From 721ce839c7c49ecca90b66a4523be0e6e29c057e Mon Sep 17 00:00:00 2001 From: obrien Date: Mon, 29 Jul 2013 20:26:27 +0000 Subject: Decouple yarrow from random(4) device. * Make Yarrow an optional kernel component -- enabled by "YARROW_RNG" option. The files sha2.c, hash.c, randomdev_soft.c and yarrow.c comprise yarrow. * random(4) device doesn't really depend on rijndael-*. Yarrow, however, does. * Add random_adaptors.[ch] which is basically a store of random_adaptor's. random_adaptor is basically an adapter that plugs in to random(4). random_adaptor can only be plugged in to random(4) very early in bootup. Unplugging random_adaptor from random(4) is not supported, and is probably a bad idea anyway, due to potential loss of entropy pools. We currently have 3 random_adaptors: + yarrow + rdrand (ivy.c) + nehemeiah * Remove platform dependent logic from probe.c, and move it into corresponding registration routines of each random_adaptor provider. probe.c doesn't do anything other than picking a specific random_adaptor from a list of registered ones. * If the kernel doesn't have any random_adaptor adapters present then the creation of /dev/random is postponed until next random_adaptor is kldload'ed. * Fix randomdev_soft.c to refer to its own random_adaptor, instead of a system wide one. Submitted by: arthurmesh@gmail.com, obrien Obtained from: Juniper Networks Reviewed by: obrien --- UPDATING | 13 +++++++ share/man/man4/random.4 | 14 ++++++-- sys/amd64/conf/GENERIC | 1 + sys/arm/conf/AC100 | 1 + sys/arm/conf/ARMADAXP | 1 + sys/arm/conf/ARNDALE | 1 + sys/arm/conf/ATMEL | 1 + sys/arm/conf/AVILA | 1 + sys/arm/conf/BEAGLEBONE | 1 + sys/arm/conf/BWCT | 1 + sys/arm/conf/CAMBRIA | 1 + sys/arm/conf/CNS11XXNAS | 1 + sys/arm/conf/CRB | 1 + sys/arm/conf/CUBIEBOARD | 2 +- sys/arm/conf/DB-78XXX | 1 + sys/arm/conf/DB-88F5XXX | 1 + sys/arm/conf/DB-88F6XXX | 1 + sys/arm/conf/DOCKSTAR | 1 + sys/arm/conf/DREAMPLUG-1001 | 1 + sys/arm/conf/EA3250 | 1 + sys/arm/conf/EB9200 | 1 + sys/arm/conf/EFIKA_MX | 1 + sys/arm/conf/EP80219 | 1 + sys/arm/conf/ETHERNUT5 | 1 + sys/arm/conf/GUMSTIX | 1 + sys/arm/conf/HL200 | 1 + sys/arm/conf/HL201 | 2 +- sys/arm/conf/IQ31244 | 1 + sys/arm/conf/KB920X | 1 + sys/arm/conf/LN2410SBC | 2 +- sys/arm/conf/NSLU | 1 + sys/arm/conf/PANDABOARD | 1 + sys/arm/conf/QILA9G20 | 1 + sys/arm/conf/RPI-B | 1 + sys/arm/conf/SAM9260EK | 1 + sys/arm/conf/SAM9G20EK | 1 + sys/arm/conf/SAM9X25EK | 2 +- sys/arm/conf/SHEEVAPLUG | 1 + sys/arm/conf/SN9G45 | 1 + sys/arm/conf/TS7800 | 1 + sys/arm/conf/VERSATILEPB | 1 + sys/arm/conf/ZEDBOARD | 1 + sys/conf/NOTES | 3 ++ sys/conf/files | 11 +++--- sys/conf/options | 3 ++ sys/dev/random/ivy.c | 41 ++++++++++++++++++--- sys/dev/random/nehemiah.c | 40 ++++++++++++++++++--- sys/dev/random/probe.c | 63 +++++++++----------------------- sys/dev/random/randomdev.c | 78 ++++++++++++++++++++++++++++------------ sys/dev/random/randomdev.h | 6 ++-- sys/dev/random/randomdev_soft.c | 62 ++++++++++++++++++++++---------- sys/dev/random/randomdev_soft.h | 4 +-- sys/dev/random/yarrow.c | 5 +-- sys/i386/conf/GENERIC | 1 + sys/i386/conf/XBOX | 1 + sys/i386/conf/XEN | 2 +- sys/ia64/conf/GENERIC | 1 + sys/mips/conf/AR71XX_BASE | 3 +- sys/mips/conf/AR724X_BASE | 2 +- sys/mips/conf/AR91XX_BASE | 3 +- sys/mips/conf/AR933X_BASE | 3 +- sys/mips/conf/BERI_TEMPLATE | 1 + sys/mips/conf/DIR-825 | 1 + sys/mips/conf/GXEMUL | 1 + sys/mips/conf/OCTEON1 | 1 + sys/mips/conf/PB92 | 2 +- sys/mips/conf/RT305X | 3 +- sys/mips/conf/XLR64 | 1 + sys/mips/conf/XLRN32 | 1 + sys/mips/conf/std.SWARM | 1 + sys/mips/conf/std.XLP | 1 + sys/modules/Makefile | 5 +++ sys/modules/random/Makefile | 12 +------ sys/pc98/conf/GENERIC | 1 + sys/powerpc/conf/GENERIC | 1 + sys/powerpc/conf/GENERIC64 | 1 + sys/powerpc/conf/MPC85XX | 1 + sys/powerpc/conf/WII | 1 + sys/sparc64/conf/GENERIC | 1 + tools/tools/sysdoc/sysdoc.sh | 12 ++++--- tools/tools/sysdoc/tunables.mdoc | 7 ++++ 81 files changed, 318 insertions(+), 140 deletions(-) diff --git a/UPDATING b/UPDATING index d3a6d56..3903306 100644 --- a/UPDATING +++ b/UPDATING @@ -31,6 +31,19 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20130729: + random(4) and actual RNG implementations (aka, adaptors) have been + further decoupled. If you are running a custom kernel, you may + need to explicitly enable at least one RNG adaptor in your kernel + config. For example, to use Yarrow, add "options YARROW_RNG" to + your kernel config. For hardware backed RNGs, use either + "RDRAND_RNG" or "PADLOCK_RNG" options. + If you use random.ko via 'random_load="YES"' in /boot/loader.conf + instead of "device random", you will need to change that to + 'yarrow_rng_load="YES"', 'rdrand_rng_load="YES"', or + 'padlock_rng_load="YES"'. random.ko will be loaded automatically + as a dependency module. + 20130726: Behavior of devfs rules path matching has been changed. Pattern is now always matched against fully qualified devfs diff --git a/share/man/man4/random.4 b/share/man/man4/random.4 index e2809f4..095b73f 100644 --- a/share/man/man4/random.4 +++ b/share/man/man4/random.4 @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 7, 2012 +.Dd July 29, 2013 .Dt RANDOM 4 .Os .Sh NAME @@ -43,6 +43,13 @@ The device will probe for certain hardware entropy sources, and