![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / src / sys / kern
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.7.2.3 / (download) - annotate - [select for diffs], Wed May 23 10:08:11 2012 UTC (2 days, 21 hours ago) by yamt
Branch: yamt-pagecache
Changes since 1.7.2.2: +99 -45
lines
Diff to previous 1.7.2.2 (colored) to branchpoint 1.7 (colored) next main 1.8 (colored)
sync with head.
Revision 1.5.2.3 / (download) - annotate - [select for diffs], Mon May 21 16:49:54 2012 UTC (4 days, 14 hours ago) by jdc
Branch: netbsd-6
Changes since 1.5.2.2: +29 -17
lines
Diff to previous 1.5.2.2 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)
Pull up: revision 1.10 src/sys/dev/rndpseudo.c revision 1.9 src/sys/kern/subr_cprng.c (requested by tls in ticket 273). Fix two problems that could cause /dev/random to not wake up readers when entropy became available.
Revision 1.9 / (download) - annotate - [select for diffs], Sat May 19 16:00:41 2012 UTC (6 days, 15 hours ago) by tls
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
HEAD
Changes since 1.8: +29 -17
lines
Diff to previous 1.8 (colored)
Fix two problems that could cause /dev/random to not wake up readers when entropy became available.
Revision 1.4.2.2 / (download) - annotate - [select for diffs], Sun Apr 29 23:05:05 2012 UTC (3 weeks, 5 days ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.4.2.1: +81 -30
lines
Diff to previous 1.4.2.1 (colored) to branchpoint 1.4 (colored) next main 1.5 (colored)
sync to latest -current.
Revision 1.5.2.2 / (download) - annotate - [select for diffs], Fri Apr 20 23:35:20 2012 UTC (5 weeks ago) by riz
Branch: netbsd-6
Changes since 1.5.2.1: +72 -30
lines
Diff to previous 1.5.2.1 (colored) to branchpoint 1.5 (colored)
Pull up following revision(s) (requested by tls in ticket #190): sys/sys/rnd.h: revision 1.31 sys/sys/rnd.h: revision 1.32 sys/sys/cprng.h: revision 1.5 sys/kern/subr_cprng.c: revision 1.8 share/man/man4/rnd.4: revision 1.19 sys/kern/kern_rndq.c: revision 1.3 sys/dev/rndpseudo.c: revision 1.8 sys/dev/rndpseudo.c: revision 1.9 sys/kern/kern_rndpool.c: revision 1.2 Address multiple problems with rnd(4)/cprng(9): 1) Add a per-cpu CPRNG to handle short reads from /dev/urandom so that programs like perl don't drain the entropy pool dry by repeatedly opening, reading 4 bytes, closing. 2) Really fix the locking around reseeds and destroys. 3) Fix the opportunistic-reseed strategy so it actually works, reseeding existing RNGs once each (as they are used, so idle RNGs don't get reseeded) until the pool is half empty or newly full again. Fix a bug and a compilation problem. Bug: spin mutexes don't have owners, so KASSERT(!mutex_owned()) shouldn't be used to assert that the current LWP does not have the mutex. Compilation problem: explicitly include sys/mutex.h from rnd.h so evbarm builds again.
Revision 1.5.2.1 / (download) - annotate - [select for diffs], Thu Apr 19 19:59:10 2012 UTC (5 weeks, 1 day ago) by riz
Branch: netbsd-6
Changes since 1.5: +13 -4
lines
Diff to previous 1.5 (colored)
Pull up following revision(s) (requested by tls in ticket #185): sys/kern/subr_cprng.c: revision 1.6 sys/kern/subr_cprng.c: revision 1.7 sys/lib/libkern/arc4random.c: revision 1.32 sys/kern/kern_rndq.c: revision 1.2 sys/dev/rndpseudo.c: revision 1.7 sys/sys/rnd.h: revision 1.30 Add a spin mutex to the rndsink structure; it is used to avoid lock ordering and sleep-holding-locks problems when rekeying, and thus to avoid a nasty race between cprng destruction and reseeding. Fix LOCKDEBUG problems pointed out by drochner@ 1) Lock ordering in cprng_strong_destroy had us take a spin mutex then an adaptive mutex. Can't do that. Reordering this requires changing cprng_strong_reseed to tryenter the cprng's own mutex and skip the reseed on failure, or we could deadlock. 2) Can't free memory with a valid mutex in it. reorder initialization to improve error handling in case the system runs out of file descriptors, avoids LOCKDEBUG panic due to double mutex initialization
Revision 1.8 / (download) - annotate - [select for diffs], Tue Apr 17 02:50:39 2012 UTC (5 weeks, 4 days ago) by tls
Branch: MAIN
CVS Tags: jmcneill-usbmp-base9
Changes since 1.7: +72 -30
lines
Diff to previous 1.7 (colored)
Address multiple problems with rnd(4)/cprng(9): 1) Add a per-cpu CPRNG to handle short reads from /dev/urandom so that programs like perl don't drain the entropy pool dry by repeatedly opening, reading 4 bytes, closing. 2) Really fix the locking around reseeds and destroys. 3) Fix the opportunistic-reseed strategy so it actually works, reseeding existing RNGs once each (as they are used, so idle RNGs don't get reseeded) until the pool is half empty or newly full again.
