NetBSD/sys/netkey
tls 0f95ec4fd5 ESP output was drawing down the entropy pool at a ferocious rate, a
particular problem on hosts with only wireless interfaces that are
definitely not safe to use as entropy sources.

Add arc4randbytes() which hands out bytes from the same source used
by arc4random().  This is intended to be a _temporary_ interface
until we can design and implement a better general PRNG interface
that is decoupled from the entropy-pool implementation.

Modify key_randomfill() (used only for initialization vectors on
SA creation and via key_sa_stir_iv(), which does not "stir",
despite its name) to use arc4randbytes() instead of pulling bits
directly from the entropy pool.  It is my hope that this change
will pose minimal integration problems for the KAME folks as the
random-pool interface is *already* different between each BSD
variant; this just simplifies the NetBSD case and solves a
fairly serious problem.

Note that it is generally considered acceptable cryptographic
practice to use a fast stream cipher to generate IVs for encryption
with stronger block ciphers.  For example, the use of "non-Approved"
PRNGs to generate IVs for "Approved" block ciphers is explicitly
sanctioned by FIPS 140-2.
2002-10-06 08:51:44 +00:00
..
key_debug.c remove trailing \n in panic(). approved perry. 2002-09-27 15:35:29 +00:00
key_debug.h
key_var.h fix signed/unsigned pointer mixup 2002-09-23 13:43:42 +00:00
key.c ESP output was drawing down the entropy pool at a ferocious rate, a 2002-10-06 08:51:44 +00:00
key.h make function static 2002-06-12 03:46:16 +00:00
keydb.c deep-copy pcb policy if it is an ipsec policy. assign ID field to all 2002-06-12 17:56:45 +00:00
keydb.h correct signedness mixup in pointer passing. sync w/kame 2002-09-11 02:41:19 +00:00
keysock.c remove trailing \n in panic(). approved perry. 2002-09-27 15:35:29 +00:00
keysock.h pfkey statistics was presented in wrong direction. 2002-03-21 04:23:36 +00:00
Makefile