Decouple yarrow from random(4) device.

* Make Yarrow an optional kernel component -- enabled by "YARROW_RNG" option. The files sha2.c, hash.c, randomdev_soft.c and yarrow.c comprise yarrow. * random(4) device doesn't really depend on rijndael-*. Yarrow, however, does. * Add random_adaptors.[ch] which is basically a store of random_adaptor's. random_adaptor is basically an adapter that plugs in to random(4). random_adaptor can only be plugged in to random(4) very early in bootup. Unplugging random_adaptor from random(4) is not supported, and is probably a bad idea anyway, due to potential loss of entropy pools. We currently have 3 random_adaptors: + yarrow + rdrand (ivy.c) + nehemeiah * Remove platform dependent logic from probe.c, and move it into corresponding registration routines of each random_adaptor provider. probe.c doesn't do anything other than picking a specific random_adaptor from a list of registered ones. * If the kernel doesn't have any random_adaptor adapters present then the creation of /dev/random is postponed until next random_adaptor is kldload'ed. * Fix randomdev_soft.c to refer to its own random_adaptor, instead of a system wide one. Submitted by: arthurmesh@gmail.com, obrien Obtained from: Juniper Networks Reviewed by: obrien
author: obrien <obrien@FreeBSD.org> 2013-07-29 20:26:27 +0000
committer: obrien <obrien@FreeBSD.org> 2013-07-29 20:26:27 +0000
commit: 721ce839c7c49ecca90b66a4523be0e6e29c057e (patch)
tree: 7321ee5c53e41f64a4e3a37d1e501321672bb5af
parent: f6b004c36a12554e599bc79d3f4efc2047574d1b (diff)
download: FreeBSD-src-721ce839c7c49ecca90b66a4523be0e6e29c057e.zip
FreeBSD-src-721ce839c7c49ecca90b66a4523be0e6e29c057e.tar.gz
81 files changed, 318 insertions, 140 deletions
diff --git a/UPDATING b/UPDATING
index d3a6d56..3903306 100644
--- a/UPDATING
+++ b/UPDATING
@@ -31,6 +31,19 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20130729:
+	random(4) and actual RNG implementations (aka, adaptors) have been
+	further decoupled.  If you are running a custom kernel, you may
+	need to explicitly enable at least one RNG adaptor in your kernel
+	config.  For example, to use Yarrow, add "options YARROW_RNG" to
+	your kernel config.  For hardware backed RNGs, use either
+	"RDRAND_RNG" or "PADLOCK_RNG" options.
+	If you use random.ko via 'random_load="YES"' in /boot/loader.conf
+	instead of "device random", you will need to change that to
+	'yarrow_rng_load="YES"', 'rdrand_rng_load="YES"', or
+	'padlock_rng_load="YES"'.  random.ko will be loaded automatically
+	as a dependency module.
+
 20130726:
 	Behavior of devfs rules path matching has been changed.
 	Pattern is now always matched against fully qualified devfs
diff --git a/share/man/man4/random.4 b/share/man/man4/random.4
index e2809f4..095b73f 100644
--- a/share/man/man4/random.4
+++ b/share/man/man4/random.4
@@ -23,7 +23,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd September 7, 2012
+.Dd July 29, 2013
 .Dt RANDOM 4
 .Os
 .Sh NAME
@@ -43,6 +43,13 @@ The device will probe for
 certain hardware entropy sources,
 and use these in preference to the fallback,
 which is a generator implemented in software.
+If the kernel environment MIB's
+.Va hw.nehemiah_rng_enable
+or
+.Va hw.ivy_rng_enable
+are set to
+.Dq Li 0 ,
+the associated hardware entropy source will be ignored.
 .Pp
 If the device is using
 the software generator,
@@ -74,6 +81,7 @@ device, use the command line:
 .Pp
 which results in something like:
 .Bd -literal -offset indent
+kern.random.adaptors:  yarrow
 kern.random.sys.seeded: 1
 kern.random.sys.harvest.ethernet: 1
 kern.random.sys.harvest.point_to_point: 1
@@ -89,7 +97,9 @@ kern.random.yarrow.slowoverthresh: 2
 (These would not be seen if a
 hardware generator is present.)
 .Pp
-All settings are read/write.
+Other than
+.Dl kern.random.adaptors
+all settings are read/write.
 .Pp
 The
 .Va kern.random.sys.seeded
diff --git a/sys/amd64/conf/GENERIC b/sys/amd64/conf/GENERIC
index 17990a3..dbd76d6 100644
--- a/sys/amd64/conf/GENERIC
+++ b/sys/amd64/conf/GENERIC
@@ -295,6 +295,7 @@ device		loop		# Network loopback
 device		random		# Entropy device
 options 	PADLOCK_RNG	# VIA Padlock RNG
 options 	RDRAND_RNG	# Intel Bull Mountain RNG
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/sys/arm/conf/AC100 b/sys/arm/conf/AC100
index d368bdf..a3c6826 100644
--- a/sys/arm/conf/AC100
+++ b/sys/arm/conf/AC100
@@ -61,6 +61,7 @@ options 	MUTEX_DEBUG
 
 # Pseudo devices
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		pty
 device		loop
 device		md
diff --git a/sys/arm/conf/ARMADAXP b/sys/arm/conf/ARMADAXP
index 54aa635..f7be570 100644
--- a/sys/arm/conf/ARMADAXP
+++ b/sys/arm/conf/ARMADAXP
@@ -61,6 +61,7 @@ options 	KDB_TRACE
 
 # Pseudo devices
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		pty
 device		loop
 device		md
diff --git a/sys/arm/conf/ARNDALE b/sys/arm/conf/ARNDALE
index 1864f33..3bd8a2f 100644
--- a/sys/arm/conf/ARNDALE
+++ b/sys/arm/conf/ARNDALE
@@ -88,6 +88,7 @@ options		ROOTDEVNAME=\"ufs:/dev/da0\"
 
 device		loop
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		pty
 device		md
 device		gpio
diff --git a/sys/arm/conf/ATMEL b/sys/arm/conf/ATMEL
index eb3dd7d..6aa6a3e 100644
--- a/sys/arm/conf/ATMEL
+++ b/sys/arm/conf/ATMEL
@@ -134,6 +134,7 @@ device		geom_map	# GEOM partition mapping
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/sys/arm/conf/AVILA b/sys/arm/conf/AVILA
index 4246462..9397f39 100644
--- a/sys/arm/conf/AVILA
+++ b/sys/arm/conf/AVILA
@@ -107,6 +107,7 @@ device		if_bridge
 
 device		md
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 # Wireless NIC cards
 device		wlan		# 802.11 support
diff --git a/sys/arm/conf/BEAGLEBONE b/sys/arm/conf/BEAGLEBONE
index 997a62f..b8f54c7 100644
--- a/sys/arm/conf/BEAGLEBONE
+++ b/sys/arm/conf/BEAGLEBONE
@@ -90,6 +90,7 @@ device		pty
 device		snp
 device		md
 device		random			# Entropy device
+options 	YARROW_RNG		# Yarrow software RNG
 