Revision 1.7.2.2 / (download) - annotate - [select for diffs], Tue Apr 17 00:08:27 2012 UTC (5 weeks, 4 days ago) by yamt
Branch: yamt-pagecache
Changes since 1.7.2.1: +328 -0
lines
Diff to previous 1.7.2.1 (colored) to branchpoint 1.7 (colored)
sync with head
Revision 1.7.2.1, Tue Apr 10 15:12:40 2012 UTC (6 weeks, 3 days ago) by yamt
Branch: yamt-pagecache
Changes since 1.7: +0 -328
lines
FILE REMOVED
file subr_cprng.c was added on branch yamt-pagecache on 2012-04-17 00:08:27 +0000
Revision 1.7 / (download) - annotate - [select for diffs], Tue Apr 10 15:12:40 2012 UTC (6 weeks, 3 days ago) by tls
Branch: MAIN
CVS Tags: yamt-pagecache-base4
Branch point for: yamt-pagecache
Changes since 1.6: +8 -4
lines
Diff to previous 1.6 (colored)
Fix LOCKDEBUG problems pointed out by drochner@ 1) Lock ordering in cprng_strong_destroy had us take a spin mutex then an adaptive mutex. Can't do that. Reordering this requires changing cprng_strong_reseed to tryenter the cprng's own mutex and skip the reseed on failure, or we could deadlock. 2) Can't free memory with a valid mutex in it.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Apr 10 14:02:28 2012 UTC (6 weeks, 3 days ago) by tls
Branch: MAIN
Changes since 1.5: +8 -3
lines
Diff to previous 1.5 (colored)
Add a spin mutex to the rndsink structure; it is used to avoid lock ordering and sleep-holding-locks problems when rekeying, and thus to avoid a nasty race between cprng destruction and reseeding.
Revision 1.4.2.1 / (download) - annotate - [select for diffs], Sat Feb 18 07:35:32 2012 UTC (3 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.4: +77 -66
lines
Diff to previous 1.4 (colored)
merge to -current.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Dec 17 20:05:39 2011 UTC (5 months, 1 week ago) by tls
Branch: MAIN
CVS Tags: netbsd-6-base,
jmcneill-usbmp-base8,
jmcneill-usbmp-base7,
jmcneill-usbmp-base6,
jmcneill-usbmp-base5,
jmcneill-usbmp-base4,
jmcneill-usbmp-base3,
jmcneill-usbmp-base2
Branch point for: netbsd-6
Changes since 1.4: +77 -66
lines
Diff to previous 1.4 (colored)
Separate /dev/random pseudodevice implemenation from kernel entropy pool implementation. Rewrite pseudodevice code to use cprng_strong(9). The new pseudodevice is cloning, so each caller gets bits from a stream generated with its own key. Users of /dev/urandom get their generators keyed on a "best effort" basis -- the kernel will rekey generators whenever the entropy pool hits the high water mark -- while users of /dev/random get their generators rekeyed every time key-length bits are output. The underlying cprng_strong API can use AES-256 or AES-128, but we use AES-128 because of concerns about related-key attacks on AES-256. This improves performance (and reduces entropy pool depletion) significantly for users of /dev/urandom but does cause users of /dev/random to rekey twice as often. Also fixes various bugs (including some missing locking and a reseed-counter overflow in the CTR_DRBG code) found while testing this. For long reads, this generator is approximately 20 times as fast as the old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of 2.5MB/sec) and also uses a separate mutex per instance so concurrency is greatly improved. For reads of typical key sizes for modern cryptosystems (16-32 bytes) performance is about the same as the old code: a little better for 32 bytes, a little worse for 16 bytes.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Nov 29 21:48:22 2011 UTC (5 months, 3 weeks ago) by njoly
Branch: MAIN
CVS Tags: jmcneill-usbmp-pre-base2,
jmcneill-usbmp-base
Branch point for: jmcneill-usbmp
Changes since 1.3: +3 -3
lines
Diff to previous 1.3 (colored)
One semicolon is enough.
Revision 1.3 / (download) - annotate - [select for diffs], Tue Nov 29 03:50:31 2011 UTC (5 months, 3 weeks ago) by tls
Branch: MAIN
Changes since 1.2: +3 -2
lines
Diff to previous 1.2 (colored)
Remove rnd_extract_data from the public kernel API (it is for use by the stream generators only). Clean up some related minor issues.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Nov 21 13:44:38 2011 UTC (6 months ago) by tsutsui
Branch: MAIN
Changes since 1.1: +4 -2
lines
Diff to previous 1.1 (colored)
Include MD <machine/cpu_counter.h> only if defined(__HAVE_CPU_COUNTER). XXX: Why not timecounter(9) but deprecated cpu_counter32() and microtime(9)?
Revision 1.1 / (download) - annotate - [select for diffs], Sat Nov 19 22:51:25 2011 UTC (6 months ago) by tls
Branch: MAIN
First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following: An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time. A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available. The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time. An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm. A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream. An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice. In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve. The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component. The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run. A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl. The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet. Manual pages for the new kernel interfaces are forthcoming.