use these in preference to the fallback, which is a generator implemented in software. +If the kernel environment MIB's +.Va hw.nehemiah_rng_enable +or +.Va hw.ivy_rng_enable +are set to +.Dq Li 0 , +the associated hardware entropy source will be ignored. .Pp If the device is using the software generator, @@ -74,6 +81,7 @@ device, use the command line: .Pp which results in something like: .Bd -literal -offset indent +kern.random.adaptors: yarrow kern.random.sys.seeded: 1 kern.random.sys.harvest.ethernet: 1 kern.random.sys.harvest.point_to_point: 1 @@ -89,7 +97,9 @@ kern.random.yarrow.slowoverthresh: 2 (These would not be seen if a hardware generator is present.) .Pp -All settings are read/write. +Other than +.Dl kern.random.adaptors +all settings are read/write. .Pp The .Va kern.random.sys.seeded diff --git a/sys/amd64/conf/GENERIC b/sys/amd64/conf/GENERIC index 17990a3..dbd76d6 100644 --- a/sys/amd64/conf/GENERIC +++ b/sys/amd64/conf/GENERIC @@ -295,6 +295,7 @@ device loop # Network loopback device random # Entropy device options PADLOCK_RNG # VIA Padlock RNG options RDRAND_RNG # Intel Bull Mountain RNG +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/sys/arm/conf/AC100 b/sys/arm/conf/AC100 index d368bdf..a3c6826 100644 --- a/sys/arm/conf/AC100 +++ b/sys/arm/conf/AC100 @@ -61,6 +61,7 @@ options MUTEX_DEBUG # Pseudo devices device random +options YARROW_RNG # Yarrow software RNG device pty device loop device md diff --git a/sys/arm/conf/ARMADAXP b/sys/arm/conf/ARMADAXP index 54aa635..f7be570 100644 --- a/sys/arm/conf/ARMADAXP +++ b/sys/arm/conf/ARMADAXP @@ -61,6 +61,7 @@ options KDB_TRACE # Pseudo devices device random +options YARROW_RNG # Yarrow software RNG device pty device loop device md diff --git a/sys/arm/conf/ARNDALE b/sys/arm/conf/ARNDALE index 1864f33..3bd8a2f 100644 --- a/sys/arm/conf/ARNDALE +++ b/sys/arm/conf/ARNDALE @@ -88,6 +88,7 @@ options ROOTDEVNAME=\"ufs:/dev/da0\" device loop device random +options YARROW_RNG # Yarrow software RNG device pty device md device gpio diff --git a/sys/arm/conf/ATMEL b/sys/arm/conf/ATMEL index eb3dd7d..6aa6a3e 100644 --- a/sys/arm/conf/ATMEL +++ b/sys/arm/conf/ATMEL @@ -134,6 +134,7 @@ device geom_map # GEOM partition mapping # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/sys/arm/conf/AVILA b/sys/arm/conf/AVILA index 4246462..9397f39 100644 --- a/sys/arm/conf/AVILA +++ b/sys/arm/conf/AVILA @@ -107,6 +107,7 @@ device if_bridge device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG # Wireless NIC cards device wlan # 802.11 support diff --git a/sys/arm/conf/BEAGLEBONE b/sys/arm/conf/BEAGLEBONE index 997a62f..b8f54c7 100644 --- a/sys/arm/conf/BEAGLEBONE +++ b/sys/arm/conf/BEAGLEBONE @@ -90,6 +90,7 @@ device pty device snp device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG # I2C support device iicbus diff --git a/sys/arm/conf/BWCT b/sys/arm/conf/BWCT index 4c6a1f1..9df78e4 100644 --- a/sys/arm/conf/BWCT +++ b/sys/arm/conf/BWCT @@ -68,6 +68,7 @@ options NO_FFS_SNAPSHOT options NO_SWAPPING device loop device random +options YARROW_RNG # Yarrow software RNG device ether device vlan device uart diff --git a/sys/arm/conf/CAMBRIA b/sys/arm/conf/CAMBRIA index 377f45d..43fde27 100644 --- a/sys/arm/conf/CAMBRIA +++ b/sys/arm/conf/CAMBRIA @@ -110,6 +110,7 @@ device if_bridge device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG # Wireless NIC cards device wlan # 802.11 support diff --git a/sys/arm/conf/CNS11XXNAS b/sys/arm/conf/CNS11XXNAS index e66e2bb..cb4c210 100644 --- a/sys/arm/conf/CNS11XXNAS +++ b/sys/arm/conf/CNS11XXNAS @@ -102,6 +102,7 @@ device loop device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG #options ARM_USE_SMALL_ALLOC diff --git a/sys/arm/conf/CRB b/sys/arm/conf/CRB index d9b0a4e..25ed432 100644 --- a/sys/arm/conf/CRB +++ b/sys/arm/conf/CRB @@ -105,6 +105,7 @@ options DDB #Enable the kernel debugger options XSCALE_CACHE_READ_WRITE_ALLOCATE device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG device iopwdog options ARM_USE_SMALL_ALLOC diff --git a/sys/arm/conf/CUBIEBOARD b/sys/arm/conf/CUBIEBOARD index 179b383..f514244 100644 --- a/sys/arm/conf/CUBIEBOARD +++ b/sys/arm/conf/CUBIEBOARD @@ -92,6 +92,7 @@ device pty device snp device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG # I2C support #device iicbus @@ -130,4 +131,3 @@ device miibus options FDT options FDT_DTB_STATIC makeoptions FDT_DTS_FILE=cubieboard.dts - diff --git a/sys/arm/conf/DB-78XXX b/sys/arm/conf/DB-78XXX index f3e62f5..afe71af 100644 --- a/sys/arm/conf/DB-78XXX +++ b/sys/arm/conf/DB-78XXX @@ -55,6 +55,7 @@ device pci device loop device md device random +options YARROW_RNG # Yarrow software RNG # Serial ports device uart diff --git a/sys/arm/conf/DB-88F5XXX b/sys/arm/conf/DB-88F5XXX index 50ca24e..f113e30 100644 --- a/sys/arm/conf/DB-88F5XXX +++ b/sys/arm/conf/DB-88F5XXX @@ -54,6 +54,7 @@ device pci device md device loop device random +options YARROW_RNG # Yarrow software RNG # Serial ports device uart diff --git a/sys/arm/conf/DB-88F6XXX b/sys/arm/conf/DB-88F6XXX index cf508ad..f32aa59 100644 --- a/sys/arm/conf/DB-88F6XXX +++ b/sys/arm/conf/DB-88F6XXX @@ -55,6 +55,7 @@ device pci device loop device md device random +options YARROW_RNG # Yarrow software RNG # Serial