 # I2C support
 device		iicbus
diff --git a/sys/arm/conf/BWCT b/sys/arm/conf/BWCT
index 4c6a1f1..9df78e4 100644
--- a/sys/arm/conf/BWCT
+++ b/sys/arm/conf/BWCT
@@ -68,6 +68,7 @@ options 	NO_FFS_SNAPSHOT
 options 	NO_SWAPPING
 device		loop
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		ether
 device		vlan
 device		uart
diff --git a/sys/arm/conf/CAMBRIA b/sys/arm/conf/CAMBRIA
index 377f45d..43fde27 100644
--- a/sys/arm/conf/CAMBRIA
+++ b/sys/arm/conf/CAMBRIA
@@ -110,6 +110,7 @@ device		if_bridge
 
 device		md
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 # Wireless NIC cards
 device		wlan		# 802.11 support
diff --git a/sys/arm/conf/CNS11XXNAS b/sys/arm/conf/CNS11XXNAS
index e66e2bb..cb4c210 100644
--- a/sys/arm/conf/CNS11XXNAS
+++ b/sys/arm/conf/CNS11XXNAS
@@ -102,6 +102,7 @@ device		loop
 
 device		md
 device          random          # Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 #options 	ARM_USE_SMALL_ALLOC
 
diff --git a/sys/arm/conf/CRB b/sys/arm/conf/CRB
index d9b0a4e..25ed432 100644
--- a/sys/arm/conf/CRB
+++ b/sys/arm/conf/CRB
@@ -105,6 +105,7 @@ options 	DDB			#Enable the kernel debugger
 options 	XSCALE_CACHE_READ_WRITE_ALLOCATE
 device		md
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 device		iopwdog
 options 	ARM_USE_SMALL_ALLOC
diff --git a/sys/arm/conf/CUBIEBOARD b/sys/arm/conf/CUBIEBOARD
index 179b383..f514244 100644
--- a/sys/arm/conf/CUBIEBOARD
+++ b/sys/arm/conf/CUBIEBOARD
@@ -92,6 +92,7 @@ device		pty
 device		snp
 device		md
 device		random			# Entropy device
+options 	YARROW_RNG		# Yarrow software RNG
 
 # I2C support
 #device		iicbus
@@ -130,4 +131,3 @@ device		miibus
 options		FDT
 options		FDT_DTB_STATIC
 makeoptions	FDT_DTS_FILE=cubieboard.dts
-
diff --git a/sys/arm/conf/DB-78XXX b/sys/arm/conf/DB-78XXX
index f3e62f5..afe71af 100644
--- a/sys/arm/conf/DB-78XXX
+++ b/sys/arm/conf/DB-78XXX
@@ -55,6 +55,7 @@ device		pci
 device		loop
 device		md
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 
 # Serial ports
 device		uart
diff --git a/sys/arm/conf/DB-88F5XXX b/sys/arm/conf/DB-88F5XXX
index 50ca24e..f113e30 100644
--- a/sys/arm/conf/DB-88F5XXX
+++ b/sys/arm/conf/DB-88F5XXX
@@ -54,6 +54,7 @@ device		pci
 device		md
 device		loop
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 
 # Serial ports
 device		uart
diff --git a/sys/arm/conf/DB-88F6XXX b/sys/arm/conf/DB-88F6XXX
index cf508ad..f32aa59 100644
--- a/sys/arm/conf/DB-88F6XXX
+++ b/sys/arm/conf/DB-88F6XXX
@@ -55,6 +55,7 @@ device		pci
 device		loop
 device		md
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 
 # Serial ports
 device		uart
diff --git a/sys/arm/conf/DOCKSTAR b/sys/arm/conf/DOCKSTAR
index 25c0121..5142b84 100644
--- a/sys/arm/conf/DOCKSTAR
+++ b/sys/arm/conf/DOCKSTAR
@@ -46,6 +46,7 @@ options 	KDB
 # Pseudo devices
 device		md
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 
 # Serial ports
diff --git a/sys/arm/conf/DREAMPLUG-1001 b/sys/arm/conf/DREAMPLUG-1001
index 442cde0..b39b636 100644
--- a/sys/arm/conf/DREAMPLUG-1001
+++ b/sys/arm/conf/DREAMPLUG-1001
@@ -62,6 +62,7 @@ device		loop			#Network loopback
 device  	md			#Memory/malloc disk
 device		pty			#BSD-style compatibility pseudo ttys
 device		random			#Entropy device
+options 	YARROW_RNG		# Yarrow software RNG
 device  	tun			#Packet tunnel.
 device		ether			#Required for all ethernet devices
 device  	vlan			#802.1Q VLAN support
diff --git a/sys/arm/conf/EA3250 b/sys/arm/conf/EA3250
index 89d9fa4..6fb0dfe 100644
--- a/sys/arm/conf/EA3250
+++ b/sys/arm/conf/EA3250
@@ -54,6 +54,7 @@ device		loop
 device		md
 device		pty
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 
 # Serial ports
 device		uart
diff --git a/sys/arm/conf/EB9200 b/sys/arm/conf/EB9200
index 0570699..b3ebc61 100644
--- a/sys/arm/conf/EB9200
+++ b/sys/arm/conf/EB9200
@@ -60,6 +60,7 @@ options 	SX_NOINLINE
 options 	NO_FFS_SNAPSHOT
 options 	NO_SWAPPING
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 device		ether
 device		uart
diff --git a/sys/arm/conf/EFIKA_MX b/sys/arm/conf/EFIKA_MX
index 71edb8c..07c0630 100644
--- a/sys/arm/conf/EFIKA_MX
+++ b/sys/arm/conf/EFIKA_MX
@@ -96,6 +96,7 @@ device		bpf		# Berkeley packet filter
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 #device		vlan		# 802.1Q VLAN support
 #device		tun		# Packet tunnel.
diff --git a/sys/arm/conf/EP80219 b/sys/arm/conf/EP80219
index a112fe1..1d6b87d 100644
--- a/sys/arm/conf/EP80219
+++ b/sys/arm/conf/EP80219
@@ -101,6 +101,7 @@ options 	DDB			#Enable the kernel debugger
 options 	XSCALE_CACHE_READ_WRITE_ALLOCATE
 device		md
 device		random          # Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 options 	ARM_USE_SMALL_ALLOC
 # Floppy drives
diff --git a/sys/arm/conf/ETHERNUT5 b/sys/arm/conf/ETHERNUT5
index ef52bc6..8a68249 100644
--- a/sys/arm/conf/ETHERNUT5
+++ b/sys/arm/conf/ETHERNUT5
@@ -126,6 +126,7 @@ device		geom_map	# GEOM partition mapping
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 #device		vlan		# 802.1Q VLAN support
 #device		tun		# Packet tunnel.
diff --git a/sys/arm/conf/GUMSTIX b/sys/arm/conf/GUMSTIX
index 11fe6a9..b752daa 100644
--- a/sys/arm/conf/GUMSTIX
+++ b/sys/arm/conf/GUMSTIX
@@ -88,3 +88,4 @@ options 	DDB			#Enable the kernel debugger
 
 device		md
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
diff --git a/sys/arm/conf/HL200 b/sys/arm/conf/HL200
index 415cbc9..fb980ef 100644
--- a/sys/arm/conf/HL200
+++ b/sys/arm/conf/HL200
@@ -65,6 +65,7 @@ options 	RWLOCK_NOINLINE
 options 	NO_FFS_SNAPSHOT
 options 	NO_SWAPPING
 device		random
+options 	YARROW_RNG	# Yarrow software RNG
 device		loop
 device		ether
 device		uart
diff --git a/sys/arm/conf/HL201 b/sys/arm/conf/HL201
index 1294f1a..a2eee41 100644
--- a/sys/arm/conf/HL201
+++ b/sys/arm/conf/HL201
@@ -67,6 +67,7 @@ options 	RWLOCK_NOINLINE
 options 	NO_FFS_SNAPSHOT
 options 	NO_SWAPPING
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 device		ether
 device		uart
@@ -129,4 +130,3 @@ device		pass		# Passthrough device (direct SCSI access)
 #device		wlan_tkip	# 802.11 TKIP support
 #device		wlan_amrr	# AMRR transmit rate control algorithm
 options 	ROOTDEVNAME=\"ufs:da0s1a\"
-
diff --git a/sys/arm/conf/IQ31244 b/sys/arm/conf/IQ31244
index 1eb4a20..91fbe22 100644
--- a/sys/arm/conf/IQ31244
+++ b/sys/arm/conf/IQ31244
@@ -106,6 +106,7 @@ options 	DDB			#Enable the kernel debugger
 options 	XSCALE_CACHE_READ_WRITE_ALLOCATE
 device		md
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 options 	ARM_USE_SMALL_ALLOC
 # Floppy drives
diff --git a/sys/arm/conf/KB920X b/sys/arm/conf/KB920X
index 7cf56d8..e8639b4 100644
--- a/sys/arm/conf/KB920X
+++ b/sys/arm/conf/KB920X
@@ -66,6 +66,7 @@ options 	SX_NOINLINE
 options 	NO_FFS_SNAPSHOT
 options 	NO_SWAPPING
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 device		ether
 device		uart
diff --git a/sys/arm/conf/LN2410SBC b/sys/arm/conf/LN2410SBC
index 8d2a585..e7ccc6e 100644
--- a/sys/arm/conf/LN2410SBC
+++ b/sys/arm/conf/LN2410SBC
@@ -62,6 +62,7 @@ options 	SX_NOINLINE
 options 	NO_FFS_SNAPSHOT
 options 	NO_SWAPPING
 device		random
+options 	YARROW_RNG	# Yarrow software RNG
 
