Upgrade the random device to use a "real" hash instead of building

one out of a block cipher. This has 2 advantages: 1) The code is _much_ simpler 2) We aren't committing our security to one algorithm (much as we may think we trust AES). While I'm here, make an explicit reseed do a slow reseed instead of a fast; this is in line with what the original paper suggested.
author: markm <markm@FreeBSD.org> 2002-07-15 13:58:35 +0000
committer: markm <markm@FreeBSD.org> 2002-07-15 13:58:35 +0000
commit: 2370535caa1ffd00e4480c7894e5e9381e52520d (patch)
tree: fb7e9c3d811aeb44859d7b6f68ad78e9fda5e601 /sys/dev/random/yarrow.c
parent: a22b6ae7fb60a1cfcb9cbdfc8e6146d714f11589 (diff)
download: FreeBSD-src-2370535caa1ffd00e4480c7894e5e9381e52520d.zip
FreeBSD-src-2370535caa1ffd00e4480c7894e5e9381e52520d.tar.gz
1 files changed, 3 insertions, 4 deletions
diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c
index dd79c34..9407892 100644
--- a/sys/dev/random/yarrow.c
+++ b/sys/dev/random/yarrow.c
@@ -35,6 +35,7 @@
 #include <sys/sysctl.h>
 
 #include <crypto/rijndael/rijndael.h>
+#include <crypto/sha2/sha2.h>
 
 #include <dev/random/hash.h>
 #include <dev/random/randomdev.h>
@@ -249,9 +250,7 @@ reseed(u_int fastslow)
 	random_unblock();
 }
 
-/* Internal function to do return processed entropy from the
- * Yarrow PRNG
- */
+/* Internal function to return processed entropy from the PRNG */
 int
 read_random_real(void *buf, int count)
 {
@@ -343,5 +342,5 @@ generator_gate(void)
 void
 random_reseed(void)
 {
-	reseed(FAST);
+	reseed(SLOW);
 }
author	markm <markm@FreeBSD.org>	2002-07-15 13:58:35 +0000
committer	markm <markm@FreeBSD.org>	2002-07-15 13:58:35 +0000
commit	2370535caa1ffd00e4480c7894e5e9381e52520d (patch)
tree	fb7e9c3d811aeb44859d7b6f68ad78e9fda5e601 /sys/dev/random/yarrow.c
parent	a22b6ae7fb60a1cfcb9cbdfc8e6146d714f11589 (diff)
download	FreeBSD-src-2370535caa1ffd00e4480c7894e5e9381e52520d.zip FreeBSD-src-2370535caa1ffd00e4480c7894e5e9381e52520d.tar.gz