Commit Graph

23 Commits

Author SHA1 Message Date
tls
3afd44cf08 First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>.  This change includes
the following:

	An initial cleanup and minor reorganization of the entropy pool
	code in sys/dev/rnd.c and sys/dev/rndpool.c.  Several bugs are
	fixed.  Some effort is made to accumulate entropy more quickly at
	boot time.

	A generic interface, "rndsink", is added, for stream generators to
	request that they be re-keyed with good quality entropy from the pool
	as soon as it is available.

	The arc4random()/arc4randbytes() implementation in libkern is
	adjusted to use the rndsink interface for rekeying, which helps
	address the problem of low-quality keys at boot time.

	An implementation of the FIPS 140-2 statistical tests for random
	number generator quality is provided (libkern/rngtest.c).  This
	is based on Greg Rose's implementation from Qualcomm.

	A new random stream generator, nist_ctr_drbg, is provided.  It is
	based on an implementation of the NIST SP800-90 CTR_DRBG by
	Henric Jungheim.  This generator users AES in a modified counter
	mode to generate a backtracking-resistant random stream.

	An abstraction layer, "cprng", is provided for in-kernel consumers
	of randomness.  The arc4random/arc4randbytes API is deprecated for
	in-kernel use.  It is replaced by "cprng_strong".  The current
	cprng_fast implementation wraps the existing arc4random
	implementation.  The current cprng_strong implementation wraps the
	new CTR_DRBG implementation.  Both interfaces are rekeyed from
	the entropy pool automatically at intervals justifiable from best
	current cryptographic practice.

	In some quick tests, cprng_fast() is about the same speed as
	the old arc4randbytes(), and cprng_strong() is about 20% faster
	than rnd_extract_data().  Performance is expected to improve.

	The AES code in src/crypto/rijndael is no longer an optional
	kernel component, as it is required by cprng_strong, which is
	not an optional kernel component.

	The entropy pool output is subjected to the rngtest tests at
	startup time; if it fails, the system will reboot.  There is
	approximately a 3/10000 chance of a false positive from these
	tests.  Entropy pool _input_ from hardware random numbers is
	subjected to the rngtest tests at attach time, as well as the
	FIPS continuous-output test, to detect bad or stuck hardware
	RNGs; if any are detected, they are detached, but the system
	continues to run.

	A problem with rndctl(8) is fixed -- datastructures with
	pointers in arrays are no longer passed to userspace (this
	was not a security problem, but rather a major issue for
	compat32).  A new kernel will require a new rndctl.

	The sysctl kern.arandom() and kern.urandom() nodes are hooked
	up to the new generators, but the /dev/*random pseudodevices
	are not, yet.

	Manual pages for the new kernel interfaces are forthcoming.
2011-11-19 22:51:18 +00:00
christos
53524e44ef Kill caddr_t; there will be some MI fallout, but it will be fixed shortly. 2007-03-04 05:59:00 +00:00
christos
168cd830d2 __unused removal on arguments; approved by core. 2006-11-16 01:32:37 +00:00
elad
b8093b8985 Kill some KAUTH_GENERIC_ISSUSER. 2006-10-20 21:55:56 +00:00
peter
dd191f37f3 Merge the peter-altq branch.
(sync with KAME & add support for using ALTQ with pf(4)).
2006-10-12 19:59:07 +00:00
christos
4d595fd7b1 - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
2006-10-12 01:30:41 +00:00
ad
3029ac48c7 - Use the LWP cached credentials where sane.
- Minor cosmetic changes.
2006-07-21 16:48:45 +00:00
christos
fc6d984beb kauth fallout 2006-05-15 00:05:16 +00:00
elad
874fef3711 integrate kauth. 2006-05-14 21:19:33 +00:00
christos
e41fa8a52e Complete the FREE -> free transition and add more NULL checks for malloc
returns. Although these cannot happen because M_WAITOK, the rest of the
code does them already, so this is good for consistency. From Mindaugas
2006-04-23 16:57:22 +00:00
christos
d53df8e839 Use malloc/free instead of MALLOC/FREE and M_ZERO instead of memset. 2006-04-23 06:46:39 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
perry
477853c351 nuke trailing whitespace 2005-02-26 22:58:54 +00:00
abs
b2ac72dc61 Fix URL to Wu-chang Feng's BLUE 2004-06-26 07:22:11 +00:00
wiz
e365329be5 Spell length with h after t. Inspired by a commit by brad@openbsd. 2004-02-13 18:02:05 +00:00
christos
2cd9243922 - kill bzero/bcopy
- defopt stats and settings, removing their definitions from the files
- make code compile by eliminating multicharacter constants!?! and rearranging
  variable declarations so they are defined before used!?!
- help gcc with uninitialized variables
2003-11-09 22:11:12 +00:00
mycroft
bef90cbfa4 There is NO reason to use arc4random() here, and it needlessly slows down the
forwarding path, so goodbye.
2003-10-07 21:22:11 +00:00
itojun
0a34c7661e use arc4random. sync w/ kame 2003-09-05 22:43:01 +00:00
itojun
ac36f7cb2c bring in latest ALTQ from kjc. ALTQify some of the drivers. 2002-03-05 04:12:57 +00:00
lukem
a13b5687d9 add RCSIDs 2001-11-12 23:08:56 +00:00
thorpej
bf2dcec4f5 Remove the use of splimp() from the NetBSD kernel. splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.
2001-04-13 23:29:55 +00:00
thorpej
2dfc514990 Add NetBSD RCS IDs. 2000-12-14 08:49:49 +00:00
thorpej
68de460f39 Import ALTQ from KAME. 2000-12-14 08:42:28 +00:00