 device		loop
 device		ether
@@ -83,4 +84,3 @@ device		ohci
 device		umass
 device		scbus		# SCSI bus (required for da)
 device		da		# Direct Access (disks)
-
diff --git a/sys/arm/conf/NSLU b/sys/arm/conf/NSLU
index 0980e4d..43eee38 100644
--- a/sys/arm/conf/NSLU
+++ b/sys/arm/conf/NSLU
@@ -105,6 +105,7 @@ device		loop
 
 device		md
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 #options 	ARM_USE_SMALL_ALLOC
 
diff --git a/sys/arm/conf/PANDABOARD b/sys/arm/conf/PANDABOARD
index 788a0ed..ae3b965 100644
--- a/sys/arm/conf/PANDABOARD
+++ b/sys/arm/conf/PANDABOARD
@@ -110,6 +110,7 @@ device		md
 #options 	MD_ROOT_SIZE=7560
 
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 # USB support
 device		usb
diff --git a/sys/arm/conf/QILA9G20 b/sys/arm/conf/QILA9G20
index 50d9a37..d0c5793 100644
--- a/sys/arm/conf/QILA9G20
+++ b/sys/arm/conf/QILA9G20
@@ -77,6 +77,7 @@ options 	NO_SWAPPING
 #options 	DIAGNOSTIC
 
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 device		bpf
 device		ether
diff --git a/sys/arm/conf/RPI-B b/sys/arm/conf/RPI-B
index 251bf55..f8d53f3 100644
--- a/sys/arm/conf/RPI-B
+++ b/sys/arm/conf/RPI-B
@@ -86,6 +86,7 @@ options 	INVARIANT_SUPPORT	#Extra sanity checks of internal structures, required
 
 device		md
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 # USB support
 device		usb
diff --git a/sys/arm/conf/SAM9260EK b/sys/arm/conf/SAM9260EK
index 08b308d..d48bb55 100644
--- a/sys/arm/conf/SAM9260EK
+++ b/sys/arm/conf/SAM9260EK
@@ -134,6 +134,7 @@ device		mmcsd		# MMC/SD memory card
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 #device		vlan		# 802.1Q VLAN support
 #device		tun		# Packet tunnel.
diff --git a/sys/arm/conf/SAM9G20EK b/sys/arm/conf/SAM9G20EK
index e173f01..dce47b6 100644
--- a/sys/arm/conf/SAM9G20EK
+++ b/sys/arm/conf/SAM9G20EK
@@ -76,6 +76,7 @@ options 	NO_SWAPPING
 #options 	DIAGNOSTIC
 
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 device		bpf
 device		ether
diff --git a/sys/arm/conf/SAM9X25EK b/sys/arm/conf/SAM9X25EK
index 6cdeac6..80337a8 100644
--- a/sys/arm/conf/SAM9X25EK
+++ b/sys/arm/conf/SAM9X25EK
@@ -77,6 +77,7 @@ options 	NO_SWAPPING
 #options 	DIAGNOSTIC
 
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		pty
 device		loop
 device		bpf
@@ -150,4 +151,3 @@ device		miibus
 #device		wlan_ccmp	# 802.11 CCMP support
 #device		wlan_tkip	# 802.11 TKIP support
 #device		wlan_amrr	# AMRR transmit rate control algorithm
-
diff --git a/sys/arm/conf/SHEEVAPLUG b/sys/arm/conf/SHEEVAPLUG
index c6bd901..12634cc 100644
--- a/sys/arm/conf/SHEEVAPLUG
+++ b/sys/arm/conf/SHEEVAPLUG
@@ -45,6 +45,7 @@ options 	KDB
 
 # Pseudo devices
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 
 # Serial ports
diff --git a/sys/arm/conf/SN9G45 b/sys/arm/conf/SN9G45
index 123136b..c826723 100644
--- a/sys/arm/conf/SN9G45
+++ b/sys/arm/conf/SN9G45
@@ -76,6 +76,7 @@ options 	NO_SWAPPING
 #options 	DIAGNOSTIC
 
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 device		bpf
 device		ether
diff --git a/sys/arm/conf/TS7800 b/sys/arm/conf/TS7800
index 79e9dba..dd97791 100644
--- a/sys/arm/conf/TS7800
+++ b/sys/arm/conf/TS7800
@@ -48,6 +48,7 @@ device		pci
 device		md
 device		loop
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 
 # Serial ports
 device		uart
diff --git a/sys/arm/conf/VERSATILEPB b/sys/arm/conf/VERSATILEPB
index b12009dc0..f81653a 100644
--- a/sys/arm/conf/VERSATILEPB
+++ b/sys/arm/conf/VERSATILEPB
@@ -94,6 +94,7 @@ options 	INVARIANT_SUPPORT	#Extra sanity checks of internal structures, required
 
 device		md
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 
 # Flattened Device Tree
 options         FDT
diff --git a/sys/arm/conf/ZEDBOARD b/sys/arm/conf/ZEDBOARD
index 1008125..2944220 100644
--- a/sys/arm/conf/ZEDBOARD
+++ b/sys/arm/conf/ZEDBOARD
@@ -66,6 +66,7 @@ options 	KDB
 
 device		loop
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		ether
 device		if_cgem			# Zynq-7000 gig ethernet device
 device		mii
diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index dce2168..dfde8df 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -1132,6 +1132,9 @@ options 	VFS_AIO
 # Cryptographically secure random number generator; /dev/random
 device		random
 
+# Yarrow software RNG adapter for random
+options 	YARROW_RNG
+
 # The system memory devices; /dev/mem, /dev/kmem
 device		mem
 
diff --git a/sys/conf/files b/sys/conf/files
index 4a1a432..3e23454 100644
--- a/sys/conf/files
+++ b/sys/conf/files
@@ -540,8 +540,8 @@ crypto/des/des_ecb.c		optional crypto | ipsec | netsmb
 crypto/des/des_setkey.c		optional crypto | ipsec | netsmb
 crypto/rc4/rc4.c		optional netgraph_mppc_encryption | kgssapi
 crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \
-					 ipsec | random | wlan_ccmp
-crypto/rijndael/rijndael-api-fst.c optional geom_bde | random
+					 ipsec | yarrow_rng | wlan_ccmp
+crypto/rijndael/rijndael-api-fst.c optional geom_bde | yarrow_rng
 crypto/rijndael/rijndael-api.c	optional crypto | ipsec | wlan_ccmp
 crypto/sha1.c			optional carp | crypto | ipsec | \
 					 netgraph_mppc_encryption | sctp
@@ -2030,11 +2030,12 @@ rt2860.fw			optional rt2860fw | ralfw		\
 	no-obj no-implicit-rule						\
 	clean		"rt2860.fw"
 dev/random/harvest.c		standard
-dev/random/hash.c		optional random
+dev/random/hash.c		optional yarrow_rng
 dev/random/probe.c		optional random
+dev/random/random_adaptors.c	standard
 dev/random/randomdev.c		optional random
-dev/random/randomdev_soft.c	optional random
-dev/random/yarrow.c		optional random
+dev/random/randomdev_soft.c	optional yarrow_rng
+dev/random/yarrow.c		optional yarrow_rng
 dev/rc/rc.c			optional rc
 dev/re/if_re.c			optional re
 dev/rndtest/rndtest.c		optional rndtest
diff --git a/sys/conf/options b/sys/conf/options
index d9057cc..de695cb 100644
--- a/sys/conf/options
+++ b/sys/conf/options
@@ -905,3 +905,6 @@ RACCT		opt_global.h
 
