summaryrefslogtreecommitdiffstats
path: root/sys/modules/random
Commit message (Collapse)AuthorAgeFilesLines
* Include nehemiah.c only on i386, as is done for the non-modulesmarcel2004-04-111-0/+2
| | | | build.
* Reorganise the entropy device so that high-yield entropy sourcesmarkm2004-04-091-1/+3
| | | | | | | can more easily be used INSTEAD OF the hard-working Yarrow. The only hardware source used at this point is the one inside the VIA C3 Nehemiah (Stepping 3 and above) CPU. More sources will be added in due course. Contributions welcome!
* Upgrade the random device to use a "real" hash instead of buildingmarkm2002-07-151-1/+2
| | | | | | | | | | one out of a block cipher. This has 2 advantages: 1) The code is _much_ simpler 2) We aren't committing our security to one algorithm (much as we may think we trust AES). While I'm here, make an explicit reseed do a slow reseed instead of a fast; this is in line with what the original paper suggested.
* Drop <bsd.man.mk> support from <bsd.kmod.mk>.ru2002-01-111-1/+0
| | | | Not objected to by: -current
* The /dev/random driver used Rijndael, not Blowfish, now.markm2001-03-101-2/+2
|
* Clean up Makefile, and remove the last vestiges of NOBLOCKRANDOM.markm2001-01-151-14/+2
|
* Use a consistent style and one much closer to the rest of /usr/srcobrien2001-01-061-8/+10
|
* Default the /dev/random loadable module to blocking-on-bootup,markm2000-12-021-1/+4
| | | | but leave a commented-out macro to change this.
* As the blocking model has seems to be troublesome for many, disablemarkm2000-10-271-1/+10
| | | | | | | it for now with an option. This option is already deprecated, and will be removed when the entropy-harvesting code is fast enough to warrant it.
* After some complaints about the dir names, the random device ismarkm2000-10-141-1/+2
| | | | | | | | | | | | | | | | | | | | now in dirs called sys/*/random/ instead of sys/*/randomdev/*. Introduce blocking, but only at startup; the random device will block until the first reseed happens to prevent clients from using untrustworthy output. Provide a read_random() call for the rest of the kernel so that the entropy device does not need to be present. This means that things like IPX no longer need to have "device random" hardcoded into thir kernel config. The downside is that read_random() will provide very poor output until the entropy device is loaded and reseeded. It is recommended that developers do NOT use the read_random() call; instead, they should use arc4random() which internally uses read_random(). Clean up the mutex and locking code a bit; this makes it possible to unload the module again.
* Large upgrade to the entropy device; mainly inspired by feedbackmarkm2000-09-101-2/+2
| | | | | | | | | | | | | | | | from many folk. o The reseed process is now a kthread. With SMPng, kthreads are pre-emptive, so the annoying jerkiness of the mouse is gone. o The data structures are protected by mutexes now, not splfoo()/splx(). o The cryptographic routines are broken out into their own subroutines. this facilitates review, and possible replacement if that is ever found necessary. Thanks to: kris, green, peter, jasone, grog, jhb Forgotten to thank: You know who you are; no offense intended.
* Add entropy gathering code. This will work whether the module ismarkm2000-07-071-2/+0
| | | | compiled in or loaded.
* Better style(9) for the module build.markm2000-06-261-1/+1
|
* Build the entropy device (/dev/random) as a module. This may notmarkm2000-06-251-0/+13
be a permanent rule, because this device may eventually be deemed "effectively compulsory", and built by default directly into the kernel. For the moment, however, this is useful for debugging and development. Reviewed by: dfr
OpenPOWER on IntegriCloud