into the kernel if the "IPSEC" kernel option is given.
The old implementation is still available as KAME_IPSEC.
Do some minimal manpage adjustment -- kame_ipsec(4) is a copy
of the old ipsec(4) and the latter is now a copy of fast_ipsec(4).
Ethernet, SLIP, and PPP being supported, and no network types with
variable-length headers (such as 802.11).
Document BIOCSRSIG and BIOCGRSIG.
From Guy Harris in PR#40703.
implementation. Rewrite pseudodevice code to use cprng_strong(9).
The new pseudodevice is cloning, so each caller gets bits from a stream
generated with its own key. Users of /dev/urandom get their generators
keyed on a "best effort" basis -- the kernel will rekey generators
whenever the entropy pool hits the high water mark -- while users of
/dev/random get their generators rekeyed every time key-length bits
are output.
The underlying cprng_strong API can use AES-256 or AES-128, but we use
AES-128 because of concerns about related-key attacks on AES-256. This
improves performance (and reduces entropy pool depletion) significantly
for users of /dev/urandom but does cause users of /dev/random to rekey
twice as often.
Also fixes various bugs (including some missing locking and a reseed-counter
overflow in the CTR_DRBG code) found while testing this.
For long reads, this generator is approximately 20 times as fast as the
old generator (dd with bs=64K yields 53MB/sec on 2Ghz Core2 instead of
2.5MB/sec) and also uses a separate mutex per instance so concurrency
is greatly improved. For reads of typical key sizes for modern
cryptosystems (16-32 bytes) performance is about the same as the old
code: a little better for 32 bytes, a little worse for 16 bytes.
- minor tweak to the handler example: it leaks 't' (on stack)
when passed to sysctl_lookup(9), as it copyout its content via
sysctl_data. That would not be the case if CTLFLAG_IMMEDIATE flag
was set for this node but the example does not preclude that.
from the bootloader. This can fix the problem of poor quality keys
for other kernel modules which call arc4random() early in kernel startup
(NFS startup, in particular, causes this).
We continue to rely on the etc/rc.d/random_seed script to save entropy
to the seed file at shutdown and erase the seed file at startup.
Boot loader support implemented only for i386 and amd64 ports for now but
it should be easy for other ports to do the same or similar.
power switch handler of pow(4) deleted before.
Benefits than pow(4):
- separate a front switch (= powsw0) and an EXPWON line (= powsw1)
completely. Only powsw0 is enabled in GENERIC by default.
- prevent chattering in some hardware individuals.
thank you for a report and a test: Yasushi Oshima and Y.Sugahara.
Probably the combination of pow(4) ioctl and rtcalarm(8) does
not work for a long time, and nobody uses them.
I'll rewrite a part about power switch handler as a new device.