 # Resource Limits
 RCTL		opt_global.h
+
+# Software random number generators for random(4)
+YARROW_RNG	opt_dontuse.h
diff --git a/sys/dev/random/ivy.c b/sys/dev/random/ivy.c
index f81c148..0b8da12 100644
--- a/sys/dev/random/ivy.c
+++ b/sys/dev/random/ivy.c
@@ -28,16 +28,19 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#include "opt_cpu.h"
-
-#ifdef RDRAND_RNG
-
 #include <sys/param.h>
 #include <sys/time.h>
+#include <sys/kernel.h>
 #include <sys/lock.h>
+#include <sys/module.h>
 #include <sys/mutex.h>
 #include <sys/selinfo.h>
 #include <sys/systm.h>
+
+#include <machine/md_var.h>
+#include <machine/specialreg.h>
+
+#include <dev/random/random_adaptors.h>
 #include <dev/random/randomdev.h>
 
 #define	RETRY_COUNT	10
@@ -46,7 +49,7 @@ static void random_ivy_init(void);
 static void random_ivy_deinit(void);
 static int random_ivy_read(void *, int);
 
-struct random_systat random_ivy = {
+struct random_adaptor random_ivy = {
 	.ident = "Hardware, Intel IvyBridge+ RNG",
 	.init = random_ivy_init,
 	.deinit = random_ivy_deinit,
@@ -114,4 +117,32 @@ random_ivy_read(void *buf, int c)
 	return (c - count);
 }
 
+static int
+rdrand_modevent(module_t mod, int type, void *unused)
+{
+
+	switch (type) {
+	case MOD_LOAD:
+		if (cpu_feature2 & CPUID2_RDRAND) {
+			random_adaptor_register("rdrand", &random_ivy);
+			EVENTHANDLER_INVOKE(random_adaptor_attach, &random_ivy);
+			return (0);
+		} else {
+#ifndef KLD_MODULE
+			if (bootverbose)
 #endif
+				printf(
+			    "%s: RDRAND feature is not present on this CPU\n",
+				    random_ivy.ident);
+#ifdef KLD_MODULE
+			return (ENXIO);
+#else
+			return (0);
+#endif
+		}
+	}
+
+	return (EINVAL);
+}
+
+RANDOM_ADAPTOR_MODULE(random_rdrand, rdrand_modevent, 1);
diff --git a/sys/dev/random/nehemiah.c b/sys/dev/random/nehemiah.c
index f3afa89..e811115 100644
--- a/sys/dev/random/nehemiah.c
+++ b/sys/dev/random/nehemiah.c
@@ -28,19 +28,20 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#include "opt_cpu.h"
-
-#ifdef PADLOCK_RNG
-
 #include <sys/param.h>
 #include <sys/time.h>
 #include <sys/lock.h>
 #include <sys/mutex.h>
+#include <sys/module.h>
 #include <sys/selinfo.h>
 #include <sys/systm.h>
+#include <sys/kernel.h>
 
 #include <machine/pcb.h>
+#include <machine/md_var.h>
+#include <machine/specialreg.h>
 
+#include <dev/random/random_adaptors.h>
 #include <dev/random/randomdev.h>
 
 #define RANDOM_BLOCK_SIZE	256
@@ -50,7 +51,7 @@ static void random_nehemiah_init(void);
 static void random_nehemiah_deinit(void);
 static int random_nehemiah_read(void *, int);
 
-struct random_systat random_nehemiah = {
+struct random_adaptor random_nehemiah = {
 	.ident = "Hardware, VIA Nehemiah",
 	.init = random_nehemiah_init,
 	.deinit = random_nehemiah_deinit,
@@ -208,4 +209,33 @@ random_nehemiah_read(void *buf, int c)
 	return (c);
 }
 
+static int
+nehemiah_modevent(module_t mod, int type, void *unused)
+{
+
+	switch (type) {
+	case MOD_LOAD:
+		if (via_feature_rng & VIA_HAS_RNG) {
+			random_adaptor_register("nehemiah", &random_nehemiah);
+			EVENTHANDLER_INVOKE(random_adaptor_attach,
+			    &random_nehemiah);
+			return (0);
+		} else {
+#ifndef KLD_MODULE
+			if (bootverbose)
 #endif
+				printf(
+			    "%s: VIA RNG feature is not present on this CPU\n",
+				    random_nehemiah.ident);
+#ifdef KLD_MODULE
+			return (ENXIO);
+#else
+			return (0);
+#endif
+		}
+	}
+
+	return (EINVAL);
+}
+
+RANDOM_ADAPTOR_MODULE(nehemiah, nehemiah_modevent, 1);
diff --git a/sys/dev/random/probe.c b/sys/dev/random/probe.c
index d9e70de..7039b92 100644
--- a/sys/dev/random/probe.c
+++ b/sys/dev/random/probe.c
@@ -28,66 +28,35 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
-#if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
+#if defined(__amd64__) || defined(__i386__)
 #include "opt_cpu.h"
 #endif
 
-#include <sys/types.h>
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
-#include <sys/malloc.h>
-#include <sys/random.h>
 #include <sys/selinfo.h>
-#include <sys/sysctl.h>
-
-#if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
-#include <machine/cpufunc.h>
-#include <machine/cputypes.h>
-#include <machine/md_var.h>
-#include <machine/specialreg.h>
-#endif
 
+#include <dev/random/random_adaptors.h>
 #include <dev/random/randomdev.h>
-#include <dev/random/randomdev_soft.h>
-
-#if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
-#ifdef PADLOCK_RNG
-extern struct random_systat random_nehemiah;
-#endif
-#ifdef RDRAND_RNG
-extern struct random_systat random_ivy;
-#endif
-#endif
 
 void
-random_ident_hardware(struct random_systat **systat)
+random_ident_hardware(struct random_adaptor **adaptor)
 {
+	struct random_adaptor *tmp;
+	int enable;
 
-	/* Set default to software */
-	*systat = &random_yarrow;
+	/* Set default to software (yarrow) */
+	*adaptor = random_adaptor_get("yarrow");
 
 	/* Then go looking for hardware */
-#if defined(__amd64__) || (defined(__i386__) && !defined(PC98))
-#ifdef PADLOCK_RNG
-	if (via_feature_rng & VIA_HAS_RNG) {
-		int enable;
-
-		enable = 1;
-		TUNABLE_INT_FETCH("hw.nehemiah_rng_enable", &enable);
-		if (enable)
-			*systat = &random_nehemiah;
-	}
-#endif
-#ifdef RDRAND_RNG
-	if (cpu_feature2 & CPUID2_RDRAND) {
-		int enable;
-
-		enable = 1;
-		TUNABLE_INT_FETCH("hw.ivy_rng_enable", &enable);
-		if (enable)
-			*systat = &random_ivy;
-	}
-#endif
-#endif
+	enable = 1;
+	TUNABLE_INT_FETCH("hw.nehemiah_rng_enable", &enable);
+	if (enable && (tmp = random_adaptor_get("nehemiah")))
+		*adaptor = tmp;
+
+	enable = 1;
+	TUNABLE_INT_FETCH("hw.ivy_rng_enable", &enable);
+	if (enable && (tmp = random_adaptor_get("rdrand")))
+		*adaptor = tmp;
 }
diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c
index 18b17d8..eeef425 100644
--- a/sys/dev/random/randomdev.c
+++ b/sys/dev/random/randomdev.c
@@ -70,12 +70,15 @@ static struct cdevsw random_cdevsw = {
 	.d_name = "random",
 };
 
-struct random_systat *random_systat;
+static struct random_adaptor *random_adaptor;
+static eventhandler_tag attach_tag;
+static int random_inited;
+
 
