colored) 

Mention RND_TYPE_RNG.

Revision 1.10 / (download) - annotate - [select for diffs], Wed Feb 13 08:17:44 2002 UTC (22 years, 2 months ago) by ross
Branch: MAIN
CVS Tags: netbsd-1-6-base, netbsd-1-6-RELEASE, netbsd-1-6-RC3, netbsd-1-6-RC2, netbsd-1-6-RC1, netbsd-1-6-PATCH002-RELEASE, netbsd-1-6-PATCH002-RC4, netbsd-1-6-PATCH002-RC3, netbsd-1-6-PATCH002-RC2, netbsd-1-6-PATCH002-RC1, netbsd-1-6-PATCH002, netbsd-1-6-PATCH001-RELEASE, netbsd-1-6-PATCH001-RC3, netbsd-1-6-PATCH001-RC2, netbsd-1-6-PATCH001-RC1, netbsd-1-6-PATCH001, netbsd-1-6
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored) to selected 1.15 (colored) 

Generate <>& symbolically. I'm avoiding .../dist/... directories for now.

Revision 1.9 / (download) - annotate - [select for diffs], Sat Sep 22 16:03:58 2001 UTC (22 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored) to selected 1.15 (colored) 

Sort SEE ALSO, and paragraph fixes.

Revision 1.8 / (download) - annotate - [select for diffs], Tue Sep 11 00:08:29 2001 UTC (22 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored) to selected 1.15 (colored) 

Use standard section headers; uppercase .Sh argument; remove quotes in
.Sh arguments.

Revision 1.7 / (download) - annotate - [select for diffs], Mon Jun 11 01:23:24 2001 UTC (22 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored) to selected 1.15 (colored) 

Typos and whitespace fixes.

Revision 1.6 / (download) - annotate - [select for diffs], Wed Jul 5 15:45:34 2000 UTC (23 years, 9 months ago) by msaitoh
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) to selected 1.15 (colored) 

remove extra period in SEE ALL section

Revision 1.5 / (download) - annotate - [select for diffs], Tue Mar 16 01:19:17 1999 UTC (25 years, 1 month ago) by garbled
Branch: MAIN
CVS Tags: wrstuden-devbsize-base, wrstuden-devbsize-19991221, wrstuden-devbsize, netbsd-1-5-base, netbsd-1-5-RELEASE, netbsd-1-5-PATCH003, netbsd-1-5-PATCH002, netbsd-1-5-PATCH001, netbsd-1-5-BETA2, netbsd-1-5-BETA, netbsd-1-5-ALPHA2, netbsd-1-5, netbsd-1-4-base, netbsd-1-4-RELEASE, netbsd-1-4-PATCH003, netbsd-1-4-PATCH002, netbsd-1-4-PATCH001, netbsd-1-4, minoura-xpg4dl-base, minoura-xpg4dl, comdex-fall-1999-base, comdex-fall-1999
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored) to selected 1.15 (colored) 

More and more of .Os cleanups.  .Os is defined in the tmac.doc-common file,
so we shouldn't override it with versions in the manpages.  Many more to
come.

Revision 1.4 / (download) - annotate - [select for diffs], Sun Feb 28 17:08:05 1999 UTC (25 years, 1 month ago) by explorer
Branch: MAIN
Changes since 1.3: +7 -29 lines
Diff to previous 1.3 (colored) to selected 1.15 (colored) 

Update to slightly altered rnd_attach_source() api

Revision 1.3 / (download) - annotate - [select for diffs], Tue Nov 4 05:50:54 1997 UTC (26 years, 5 months ago) by explorer
Branch: MAIN
Changes since 1.2: +4 -1 lines
Diff to previous 1.2 (colored) to selected 1.15 (colored) 

add experimental warning

Revision 1.2.2.1 / (download) - annotate - [select for diffs], Tue Nov 4 05:48:51 1997 UTC (26 years, 5 months ago) by explorer
Branch: netbsd-1-3
CVS Tags: netbsd-1-3-RELEASE, netbsd-1-3-PATCH003-CANDIDATE2, netbsd-1-3-PATCH003-CANDIDATE1, netbsd-1-3-PATCH003-CANDIDATE0, netbsd-1-3-PATCH003, netbsd-1-3-PATCH002, netbsd-1-3-PATCH001, netbsd-1-3-BETA
Changes since 1.2: +4 -1 lines
Diff to previous 1.2 (colored) next main 1.3 (colored) to selected 1.15 (colored) 

add experimental warning

Revision 1.2 / (download) - annotate - [select for diffs], Wed Oct 15 14:16:17 1997 UTC (26 years, 6 months ago) by is
Branch: MAIN
CVS Tags: netbsd-1-3-base
Branch point for: netbsd-1-3
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored) to selected 1.15 (colored) 

fix permissions

Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 15 07:00:20 1997 UTC (26 years, 6 months ago) by explorer
Branch: MAIN
Diff to selected 1.15 (colored) 

add a man page for user-level code and a little about the random internals

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.


CVSweb <webmaster@jp.NetBSD.org>