 /* For use with make_dev(9)/destroy_dev(9). */
 static struct cdev *random_dev;
 
-/* Used to fake out unused random calls in random_systat */
+/* Used to fake out unused random calls in random_adaptor */
 void
 random_null_func(void)
 {
@@ -88,8 +91,8 @@ random_close(struct cdev *dev __unused, int flags, int fmt __unused,
 {
 	if ((flags & FWRITE) && (priv_check(td, PRIV_RANDOM_RESEED) == 0)
 	    && (securelevel_gt(td->td_ucred, 0) == 0)) {
-		(*random_systat->reseed)();
-		random_systat->seeded = 1;
+		(*random_adaptor->reseed)();
+		random_adaptor->seeded = 1;
 		arc4rand(NULL, 0, 1);	/* Reseed arc4random as well. */
 	}
 
@@ -104,8 +107,8 @@ random_read(struct cdev *dev __unused, struct uio *uio, int flag)
 	void *random_buf;
 
 	/* Blocking logic */
-	if (!random_systat->seeded)
-		error = (*random_systat->block)(flag);
+	if (!random_adaptor->seeded)
+		error = (*random_adaptor->block)(flag);
 
 	/* The actual read */
 	if (!error) {
@@ -114,7 +117,7 @@ random_read(struct cdev *dev __unused, struct uio *uio, int flag)
 
 		while (uio->uio_resid > 0 && !error) {
 			c = MIN(uio->uio_resid, PAGE_SIZE);
-			c = (*random_systat->read)(random_buf, c);
+			c = (*random_adaptor->read)(random_buf, c);
 			error = uiomove(random_buf, c, uio);
 		}
 
@@ -139,7 +142,7 @@ random_write(struct cdev *dev __unused, struct uio *uio, int flag __unused)
 		error = uiomove(random_buf, c, uio);
 		if (error)
 			break;
-		(*random_systat->write)(random_buf, c);
+		(*random_adaptor->write)(random_buf, c);
 	}
 
 	free(random_buf, M_TEMP);
@@ -172,14 +175,37 @@ random_poll(struct cdev *dev __unused, int events, struct thread *td)
 	int revents = 0;
 
 	if (events & (POLLIN | POLLRDNORM)) {
-		if (random_systat->seeded)
+		if (random_adaptor->seeded)
 			revents = events & (POLLIN | POLLRDNORM);
 		else
-			revents = (*random_systat->poll) (events,td);
+			revents = (*random_adaptor->poll) (events,td);
 	}
 	return (revents);
 }
 
+static void
+random_initialize(void *p, struct random_adaptor *s)
+{
+	if (random_inited) {
+		printf("random: <%s> already initialized\n",
+		    random_adaptor->ident);
+		return;
+	}
+
+	random_adaptor = s;
+
+	(s->init)();
+
+	printf("random: <%s> initialized\n", s->ident);
+
+	random_dev = make_dev_credf(MAKEDEV_ETERNAL_KLD, &random_cdevsw,
+	    RANDOM_MINOR, NULL, UID_ROOT, GID_WHEEL, 0666, "random");
+	make_dev_alias(random_dev, "urandom");	/* XXX Deprecated */
+
+	/* mark random(4) as initialized, to avoid being called again */
+	random_inited = 1;
+}
+
 /* ARGSUSED */
 static int
 random_modevent(module_t mod __unused, int type, void *data __unused)
@@ -188,23 +214,29 @@ random_modevent(module_t mod __unused, int type, void *data __unused)
 
 	switch (type) {
 	case MOD_LOAD:
-		random_ident_hardware(&random_systat);
-		(*random_systat->init)();
-
-		if (bootverbose)
-			printf("random: <entropy source, %s>\n",
-			    random_systat->ident);
-
-		random_dev = make_dev_credf(MAKEDEV_ETERNAL_KLD, &random_cdevsw,
-		    RANDOM_MINOR, NULL, UID_ROOT, GID_WHEEL, 0666, "random");
-		make_dev_alias(random_dev, "urandom");	/* XXX Deprecated */
+		random_ident_hardware(&random_adaptor);
+
+		if (random_adaptor == NULL) {
+			printf(
+       "random: No random adaptor attached, postponing initialization\n");
+			attach_tag = EVENTHANDLER_REGISTER(random_adaptor_attach,
+			    random_initialize, NULL, EVENTHANDLER_PRI_ANY);
+		} else {
+			random_initialize(NULL, random_adaptor);
+		}
 
 		break;
 
 	case MOD_UNLOAD:
-		(*random_systat->deinit)();
-
-		destroy_dev(random_dev);
+		if (random_adaptor != NULL) {
+			(*random_adaptor->deinit)();
+			destroy_dev(random_dev);
+		}
+		/* Unregister the event handler */
+		if (attach_tag != NULL) {
+			EVENTHANDLER_DEREGISTER(random_adaptor_attach,
+			    attach_tag);
+		}
 
 		break;
 
diff --git a/sys/dev/random/randomdev.h b/sys/dev/random/randomdev.h
index deb6831..75b2c19 100644
--- a/sys/dev/random/randomdev.h
+++ b/sys/dev/random/randomdev.h
@@ -38,7 +38,7 @@ typedef void random_write_func_t(void *, int);
 typedef int random_poll_func_t(int, struct thread *);
 typedef void random_reseed_func_t(void);
 
-struct random_systat {
+struct random_adaptor {
 	struct selinfo		rsel;
 	const char		*ident;
 	int			seeded;
@@ -51,7 +51,5 @@ struct random_systat {
 	random_reseed_func_t	*reseed;
 };
 
-extern struct random_systat *random_systat;
-
-extern void random_ident_hardware(struct random_systat **);
+extern void random_ident_hardware(struct random_adaptor **);
 extern void random_null_func(void);
diff --git a/sys/dev/random/randomdev_soft.c b/sys/dev/random/randomdev_soft.c
index ac48214..e2a3925 100644
--- a/sys/dev/random/randomdev_soft.c
+++ b/sys/dev/random/randomdev_soft.c
@@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/kthread.h>
 #include <sys/lock.h>
 #include <sys/malloc.h>
+#include <sys/module.h>
 #include <sys/mutex.h>
 #include <sys/poll.h>
 #include <sys/proc.h>
@@ -50,6 +51,7 @@ __FBSDID("$FreeBSD$");
 #include <machine/bus.h>
 #include <machine/cpu.h>
 
+#include <dev/random/random_adaptors.h>
 #include <dev/random/randomdev.h>
 #include <dev/random/randomdev_soft.h>
 
@@ -63,7 +65,7 @@ static int random_yarrow_poll(int event,struct thread *td);
 static int random_yarrow_block(int flag);
 static void random_yarrow_flush_reseed(void);
 
-struct random_systat random_yarrow = {
+struct random_adaptor random_yarrow = {
 	.ident = "Software, Yarrow",
 	.init = random_yarrow_init,
 	.deinit = random_yarrow_deinit,
@@ -103,7 +105,7 @@ static int random_kthread_control = 0;
 static struct proc *random_kthread_proc;
 
 /* List for the dynamic sysctls */
-struct sysctl_ctx_list random_clist;
+static struct sysctl_ctx_list random_clist;
 
 /* ARGSUSED */
 static int
@@ -120,25 +122,20 @@ random_yarrow_init(void)
 {
 	int error, i;
 	struct harvest *np;
-	struct sysctl_oid *random_o, *random_sys_o, *random_sys_harvest_o;
+	struct sysctl_oid *random_sys_o, *random_sys_harvest_o;
 	enum esource e;
 
-	random_o = SYSCTL_ADD_NODE(&random_clist,
-	    SYSCTL_STATIC_CHILDREN(_kern),
-	    OID_AUTO, "random", CTLFLAG_RW, 0,
-	    "Software Random Number Generator");
-
-	random_yarrow_init_alg(&random_clist, random_o);
+	random_yarrow_init_alg(&random_clist);
 
 	random_sys_o = SYSCTL_ADD_NODE(&random_clist,
-	    SYSCTL_CHILDREN(random_o),
+	    SYSCTL_STATIC_CHILDREN(_kern_random),
 	    OID_AUTO, "sys", CTLFLAG_RW, 0,
 	    "Entropy Device Parameters");
 
 	SYSCTL_ADD_PROC(&random_clist,
 	    SYSCTL_CHILDREN(random_sys_o),
 	    OID_AUTO, "seeded", CTLTYPE_INT | CTLFLAG_RW,
-	    &random_systat->seeded, 1, random_check_boolean, "I",
+	    &random_yarrow.seeded, 1, random_check_boolean, "I",
 	    "Seeded State");
 
 	random_sys_harvest_o = SYSCTL_ADD_NODE(&random_clist,
@@ -362,10 +359,10 @@ random_yarrow_write(void *buf, int count)
 void
 random_yarrow_unblock(void)
 {
-	if (!random_systat->seeded) {
-		random_systat->seeded = 1;
-		selwakeuppri(&random_systat->rsel, PUSER);
-		wakeup(random_systat);
+	if (!random_yarrow.seeded) {
+		random_yarrow.seeded = 1;
+		selwakeuppri(&random_yarrow.rsel, PUSER);
+		wakeup(&random_yarrow);
 	}
 	(void)atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_NONE,
 	    ARC4_ENTR_HAVE);
@@ -377,10 +374,10 @@ random_yarrow_poll(int events, struct thread *td)
 	int revents = 0;
 	mtx_lock(&random_reseed_mtx);
 
-	if (random_systat->seeded)
+	if (random_yarrow.seeded)
 		revents = events & (POLLIN | POLLRDNORM);
 	else
-		selrecord(td, &random_systat->rsel);
+		selrecord(td, &random_yarrow.rsel);
 
 	mtx_unlock(&random_reseed_mtx);
 	return revents;
@@ -394,12 +391,12 @@ random_yarrow_block(int flag)
 	mtx_lock(&random_reseed_mtx);
 
 	/* Blocking logic */
-	while (!random_systat->seeded && !error) {
+	while (!random_yarrow.seeded && !error) {
 		if (flag & O_NONBLOCK)
 			error = EWOULDBLOCK;
 		else {
 			printf("Entropy device is blocking.\n");
-			error = msleep(random_systat,
+			error = msleep(&random_yarrow,
 			    &random_reseed_mtx,
 			    PUSER | PCATCH, "block", 0);
 		}
@@ -420,3 +417,30 @@ random_yarrow_flush_reseed(void)
 
 	random_yarrow_reseed();
 }
+
+static int
+yarrow_modevent(module_t mod, int type, void *unused)
+{
+
+	switch (type) {
+	case MOD_LOAD:
+		random_adaptor_register("yarrow", &random_yarrow);
+		/*
+		 * For statically built kernels that contain both random.ko and
+		 * *_rng.ko, this event handler will do nothing, since
+		 * random.ko is loaded after *_rng.ko's, and hence hasn't yet
+		 * registered for this event.
+		 *
+		 * In case where both random.ko and *_rng.ko are built as
+		 * modules, random.ko is loaded prior to *_rng.ko's (by
+		 * dependency). This event handler is there to delay creation
+		 * of /dev/{u,}random and attachment of this *_rng.ko.
+		 */
+		EVENTHANDLER_INVOKE(random_adaptor_attach, &random_yarrow);
+		return (0);
+	}
+
+	return (EINVAL);
+}
+
+RANDOM_ADAPTOR_MODULE(yarrow, yarrow_modevent, 1);
diff --git a/sys/dev/random/randomdev_soft.h b/sys/dev/random/randomdev_soft.h
index 489d45a..2007694 100644
--- a/sys/dev/random/randomdev_soft.h
+++ b/sys/dev/random/randomdev_soft.h
@@ -72,10 +72,10 @@ void random_process_event(struct harvest *event);
 void random_yarrow_reseed(void);
 void random_yarrow_unblock(void);
 
-void random_yarrow_init_alg(struct sysctl_ctx_list *, struct sysctl_oid *);
+void random_yarrow_init_alg(struct sysctl_ctx_list *);
 void random_yarrow_deinit_alg(void);
 
-extern struct random_systat random_yarrow;
+extern struct random_adaptor random_yarrow;
 extern struct mtx random_reseed_mtx;
 
 /* If this was c++, this would be a template */
diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c
index 6f631bb..09f079a 100644
--- a/sys/dev/random/yarrow.c
+++ b/sys/dev/random/yarrow.c
@@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
 #include <crypto/sha2/sha2.h>
 
 #include <dev/random/hash.h>
+#include <dev/random/random_adaptors.h>
 #include <dev/random/randomdev_soft.h>
 #include <dev/random/yarrow.h>
 
@@ -101,7 +102,7 @@ random_process_event(struct harvest *event)
 }
 
 void
-random_yarrow_init_alg(struct sysctl_ctx_list *clist, struct sysctl_oid *in_o)
+random_yarrow_init_alg(struct sysctl_ctx_list *clist)
 {
 	int i;
 	struct sysctl_oid *random_yarrow_o;
@@ -110,7 +111,7 @@ random_yarrow_init_alg(struct sysctl_ctx_list *clist, struct sysctl_oid *in_o)
 	 * have a very good clue about what they do!
 	 */
 	random_yarrow_o = SYSCTL_ADD_NODE(clist,
-		SYSCTL_CHILDREN(in_o),
+		SYSCTL_STATIC_CHILDREN(_kern_random),
 		OID_AUTO, "yarrow", CTLFLAG_RW, 0,
 		"Yarrow Parameters");
 
diff --git a/sys/i386/conf/GENERIC b/sys/i386/conf/GENERIC
index 93f23db..643c085 100644
--- a/sys/i386/conf/GENERIC
+++ b/sys/i386/conf/GENERIC
@@ -309,6 +309,7 @@ device		loop		# Network loopback
 device		random		# Entropy device
 options 	PADLOCK_RNG	# VIA Padlock RNG
 options 	RDRAND_RNG	# Intel Bull Mountain RNG
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/sys/i386/conf/XBOX b/sys/i386/conf/XBOX
index fb6a5c1..d10fcd4 100644
--- a/sys/i386/conf/XBOX
+++ b/sys/i386/conf/XBOX
@@ -62,6 +62,7 @@ device		pass		# Passthrough device (direct ATA/SCSI access)
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 #device		tun		# Packet tunnel.
 #device		md		# Memory "disks"
diff --git a/sys/i386/conf/XEN b/sys/i386/conf/XEN
index bcc9f19..f90dd81 100644
--- a/sys/i386/conf/XEN
+++ b/sys/i386/conf/XEN
@@ -76,6 +76,7 @@ device		pci
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		tun		# Packet tunnel.
 device		md		# Memory "disks"
@@ -90,4 +91,3 @@ options		AH_SUPPORT_AR5416
 # Be aware of the administrative consequences of enabling this!
 # Note that 'bpf' is required for DHCP.
 device		bpf		# Berkeley packet filter
-
diff --git a/sys/ia64/conf/GENERIC b/sys/ia64/conf/GENERIC
index cb51617..ee4b652 100644
--- a/sys/ia64/conf/GENERIC
+++ b/sys/ia64/conf/GENERIC
@@ -198,6 +198,7 @@ device		loop		# Network loopback
 device		md		# Memory "disks"
 device		puc		# Multi I/O cards and multi-channel UARTs
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		tun		# Packet tunnel.
 device		uart		# Serial port (UART)
 device		vlan		# 802.1Q VLAN support
diff --git a/sys/mips/conf/AR71XX_BASE b/sys/mips/conf/AR71XX_BASE
index 69b10a2..a5d4bbf 100644
--- a/sys/mips/conf/AR71XX_BASE
+++ b/sys/mips/conf/AR71XX_BASE
@@ -24,7 +24,7 @@ makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
 
 # Build these as modules so small platform builds will have the
 # modules already built.
-makeoptions	MODULES_OVERRIDE="random gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_pci"
+makeoptions	MODULES_OVERRIDE="random yarrow_rng gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_pci"
 
 options		DDB
 options		KDB
@@ -115,6 +115,7 @@ device		ether
 device		md
 device		bpf
 device		random
+options 	YARROW_RNG	# Yarrow software RNG
 device		if_bridge
 device		gif		# ip[46] in ip[46] tunneling protocol
 device		gre		# generic encapsulation - only for IPv4 in IPv4 though atm
diff --git a/sys/mips/conf/AR724X_BASE b/sys/mips/conf/AR724X_BASE
index 7ffadb1..f74a693 100644
--- a/sys/mips/conf/AR724X_BASE
+++ b/sys/mips/conf/AR724X_BASE
@@ -25,7 +25,7 @@ makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
 
 # Build these as modules so small platform builds will have the
 # modules already built.
-makeoptions	MODULES_OVERRIDE="random gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_pci hwpmc cam"
+makeoptions	MODULES_OVERRIDE="random yarrow_rng gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_pci hwpmc cam"
 
 options		DDB
 options		KDB
diff --git a/sys/mips/conf/AR91XX_BASE b/sys/mips/conf/AR91XX_BASE
index a84474d..ad81bee 100644
--- a/sys/mips/conf/AR91XX_BASE
+++ b/sys/mips/conf/AR91XX_BASE
@@ -20,7 +20,7 @@ files		"../atheros/files.ar71xx"
 hints		"AR91XX_BASE.hints"
 
 makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
-makeoptions	MODULES_OVERRIDE="random gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_ahb hwpmc"
+makeoptions	MODULES_OVERRIDE="random yarrow_rng gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_ahb hwpmc"
 
 options		DDB
 options		KDB
@@ -113,6 +113,7 @@ device		ether
 device		md
 device		bpf
 device		random
+options 	YARROW_RNG	# Yarrow software RNG
 device		if_bridge
 device		gpio
 device		gpioled
diff --git a/sys/mips/conf/AR933X_BASE b/sys/mips/conf/AR933X_BASE
index 282f3b3..8de1a47 100644
--- a/sys/mips/conf/AR933X_BASE
+++ b/sys/mips/conf/AR933X_BASE
@@ -20,7 +20,7 @@ files		"../atheros/files.ar71xx"
 hints		"AR933X_BASE.hints"
 
 makeoptions	DEBUG=-g		#Build kernel with gdb(1) debug symbols
-# makeoptions	MODULES_OVERRIDE="random gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_ahb hwpmc"
+# makeoptions	MODULES_OVERRIDE="random yarrow_rng gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_ahb hwpmc"
 makeoptions	MODULES_OVERRIDE=""
 
 options		DDB
@@ -119,6 +119,7 @@ device		ether
 device		md
 device		bpf
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		if_bridge
 device		gpio
 device		gpioled
diff --git a/sys/mips/conf/BERI_TEMPLATE b/sys/mips/conf/BERI_TEMPLATE
index f4d53ca..46f61f1 100644
--- a/sys/mips/conf/BERI_TEMPLATE
+++ b/sys/mips/conf/BERI_TEMPLATE
@@ -55,4 +55,5 @@ device		md
 device		ether
 device		loop
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		snp
diff --git a/sys/mips/conf/DIR-825 b/sys/mips/conf/DIR-825
index 3609d76..9050c0f 100644
--- a/sys/mips/conf/DIR-825
+++ b/sys/mips/conf/DIR-825
@@ -20,6 +20,7 @@ hints		"DIR-825.hints"
 # Since the kernel image must fit inside 1024KiB, we have to build almost
 # everything as modules.
 nodevice random
+nooptions YARROW_RNG
 nodevice gpio
 nodevice gpioled
 nodevice gif
diff --git a/sys/mips/conf/GXEMUL b/sys/mips/conf/GXEMUL
index ea58622..0d91d3ac 100644
--- a/sys/mips/conf/GXEMUL
+++ b/sys/mips/conf/GXEMUL
@@ -51,6 +51,7 @@ device		gxemul_ether
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		tun		# Packet tunnel.
 device		md		# Memory "disks"
diff --git a/sys/mips/conf/OCTEON1 b/sys/mips/conf/OCTEON1
index dfe5208..6227fa8 100644
--- a/sys/mips/conf/OCTEON1
+++ b/sys/mips/conf/OCTEON1
@@ -256,6 +256,7 @@ device		wi		# WaveLAN/Intersil/Symbol 802.11 wireless NICs.
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/sys/mips/conf/PB92 b/sys/mips/conf/PB92
index 2ca7cfe..f7d5e91 100644
--- a/sys/mips/conf/PB92
+++ b/sys/mips/conf/PB92
@@ -22,7 +22,7 @@ options		AR71XX_ENV_UBOOT
 # who already are using it without modifying the default flash layout)
 # we need to cut down on a lot of things.
 
-makeoptions	MODULES_OVERRIDE="ath ath_pci ath_ahb bridgestp if_bridge if_gif if_gre random wlan wlan_acl wlan_amrr wlan_ccmp wlan_rssadapt wlan_tkip wlan_wep wlan_xauth usb ar71xx"
+makeoptions	MODULES_OVERRIDE="ath ath_pci ath_ahb bridgestp if_bridge if_gif if_gre random yarrow_rng wlan wlan_acl wlan_amrr wlan_ccmp wlan_rssadapt wlan_tkip wlan_wep wlan_xauth usb ar71xx"
 
 hints		"PB92.hints"
 include		"../atheros/std.ar71xx"
diff --git a/sys/mips/conf/RT305X b/sys/mips/conf/RT305X
index 6527782..8471690 100644
--- a/sys/mips/conf/RT305X
+++ b/sys/mips/conf/RT305X
@@ -24,7 +24,7 @@ makeoptions	MIPS_LITTLE_ENDIAN=defined
 makeoptions	KERNLOADADDR=0x80001000
 
 # Don't build any modules yet.
-makeoptions	MODULES_OVERRIDE="wlan_xauth wlan_wep wlan_tkip wlan_acl wlan_amrr wlan_ccmp wlan_rssadapt random if_bridge bridgestp msdosfs md ipfw dummynet libalias geom/geom_label ufs usb/uplcom usb/u3g usb/umodem usb/umass usb/ucom cam zlib"
+makeoptions	MODULES_OVERRIDE="wlan_xauth wlan_wep wlan_tkip wlan_acl wlan_amrr wlan_ccmp wlan_rssadapt random yarrow_rng if_bridge bridgestp msdosfs md ipfw dummynet libalias geom/geom_label ufs usb/uplcom usb/u3g usb/umodem usb/umass usb/ucom cam zlib"
 makeoptions	RT3052F
 
 include		"../rt305x/std.rt305x"
@@ -90,6 +90,7 @@ options         MROUTING                # Multicast routing
 options		IPFIREWALL_DEFAULT_TO_ACCEPT
 
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		loop
 # RT3050F, RT3052F have only pseudo PHYs, so mii not required
 device		rt
diff --git a/sys/mips/conf/XLR64 b/sys/mips/conf/XLR64
index 1db8d85..486ce77 100644
--- a/sys/mips/conf/XLR64
+++ b/sys/mips/conf/XLR64
@@ -84,6 +84,7 @@ device 		uart
 # Pseudo
 device 		loop
 device 		random
+options 	YARROW_RNG	# Yarrow software RNG
 device 		md
 device		bpf
 
diff --git a/sys/mips/conf/XLRN32 b/sys/mips/conf/XLRN32
index d81eaf9..5ad65bd 100644
--- a/sys/mips/conf/XLRN32
+++ b/sys/mips/conf/XLRN32
@@ -85,6 +85,7 @@ device 		uart
 # Pseudo
 device 		loop
 device 		random
+options 	YARROW_RNG	# Yarrow software RNG
 device 		md
 device		bpf
 
diff --git a/sys/mips/conf/std.SWARM b/sys/mips/conf/std.SWARM
index 0405b0a..5edd5a2 100644
--- a/sys/mips/conf/std.SWARM
+++ b/sys/mips/conf/std.SWARM
@@ -42,6 +42,7 @@ device		loop
 device		ether
 device		md
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 
 options		USB_DEBUG
 device usb
diff --git a/sys/mips/conf/std.XLP b/sys/mips/conf/std.XLP
index bf5fbe8..aa1042d 100644
--- a/sys/mips/conf/std.XLP
+++ b/sys/mips/conf/std.XLP
@@ -65,6 +65,7 @@ makeoptions	FDT_DTS_FILE=xlp-basic.dts
 # Pseudo
 device		loop
 device		random
+options 	YARROW_RNG		# Yarrow software RNG
 device		md
 device		bpf
 
diff --git a/sys/modules/Makefile b/sys/modules/Makefile
index d26dacc..063aa04 100644
--- a/sys/modules/Makefile
+++ b/sys/modules/Makefile
@@ -254,6 +254,7 @@ SUBDIR=	\
 	${_opensolaris} \
 	oce \
 	${_padlock} \
+	${_padlock_rng} \
 	patm \
 	${_pccard} \
 	${_pcfclock} \
@@ -280,6 +281,7 @@ SUBDIR=	\
 	${_random} \
 	rc4 \
 	${_rdma} \
+	${_rdrand_rng} \
 	re \
 	reiserfs \
 	rl \
@@ -364,11 +366,14 @@ SUBDIR=	\
 	${_x86bios} \
 	${_xe} \
 	xl \
+	yarrow_rng \
 	${_zfs} \
 	zlib \
 
 .if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64"
 _filemon=	filemon
+_padlock_rng=	padlock_rng
+_rdrand_rng=	rdrand_rng
 .endif
 
 .if ${MACHINE_CPUARCH} != "powerpc" && ${MACHINE_CPUARCH} != "arm" && \
diff --git a/sys/modules/random/Makefile b/sys/modules/random/Makefile
index ad14899..a4882ba 100644
--- a/sys/modules/random/Makefile
+++ b/sys/modules/random/Makefile
@@ -1,19 +1,9 @@
 # $FreeBSD$
 
 .PATH: ${.CURDIR}/../../dev/random
-.PATH: ${.CURDIR}/../../crypto/rijndael
-.PATH: ${.CURDIR}/../../crypto/sha2
 
 KMOD=	random
 SRCS=	randomdev.c probe.c
-.if ${MACHINE} == "amd64" || ${MACHINE} == "i386"
-SRCS+=	nehemiah.c
-SRCS+=	ivy.c
-.endif
-SRCS+=	randomdev_soft.c yarrow.c hash.c
-SRCS+=	rijndael-alg-fst.c rijndael-api-fst.c sha2.c
-SRCS+=	bus_if.h device_if.h vnode_if.h opt_cpu.h
-
-CFLAGS+= -I${.CURDIR}/../..
+SRCS+=	bus_if.h device_if.h opt_cpu.h
 
 .include <bsd.kmod.mk>
diff --git a/sys/pc98/conf/GENERIC b/sys/pc98/conf/GENERIC
index 7386c1f..b291946 100644
--- a/sys/pc98/conf/GENERIC
+++ b/sys/pc98/conf/GENERIC
@@ -217,6 +217,7 @@ options 	AH_SUPPORT_AR5416	# enable AR5416 tx/rx descriptors
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/sys/powerpc/conf/GENERIC b/sys/powerpc/conf/GENERIC
index d91e00d..8049e40 100644
--- a/sys/powerpc/conf/GENERIC
+++ b/sys/powerpc/conf/GENERIC
@@ -144,6 +144,7 @@ device		fxp		# Intel EtherExpress PRO/100B (82557, 82558)
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/sys/powerpc/conf/GENERIC64 b/sys/powerpc/conf/GENERIC64
index 1cdf195..888b3c0 100644
--- a/sys/powerpc/conf/GENERIC64
+++ b/sys/powerpc/conf/GENERIC64
@@ -141,6 +141,7 @@ device		fxp		# Intel EtherExpress PRO/100B (82557, 82558)
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/sys/powerpc/conf/MPC85XX b/sys/powerpc/conf/MPC85XX
index e222ddb..ccf5297 100644
--- a/sys/powerpc/conf/MPC85XX
+++ b/sys/powerpc/conf/MPC85XX
@@ -76,6 +76,7 @@ device		pass
 device		pci
 device		quicc
 device		random
+options 	YARROW_RNG	# Yarrow software RNG
 #device		rl
 device		scbus
 device		scc
diff --git a/sys/powerpc/conf/WII b/sys/powerpc/conf/WII
index e4d61b2..2777cf5 100644
--- a/sys/powerpc/conf/WII
+++ b/sys/powerpc/conf/WII
@@ -72,6 +72,7 @@ makeoptions	SC_DFLT_FONT=cp437
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/sys/sparc64/conf/GENERIC b/sys/sparc64/conf/GENERIC
index ad8f429..5959dbb 100644
--- a/sys/sparc64/conf/GENERIC
+++ b/sys/sparc64/conf/GENERIC
@@ -215,6 +215,7 @@ device		ath_rate_sample	# SampleRate tx rate control for ath
 # Pseudo devices.
 device		loop		# Network loopback
 device		random		# Entropy device
+options 	YARROW_RNG	# Yarrow software RNG
 device		ether		# Ethernet support
 device		vlan		# 802.1Q VLAN support
 device		tun		# Packet tunnel.
diff --git a/tools/tools/sysdoc/sysdoc.sh b/tools/tools/sysdoc/sysdoc.sh
index c428174..b07c53d 100644
--- a/tools/tools/sysdoc/sysdoc.sh
+++ b/tools/tools/sysdoc/sysdoc.sh
@@ -88,7 +88,7 @@ EOF
 # tunables in our tunables.mdoc file and generate
 # the final 'inner circle' of our manual page.
 markup_create() {
-	sort  < _names |		\
+	sort -u  < _names |		\
 	xargs -n 1 /bin/sh ./sysctl.sh  \
 		> markup.file		\
 		2> tunables.TODO
@@ -238,9 +238,13 @@ if [ -z "$LOCATION" ] ;
     && for x in `find $LOCATION -name '*.kld'`  \
 	$LOCATION/kernel;			\
 	do nm $x |				\
-	grep ' sysctl___' | uniq |		\
-	sed 's/sysctl___//g' | sed 's/_/./g' |	\
-	awk {'print $3'} > _names;
+	sed -n '/sysctl___/ {
+		's/[\.a-z_]*sysctl___//g'
+		's/_/./g'
+		p
+	}' |					\
+	awk {'print $3'} |			\
+	sort -u > _names;
 	done;
 	markup_create
 	page_create
diff --git a/tools/tools/sysdoc/tunables.mdoc b/tools/tools/sysdoc/tunables.mdoc
index 8b426e6..4702ea3 100644
--- a/tools/tools/sysdoc/tunables.mdoc
+++ b/tools/tools/sysdoc/tunables.mdoc
@@ -1093,6 +1093,13 @@ line programs.
 kern.quantum
 
 ---
+kern.random.adaptors
+str
+
+Displays registered PRNG adaptors (sources).
+This is a read-only variable.
+
+---
 kern.random.sys.burst
 
 ---
author	obrien <obrien@FreeBSD.org>	2013-07-29 20:26:27 +0000
committer	obrien <obrien@FreeBSD.org>	2013-07-29 20:26:27 +0000
commit	721ce839c7c49ecca90b66a4523be0e6e29c057e (patch)
tree	7321ee5c53e41f64a4e3a37d1e501321672bb5af
parent	f6b004c36a12554e599bc79d3f4efc2047574d1b (diff)
download	FreeBSD-src-721ce839c7c49ecca90b66a4523be0e6e29c057e.zip FreeBSD-src-721ce839c7c49ecca90b66a4523be0e6e29c057e.tar.gz