ports device uart diff --git a/sys/arm/conf/DOCKSTAR b/sys/arm/conf/DOCKSTAR index 25c0121..5142b84 100644 --- a/sys/arm/conf/DOCKSTAR +++ b/sys/arm/conf/DOCKSTAR @@ -46,6 +46,7 @@ options KDB # Pseudo devices device md device random +options YARROW_RNG # Yarrow software RNG device loop # Serial ports diff --git a/sys/arm/conf/DREAMPLUG-1001 b/sys/arm/conf/DREAMPLUG-1001 index 442cde0..b39b636 100644 --- a/sys/arm/conf/DREAMPLUG-1001 +++ b/sys/arm/conf/DREAMPLUG-1001 @@ -62,6 +62,7 @@ device loop #Network loopback device md #Memory/malloc disk device pty #BSD-style compatibility pseudo ttys device random #Entropy device +options YARROW_RNG # Yarrow software RNG device tun #Packet tunnel. device ether #Required for all ethernet devices device vlan #802.1Q VLAN support diff --git a/sys/arm/conf/EA3250 b/sys/arm/conf/EA3250 index 89d9fa4..6fb0dfe 100644 --- a/sys/arm/conf/EA3250 +++ b/sys/arm/conf/EA3250 @@ -54,6 +54,7 @@ device loop device md device pty device random +options YARROW_RNG # Yarrow software RNG # Serial ports device uart diff --git a/sys/arm/conf/EB9200 b/sys/arm/conf/EB9200 index 0570699..b3ebc61 100644 --- a/sys/arm/conf/EB9200 +++ b/sys/arm/conf/EB9200 @@ -60,6 +60,7 @@ options SX_NOINLINE options NO_FFS_SNAPSHOT options NO_SWAPPING device random +options YARROW_RNG # Yarrow software RNG device loop device ether device uart diff --git a/sys/arm/conf/EFIKA_MX b/sys/arm/conf/EFIKA_MX index 71edb8c..07c0630 100644 --- a/sys/arm/conf/EFIKA_MX +++ b/sys/arm/conf/EFIKA_MX @@ -96,6 +96,7 @@ device bpf # Berkeley packet filter # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support #device vlan # 802.1Q VLAN support #device tun # Packet tunnel. diff --git a/sys/arm/conf/EP80219 b/sys/arm/conf/EP80219 index a112fe1..1d6b87d 100644 --- a/sys/arm/conf/EP80219 +++ b/sys/arm/conf/EP80219 @@ -101,6 +101,7 @@ options DDB #Enable the kernel debugger options XSCALE_CACHE_READ_WRITE_ALLOCATE device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG options ARM_USE_SMALL_ALLOC # Floppy drives diff --git a/sys/arm/conf/ETHERNUT5 b/sys/arm/conf/ETHERNUT5 index ef52bc6..8a68249 100644 --- a/sys/arm/conf/ETHERNUT5 +++ b/sys/arm/conf/ETHERNUT5 @@ -126,6 +126,7 @@ device geom_map # GEOM partition mapping # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support #device vlan # 802.1Q VLAN support #device tun # Packet tunnel. diff --git a/sys/arm/conf/GUMSTIX b/sys/arm/conf/GUMSTIX index 11fe6a9..b752daa 100644 --- a/sys/arm/conf/GUMSTIX +++ b/sys/arm/conf/GUMSTIX @@ -88,3 +88,4 @@ options DDB #Enable the kernel debugger device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG diff --git a/sys/arm/conf/HL200 b/sys/arm/conf/HL200 index 415cbc9..fb980ef 100644 --- a/sys/arm/conf/HL200 +++ b/sys/arm/conf/HL200 @@ -65,6 +65,7 @@ options RWLOCK_NOINLINE options NO_FFS_SNAPSHOT options NO_SWAPPING device random +options YARROW_RNG # Yarrow software RNG device loop device ether device uart diff --git a/sys/arm/conf/HL201 b/sys/arm/conf/HL201 index 1294f1a..a2eee41 100644 --- a/sys/arm/conf/HL201 +++ b/sys/arm/conf/HL201 @@ -67,6 +67,7 @@ options RWLOCK_NOINLINE options NO_FFS_SNAPSHOT options NO_SWAPPING device random +options YARROW_RNG # Yarrow software RNG device loop device ether device uart @@ -129,4 +130,3 @@ device pass # Passthrough device (direct SCSI access) #device wlan_tkip # 802.11 TKIP support #device wlan_amrr # AMRR transmit rate control algorithm options ROOTDEVNAME=\"ufs:da0s1a\" - diff --git a/sys/arm/conf/IQ31244 b/sys/arm/conf/IQ31244 index 1eb4a20..91fbe22 100644 --- a/sys/arm/conf/IQ31244 +++ b/sys/arm/conf/IQ31244 @@ -106,6 +106,7 @@ options DDB #Enable the kernel debugger options XSCALE_CACHE_READ_WRITE_ALLOCATE device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG options ARM_USE_SMALL_ALLOC # Floppy drives diff --git a/sys/arm/conf/KB920X b/sys/arm/conf/KB920X index 7cf56d8..e8639b4 100644 --- a/sys/arm/conf/KB920X +++ b/sys/arm/conf/KB920X @@ -66,6 +66,7 @@ options SX_NOINLINE options NO_FFS_SNAPSHOT options NO_SWAPPING device random +options YARROW_RNG # Yarrow software RNG device loop device ether device uart diff --git a/sys/arm/conf/LN2410SBC b/sys/arm/conf/LN2410SBC index 8d2a585..e7ccc6e 100644 --- a/sys/arm/conf/LN2410SBC +++ b/sys/arm/conf/LN2410SBC @@ -62,6 +62,7 @@ options SX_NOINLINE options NO_FFS_SNAPSHOT options NO_SWAPPING device random +options YARROW_RNG # Yarrow software RNG device loop device ether @@ -83,4 +84,3 @@ device ohci device umass device scbus # SCSI bus (required for da) device da # Direct Access (disks) - diff --git a/sys/arm/conf/NSLU b/sys/arm/conf/NSLU index 0980e4d..43eee38 100644 --- a/sys/arm/conf/NSLU +++ b/sys/arm/conf/NSLU @@ -105,6 +105,7 @@ device loop device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG #options ARM_USE_SMALL_ALLOC diff --git a/sys/arm/conf/PANDABOARD b/sys/arm/conf/PANDABOARD index 788a0ed..ae3b965 100644 --- a/sys/arm/conf/PANDABOARD +++ b/sys/arm/conf/PANDABOARD @@ -110,6 +110,7 @@ device md #options MD_ROOT_SIZE=7560 device random # Entropy device +options YARROW_RNG # Yarrow software RNG # USB support device usb diff --git a/sys/arm/conf/QILA9G20 b/sys/arm/conf/QILA9G20 index 50d9a37..d0c5793 100644 --- a/sys/arm/conf/QILA9G20 +++ b/sys/arm/conf/QILA9G20 @@ -77,6 +77,7 @@ options NO_SWAPPING #options DIAGNOSTIC device random +options YARROW_RNG # Yarrow software RNG device loop device bpf device ether diff --git a/sys/arm/conf/RPI-B b/sys/arm/conf/RPI-B index 251bf55..f8d53f3 100644 --- a/sys/arm/conf/RPI-B +++ b/sys/arm/conf/RPI-B @@ -86,6 +86,7 @@ options INVARIANT_SUPPORT #Extra sanity checks of internal structures, required device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG # USB support device usb diff --git a/sys/arm/conf/SAM9260EK b/sys/arm/conf/SAM9260EK index 08b308d..d48bb55 100644 --- a/sys/arm/conf/SAM9260EK +++ b/sys/arm/conf/SAM9260EK @@ -134,6 +134,7 @@ device mmcsd # MMC/SD memory card # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support #device vlan # 802.1Q VLAN support #device tun # Packet tunnel. diff --git a/sys/arm/conf/SAM9G20EK b/sys/arm/conf/SAM9G20EK index e173f01..dce47b6 100644 --- a/sys/arm/conf/SAM9G20EK +++ b/sys/arm/conf/SAM9G20EK @@ -76,6 +76,7 @@ options NO_SWAPPING #options DIAGNOSTIC device random +options YARROW_RNG # Yarrow software RNG device loop device bpf device ether diff --git a/sys/arm/conf/SAM9X25EK b/sys/arm/conf/SAM9X25EK index 6cdeac6..80337a8 100644 --- a/sys/arm/conf/SAM9X25EK +++ b/sys/arm/conf/SAM9X25EK @@ -77,6 +77,7 @@ options NO_SWAPPING #options DIAGNOSTIC device random +options YARROW_RNG # Yarrow software RNG device pty device loop device bpf @@ -150,4 +151,3 @@ device miibus #device wlan_ccmp # 802.11 CCMP support #device wlan_tkip # 802.11 TKIP support #device wlan_amrr # AMRR transmit rate control algorithm - diff --git a/sys/arm/conf/SHEEVAPLUG b/sys/arm/conf/SHEEVAPLUG index c6bd901..12634cc 100644 --- a/sys/arm/conf/SHEEVAPLUG +++ b/sys/arm/conf/SHEEVAPLUG @@ -45,6 +45,7 @@ options KDB # Pseudo devices device random +options YARROW_RNG # Yarrow software RNG device loop # Serial ports diff --git a/sys/arm/conf/SN9G45 b/sys/arm/conf/SN9G45 index 123136b..c826723 100644 --- a/sys/arm/conf/SN9G45 +++ b/sys/arm/conf/SN9G45 @@ -76,6 +76,7 @@ options NO_SWAPPING #options DIAGNOSTIC device random +options YARROW_RNG # Yarrow software RNG device loop device bpf device ether diff --git a/sys/arm/conf/TS7800 b/sys/arm/conf/TS7800 index 79e9dba..dd97791 100644 --- a/sys/arm/conf/TS7800 +++ b/sys/arm/conf/TS7800 @@ -48,6 +48,7 @@ device pci device md device loop device random +options YARROW_RNG # Yarrow software RNG # Serial ports device uart diff --git a/sys/arm/conf/VERSATILEPB b/sys/arm/conf/VERSATILEPB index b12009dc0..f81653a 100644 --- a/sys/arm/conf/VERSATILEPB +++ b/sys/arm/conf/VERSATILEPB @@ -94,6 +94,7 @@ options INVARIANT_SUPPORT #Extra sanity checks of internal structures, required device md device random # Entropy device +options YARROW_RNG # Yarrow software RNG # Flattened Device Tree options FDT diff --git a/sys/arm/conf/ZEDBOARD b/sys/arm/conf/ZEDBOARD index 1008125..2944220 100644 --- a/sys/arm/conf/ZEDBOARD +++ b/sys/arm/conf/ZEDBOARD @@ -66,6 +66,7 @@ options KDB device loop device random +options YARROW_RNG # Yarrow software RNG device ether device if_cgem # Zynq-7000 gig ethernet device device mii diff --git a/sys/conf/NOTES b/sys/conf/NOTES index dce2168..dfde8df 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -1132,6 +1132,9 @@ options VFS_AIO # Cryptographically secure random number generator; /dev/random device random +# Yarrow software RNG adapter for random +options YARROW_RNG + # The system memory devices; /dev/mem, /dev/kmem device mem diff --git a/sys/conf/files b/sys/conf/files index 4a1a432..3e23454 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -540,8 +540,8 @@ crypto/des/des_ecb.c optional crypto | ipsec | netsmb crypto/des/des_setkey.c optional crypto | ipsec | netsmb crypto/rc4/rc4.c optional netgraph_mppc_encryption | kgssapi crypto/rijndael/rijndael-alg-fst.c optional crypto | geom_bde | \ - ipsec | random | wlan_ccmp -crypto/rijndael/rijndael-api-fst.c optional geom_bde | random + ipsec | yarrow_rng | wlan_ccmp +crypto/rijndael/rijndael-api-fst.c optional geom_bde | yarrow_rng crypto/rijndael/rijndael-api.c optional crypto | ipsec | wlan_ccmp crypto/sha1.c optional carp | crypto | ipsec | \ netgraph_mppc_encryption | sctp @@ -2030,11 +2030,12 @@ rt2860.fw optional rt2860fw | ralfw \ no-obj no-implicit-rule \ clean "rt2860.fw" dev/random/harvest.c standard -dev/random/hash.c optional random +dev/random/hash.c optional yarrow_rng dev/random/probe.c optional random +dev/random/random_adaptors.c standard dev/random/randomdev.c optional random -dev/random/randomdev_soft.c optional random -dev/random/yarrow.c optional random +dev/random/randomdev_soft.c optional yarrow_rng +dev/random/yarrow.c optional yarrow_rng dev/rc/rc.c optional rc dev/re/if_re.c optional re dev/rndtest/rndtest.c optional rndtest diff --git a/sys/conf/options b/sys/conf/options index d9057cc..de695cb 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -905,3 +905,6 @@ RACCT opt_global.h # Resource Limits RCTL opt_global.h + +# Software random number generators for random(4) +YARROW_RNG opt_dontuse.h diff --git a/sys/dev/random/ivy.c b/sys/dev/random/ivy.c index f81c148..0b8da12 100644 --- a/sys/dev/random/ivy.c +++ b/sys/dev/random/ivy.c @@ -28,16 +28,19 @@ #include __FBSDID("$FreeBSD$"); -#include "opt_cpu.h" - -#ifdef RDRAND_RNG - #include #include +#include #include +#include #include #include #include + +#include +#include + +#include #include #define RETRY_COUNT 10 @@ -46,7 +49,7 @@ static void random_ivy_init(void); static void random_ivy_deinit(void); static int random_ivy_read(void *, int); -struct random_systat random_ivy = { +struct random_adaptor random_ivy = { .ident = "Hardware, Intel IvyBridge+ RNG", .init = random_ivy_init, .deinit = random_ivy_deinit, @@ -114,4 +117,32 @@ random_ivy_read(void *buf, int c) return (c - count); } +static int +rdrand_modevent(module_t mod, int type, void *unused) +{ + + switch (type) { + case MOD_LOAD: + if (cpu_feature2 & CPUID2_RDRAND) { + random_adaptor_register("rdrand", &random_ivy); + EVENTHANDLER_INVOKE(random_adaptor_attach, &random_ivy); + return (0); + } else { +#ifndef KLD_MODULE + if (bootverbose) #endif + printf( + "%s: RDRAND feature is not present on this CPU\n", + random_ivy.ident); +#ifdef KLD_MODULE + return (ENXIO); +#else + return (0); +#endif + } + } + + return (EINVAL); +} + +RANDOM_ADAPTOR_MODULE(random_rdrand, rdrand_modevent, 1); diff --git a/sys/dev/random/nehemiah.c b/sys/dev/random/nehemiah.c index f3afa89..e811115 100644 --- a/sys/dev/random/nehemiah.c +++ b/sys/dev/random/nehemiah.c @@ -28,19 +28,20 @@ #include __FBSDID("$FreeBSD$"); -#include "opt_cpu.h" - -#ifdef PADLOCK_RNG - #include #include #include #include +#include #include #include +#include #include +#include +#include +#include #include #define RANDOM_BLOCK_SIZE 256 @@ -50,7 +51,7 @@ static void random_nehemiah_init(void); static void random_nehemiah_deinit(void); static int random_nehemiah_read(void *, int); -struct random_systat random_nehemiah = { +struct random_adaptor random_nehemiah = { .ident = "Hardware, VIA Nehemiah", .init = random_nehemiah_init, .deinit = random_nehemiah_deinit, @@ -208,4 +209,33 @@ random_nehemiah_read(void *buf, int c) return (c); } +static int +nehemiah_modevent(module_t mod, int type, void *unused) +{ + + switch (type) { + case MOD_LOAD: + if (via_feature_rng & VIA_HAS_RNG) { + random_adaptor_register("nehemiah", &random_nehemiah); + EVENTHANDLER_INVOKE(random_adaptor_attach, + &random_nehemiah); + return (0); + } else { +#ifndef KLD_MODULE + if (bootverbose) #endif + printf( + "%s: VIA RNG feature is not present on this CPU\n", + random_nehemiah.ident); +#ifdef KLD_MODULE + return (ENXIO); +#else + return (0); +#endif + } + } + + return (EINVAL); +} + +RANDOM_ADAPTOR_MODULE(nehemiah, nehemiah_modevent, 1); diff --git a/sys/dev/random/probe.c b/sys/dev/random/probe.c index d9e70de..7039b92 100644 --- a/sys/dev/random/probe.c +++ b/sys/dev/random/probe.c @@ -28,66 +28,35 @@ #include __FBSDID("$FreeBSD$"); -#if defined(__amd64__) || (defined(__i386__) && !defined(PC98)) +#if defined(__amd64__) || defined(__i386__) #include "opt_cpu.h" #endif -#include #include #include #include -#include -#include #include -#include - -#if defined(__amd64__) || (defined(__i386__) && !defined(PC98)) -#include -#include -#include -#include -#endif +#include #include -#include - -#if defined(__amd64__) || (defined(__i386__) && !defined(PC98)) -#ifdef PADLOCK_RNG -extern struct random_systat random_nehemiah; -#endif -#ifdef RDRAND_RNG -extern struct random_systat random_ivy; -#endif -#endif void -random_ident_hardware(struct random_systat **systat) +random_ident_hardware(struct random_adaptor **adaptor) { + struct random_adaptor *tmp; + int enable; - /* Set default to software */ - *systat = &random_yarrow; + /* Set default to software (yarrow) */ + *adaptor = random_adaptor_get("yarrow"); /* Then go looking for hardware */ -#if defined(__amd64__) || (defined(__i386__) && !defined(PC98)) -#ifdef PADLOCK_RNG - if (via_feature_rng & VIA_HAS_RNG) { - int enable; - - enable = 1; - TUNABLE_INT_FETCH("hw.nehemiah_rng_enable", &enable); - if (enable) - *systat = &random_nehemiah; - } -#endif -#ifdef RDRAND_RNG - if (cpu_feature2 & CPUID2_RDRAND) { - int enable; - - enable = 1; - TUNABLE_INT_FETCH("hw.ivy_rng_enable", &enable); - if (enable) - *systat = &random_ivy; - } -#endif -#endif + enable = 1; + TUNABLE_INT_FETCH("hw.nehemiah_rng_enable", &enable); + if (enable && (tmp = random_adaptor_get("nehemiah"))) + *adaptor = tmp; + + enable = 1; + TUNABLE_INT_FETCH("hw.ivy_rng_enable", &enable); + if (enable && (tmp = random_adaptor_get("rdrand"))) + *adaptor = tmp; } diff --git a/sys/dev/random/randomdev.c b/sys/dev/random/randomdev.c index 18b17d8..eeef425 100644 --- a/sys/dev/random/randomdev.c +++ b/sys/dev/random/randomdev.c @@ -70,12 +70,15 @@ static struct cdevsw random_cdevsw = { .d_name = "random", }; -struct random_systat *random_systat; +static struct random_adaptor *random_adaptor; +static eventhandler_tag attach_tag; +static int random_inited; + /* For use with make_dev(9)/destroy_dev(9). */ static struct cdev *random_dev; -/* Used to fake out unused random calls in random_systat */ +/* Used to fake out unused random calls in random_adaptor */ void random_null_func(void) { @@ -88,8 +91,8 @@ random_close(struct cdev *dev __unused, int flags, int fmt __unused, { if ((flags & FWRITE) && (priv_check(td, PRIV_RANDOM_RESEED) == 0) && (securelevel_gt(td->td_ucred, 0) == 0)) { - (*random_systat->reseed)(); - random_systat->seeded = 1; + (*random_adaptor->reseed)(); + random_adaptor->seeded = 1; arc4rand(NULL, 0, 1); /* Reseed arc4random as well. */ } @@ -104,8 +107,8 @@ random_read(struct cdev *dev __unused, struct uio *uio, int flag) void *random_buf; /* Blocking logic */ - if (!random_systat->seeded) - error = (*random_systat->block)(flag); + if (!random_adaptor->seeded) + error = (*random_adaptor->block)(flag); /* The actual read */ if (!error) { @@ -114,7 +117,7 @@ random_read(struct cdev *dev __unused, struct uio *uio, int flag) while (uio->uio_resid > 0 && !error) { c = MIN(uio->uio_resid, PAGE_SIZE); - c = (*random_systat->read)(random_buf, c); + c = (*random_adaptor->read)(random_buf, c); error = uiomove(random_buf, c, uio); } @@ -139,7 +142,7 @@ random_write(struct cdev *dev __unused, struct uio *uio, int flag __unused) error = uiomove(random_buf, c, uio); if (error) break; - (*random_systat->write)(random_buf, c); + (*random_adaptor->write)(random_buf, c); } free(random_buf, M_TEMP); @@ -172,14 +175,37 @@ random_poll(struct cdev *dev __unused, int events, struct thread *td) int revents = 0; if (events & (POLLIN | POLLRDNORM)) { - if (random_systat->seeded) + if (random_adaptor->seeded) revents = events & (POLLIN | POLLRDNORM); else - revents = (*random_systat->poll) (events,td); + revents = (*random_adaptor->poll) (events,td); } return (revents); } +static void +random_initialize(void *p, struct random_adaptor *s) +{ + if (random_inited) { + printf("random: <%s> already initialized\n", + random_adaptor->ident); + return; + } + + random_adaptor = s; + + (s->init)(); + + printf("random: <%s> initialized\n", s->ident); + + random_dev = make_dev_credf(MAKEDEV_ETERNAL_KLD, &random_cdevsw, + RANDOM_MINOR, NULL, UID_ROOT, GID_WHEEL, 0666, "random"); + make_dev_alias(random_dev, "urandom"); /* XXX Deprecated */ + + /* mark random(4) as initialized, to avoid being called again */ + random_inited = 1; +} + /* ARGSUSED */ static int random_modevent(module_t mod __unused, int type, void *data __unused) @@ -188,23 +214,29 @@ random_modevent(module_t mod __unused, int type, void *data __unused) switch (type) { case MOD_LOAD: - random_ident_hardware(&random_systat); - (*random_systat->init)(); - - if (bootverbose) - printf("random: \n", - random_systat->ident); - - random_dev = make_dev_credf(MAKEDEV_ETERNAL_KLD, &random_cdevsw, - RANDOM_MINOR, NULL, UID_ROOT, GID_WHEEL, 0666, "random"); - make_dev_alias(random_dev, "urandom"); /* XXX Deprecated */ + random_ident_hardware(&random_adaptor); + + if (random_adaptor == NULL) { + printf( + "random: No random adaptor attached, postponing initialization\n"); + attach_tag = EVENTHANDLER_REGISTER(random_adaptor_attach, + random_initialize, NULL, EVENTHANDLER_PRI_ANY); + } else { + random_initialize(NULL, random_adaptor); + } break; case MOD_UNLOAD: - (*random_systat->deinit)(); - - destroy_dev(random_dev); + if (random_adaptor != NULL) { + (*random_adaptor->deinit)(); + destroy_dev(random_dev); + } + /* Unregister the event handler */ + if (attach_tag != NULL) { + EVENTHANDLER_DEREGISTER(random_adaptor_attach, + attach_tag); + } break; diff --git a/sys/dev/random/randomdev.h b/sys/dev/random/randomdev.h index deb6831..75b2c19 100644 --- a/sys/dev/random/randomdev.h +++ b/sys/dev/random/randomdev.h @@ -38,7 +38,7 @@ typedef void random_write_func_t(void *, int); typedef int random_poll_func_t(int, struct thread *); typedef void random_reseed_func_t(void); -struct random_systat { +struct random_adaptor { struct selinfo rsel; const char *ident; int seeded; @@ -51,7 +51,5 @@ struct random_systat { random_reseed_func_t *reseed; }; -extern struct random_systat *random_systat; - -extern void random_ident_hardware(struct random_systat **); +extern void random_ident_hardware(struct random_adaptor **); extern void random_null_func(void); diff --git a/sys/dev/random/randomdev_soft.c b/sys/dev/random/randomdev_soft.c index ac48214..e2a3925 100644 --- a/sys/dev/random/randomdev_soft.c +++ b/sys/dev/random/randomdev_soft.c @@ -38,6 +38,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -50,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include @@ -63,7 +65,7 @@ static int random_yarrow_poll(int event,struct thread *td); static int random_yarrow_block(int flag); static void random_yarrow_flush_reseed(void); -struct random_systat random_yarrow = { +struct random_adaptor random_yarrow = { .ident = "Software, Yarrow", .init = random_yarrow_init, .deinit = random_yarrow_deinit, @@ -103,7 +105,7 @@ static int random_kthread_control = 0; static struct proc *random_kthread_proc; /* List for the dynamic sysctls */ -struct sysctl_ctx_list random_clist; +static struct sysctl_ctx_list random_clist; /* ARGSUSED */ static int @@ -120,25 +122,20 @@ random_yarrow_init(void) { int error, i; struct harvest *np; - struct sysctl_oid *random_o, *random_sys_o, *random_sys_harvest_o; + struct sysctl_oid *random_sys_o, *random_sys_harvest_o; enum esource e; - random_o = SYSCTL_ADD_NODE(&random_clist, - SYSCTL_STATIC_CHILDREN(_kern), - OID_AUTO, "random", CTLFLAG_RW, 0, - "Software Random Number Generator"); - - random_yarrow_init_alg(&random_clist, random_o); + random_yarrow_init_alg(&random_clist); random_sys_o = SYSCTL_ADD_NODE(&random_clist, - SYSCTL_CHILDREN(random_o), + SYSCTL_STATIC_CHILDREN(_kern_random), OID_AUTO, "sys", CTLFLAG_RW, 0, "Entropy Device Parameters"); SYSCTL_ADD_PROC(&random_clist, SYSCTL_CHILDREN(random_sys_o), OID_AUTO, "seeded", CTLTYPE_INT | CTLFLAG_RW, - &random_systat->seeded, 1, random_check_boolean, "I", + &random_yarrow.seeded, 1, random_check_boolean, "I", "Seeded State"); random_sys_harvest_o = SYSCTL_ADD_NODE(&random_clist, @@ -362,10 +359,10 @@ random_yarrow_write(void *buf, int count) void random_yarrow_unblock(void) { - if (!random_systat->seeded) { - random_systat->seeded = 1; - selwakeuppri(&random_systat->rsel, PUSER); - wakeup(random_systat); + if (!random_yarrow.seeded) { + random_yarrow.seeded = 1; + selwakeuppri(&random_yarrow.rsel, PUSER); + wakeup(&random_yarrow); } (void)atomic_cmpset_int(&arc4rand_iniseed_state, ARC4_ENTR_NONE, ARC4_ENTR_HAVE); @@ -377,10 +374,10 @@ random_yarrow_poll(int events, struct thread *td) int revents = 0; mtx_lock(&random_reseed_mtx); - if (random_systat->seeded) + if (random_yarrow.seeded) revents = events & (POLLIN | POLLRDNORM); else - selrecord(td, &random_systat->rsel); + selrecord(td, &random_yarrow.rsel); mtx_unlock(&random_reseed_mtx); return revents; @@ -394,12 +391,12 @@ random_yarrow_block(int flag) mtx_lock(&random_reseed_mtx); /* Blocking logic */ - while (!random_systat->seeded && !error) { + while (!random_yarrow.seeded && !error) { if (flag & O_NONBLOCK) error = EWOULDBLOCK; else { printf("Entropy device is blocking.\n"); - error = msleep(random_systat, + error = msleep(&random_yarrow, &random_reseed_mtx, PUSER | PCATCH, "block", 0); } @@ -420,3 +417,30 @@ random_yarrow_flush_reseed(void) random_yarrow_reseed(); } + +static int +yarrow_modevent(module_t mod, int type, void *unused) +{ + + switch (type) { + case MOD_LOAD: + random_adaptor_register("yarrow", &random_yarrow); + /* + * For statically built kernels that contain both random.ko and + * *_rng.ko, this event handler will do nothing, since + * random.ko is loaded after *_rng.ko's, and hence hasn't yet + * registered for this event. + * + * In case where both random.ko and *_rng.ko are built as + * modules, random.ko is loaded prior to *_rng.ko's (by + * dependency). This event handler is there to delay creation + * of /dev/{u,}random and attachment of this *_rng.ko. + */ + EVENTHANDLER_INVOKE(random_adaptor_attach, &random_yarrow); + return (0); + } + + return (EINVAL); +} + +RANDOM_ADAPTOR_MODULE(yarrow, yarrow_modevent, 1); diff --git a/sys/dev/random/randomdev_soft.h b/sys/dev/random/randomdev_soft.h index 489d45a..2007694 100644 --- a/sys/dev/random/randomdev_soft.h +++ b/sys/dev/random/randomdev_soft.h @@ -72,10 +72,10 @@ void random_process_event(struct harvest *event); void random_yarrow_reseed(void); void random_yarrow_unblock(void); -void random_yarrow_init_alg(struct sysctl_ctx_list *, struct sysctl_oid *); +void random_yarrow_init_alg(struct sysctl_ctx_list *); void random_yarrow_deinit_alg(void); -extern struct random_systat random_yarrow; +extern struct random_adaptor random_yarrow; extern struct mtx random_reseed_mtx; /* If this was c++, this would be a template */ diff --git a/sys/dev/random/yarrow.c b/sys/dev/random/yarrow.c index 6f631bb..09f079a 100644 --- a/sys/dev/random/yarrow.c +++ b/sys/dev/random/yarrow.c @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include @@ -101,7 +102,7 @@ random_process_event(struct harvest *event) } void -random_yarrow_init_alg(struct sysctl_ctx_list *clist, struct sysctl_oid *in_o) +random_yarrow_init_alg(struct sysctl_ctx_list *clist) { int i; struct sysctl_oid *random_yarrow_o; @@ -110,7 +111,7 @@ random_yarrow_init_alg(struct sysctl_ctx_list *clist, struct sysctl_oid *in_o) * have a very good clue about what they do! */ random_yarrow_o = SYSCTL_ADD_NODE(clist, - SYSCTL_CHILDREN(in_o), + SYSCTL_STATIC_CHILDREN(_kern_random), OID_AUTO, "yarrow", CTLFLAG_RW, 0, "Yarrow Parameters"); diff --git a/sys/i386/conf/GENERIC b/sys/i386/conf/GENERIC index 93f23db..643c085 100644 --- a/sys/i386/conf/GENERIC +++ b/sys/i386/conf/GENERIC @@ -309,6 +309,7 @@ device loop # Network loopback device random # Entropy device options PADLOCK_RNG # VIA Padlock RNG options RDRAND_RNG # Intel Bull Mountain RNG +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/sys/i386/conf/XBOX b/sys/i386/conf/XBOX index fb6a5c1..d10fcd4 100644 --- a/sys/i386/conf/XBOX +++ b/sys/i386/conf/XBOX @@ -62,6 +62,7 @@ device pass # Passthrough device (direct ATA/SCSI access) # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support #device tun # Packet tunnel. #device md # Memory "disks" diff --git a/sys/i386/conf/XEN b/sys/i386/conf/XEN index bcc9f19..f90dd81 100644 --- a/sys/i386/conf/XEN +++ b/sys/i386/conf/XEN @@ -76,6 +76,7 @@ device pci # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device tun # Packet tunnel. device md # Memory "disks" @@ -90,4 +91,3 @@ options AH_SUPPORT_AR5416 # Be aware of the administrative consequences of enabling this! # Note that 'bpf' is required for DHCP. device bpf # Berkeley packet filter - diff --git a/sys/ia64/conf/GENERIC b/sys/ia64/conf/GENERIC index cb51617..ee4b652 100644 --- a/sys/ia64/conf/GENERIC +++ b/sys/ia64/conf/GENERIC @@ -198,6 +198,7 @@ device loop # Network loopback device md # Memory "disks" device puc # Multi I/O cards and multi-channel UARTs device random # Entropy device +options YARROW_RNG # Yarrow software RNG device tun # Packet tunnel. device uart # Serial port (UART) device vlan # 802.1Q VLAN support diff --git a/sys/mips/conf/AR71XX_BASE b/sys/mips/conf/AR71XX_BASE index 69b10a2..a5d4bbf 100644 --- a/sys/mips/conf/AR71XX_BASE +++ b/sys/mips/conf/AR71XX_BASE @@ -24,7 +24,7 @@ makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols # Build these as modules so small platform builds will have the # modules already built. -makeoptions MODULES_OVERRIDE="random gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_pci" +makeoptions MODULES_OVERRIDE="random yarrow_rng gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_pci" options DDB options KDB @@ -115,6 +115,7 @@ device ether device md device bpf device random +options YARROW_RNG # Yarrow software RNG device if_bridge device gif # ip[46] in ip[46] tunneling protocol device gre # generic encapsulation - only for IPv4 in IPv4 though atm diff --git a/sys/mips/conf/AR724X_BASE b/sys/mips/conf/AR724X_BASE index 7ffadb1..f74a693 100644 --- a/sys/mips/conf/AR724X_BASE +++ b/sys/mips/conf/AR724X_BASE @@ -25,7 +25,7 @@ makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols # Build these as modules so small platform builds will have the # modules already built. -makeoptions MODULES_OVERRIDE="random gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_pci hwpmc cam" +makeoptions MODULES_OVERRIDE="random yarrow_rng gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_pci hwpmc cam" options DDB options KDB diff --git a/sys/mips/conf/AR91XX_BASE b/sys/mips/conf/AR91XX_BASE index a84474d..ad81bee 100644 --- a/sys/mips/conf/AR91XX_BASE +++ b/sys/mips/conf/AR91XX_BASE @@ -20,7 +20,7 @@ files "../atheros/files.ar71xx" hints "AR91XX_BASE.hints" makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols -makeoptions MODULES_OVERRIDE="random gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_ahb hwpmc" +makeoptions MODULES_OVERRIDE="random yarrow_rng gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_ahb hwpmc" options DDB options KDB @@ -113,6 +113,7 @@ device ether device md device bpf device random +options YARROW_RNG # Yarrow software RNG device if_bridge device gpio device gpioled diff --git a/sys/mips/conf/AR933X_BASE b/sys/mips/conf/AR933X_BASE index 282f3b3..8de1a47 100644 --- a/sys/mips/conf/AR933X_BASE +++ b/sys/mips/conf/AR933X_BASE @@ -20,7 +20,7 @@ files "../atheros/files.ar71xx" hints "AR933X_BASE.hints" makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols -# makeoptions MODULES_OVERRIDE="random gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_ahb hwpmc" +# makeoptions MODULES_OVERRIDE="random yarrow_rng gpio ar71xx if_gif if_gre if_bridge bridgestp usb wlan wlan_xauth wlan_acl wlan_wep wlan_tkip wlan_ccmp wlan_rssadapt wlan_amrr ath ath_ahb hwpmc" makeoptions MODULES_OVERRIDE="" options DDB @@ -119,6 +119,7 @@ device ether device md device bpf device random +options YARROW_RNG # Yarrow software RNG device if_bridge device gpio device gpioled diff --git a/sys/mips/conf/BERI_TEMPLATE b/sys/mips/conf/BERI_TEMPLATE index f4d53ca..46f61f1 100644 --- a/sys/mips/conf/BERI_TEMPLATE +++ b/sys/mips/conf/BERI_TEMPLATE @@ -55,4 +55,5 @@ device md device ether device loop device random +options YARROW_RNG # Yarrow software RNG device snp diff --git a/sys/mips/conf/DIR-825 b/sys/mips/conf/DIR-825 index 3609d76..9050c0f 100644 --- a/sys/mips/conf/DIR-825 +++ b/sys/mips/conf/DIR-825 @@ -20,6 +20,7 @@ hints "DIR-825.hints" # Since the kernel image must fit inside 1024KiB, we have to build almost # everything as modules. nodevice random +nooptions YARROW_RNG nodevice gpio nodevice gpioled nodevice gif diff --git a/sys/mips/conf/GXEMUL b/sys/mips/conf/GXEMUL index ea58622..0d91d3ac 100644 --- a/sys/mips/conf/GXEMUL +++ b/sys/mips/conf/GXEMUL @@ -51,6 +51,7 @@ device gxemul_ether # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device tun # Packet tunnel. device md # Memory "disks" diff --git a/sys/mips/conf/OCTEON1 b/sys/mips/conf/OCTEON1 index dfe5208..6227fa8 100644 --- a/sys/mips/conf/OCTEON1 +++ b/sys/mips/conf/OCTEON1 @@ -256,6 +256,7 @@ device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs. # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/sys/mips/conf/PB92 b/sys/mips/conf/PB92 index 2ca7cfe..f7d5e91 100644 --- a/sys/mips/conf/PB92 +++ b/sys/mips/conf/PB92 @@ -22,7 +22,7 @@ options AR71XX_ENV_UBOOT # who already are using it without modifying the default flash layout) # we need to cut down on a lot of things. -makeoptions MODULES_OVERRIDE="ath ath_pci ath_ahb bridgestp if_bridge if_gif if_gre random wlan wlan_acl wlan_amrr wlan_ccmp wlan_rssadapt wlan_tkip wlan_wep wlan_xauth usb ar71xx" +makeoptions MODULES_OVERRIDE="ath ath_pci ath_ahb bridgestp if_bridge if_gif if_gre random yarrow_rng wlan wlan_acl wlan_amrr wlan_ccmp wlan_rssadapt wlan_tkip wlan_wep wlan_xauth usb ar71xx" hints "PB92.hints" include "../atheros/std.ar71xx" diff --git a/sys/mips/conf/RT305X b/sys/mips/conf/RT305X index 6527782..8471690 100644 --- a/sys/mips/conf/RT305X +++ b/sys/mips/conf/RT305X @@ -24,7 +24,7 @@ makeoptions MIPS_LITTLE_ENDIAN=defined makeoptions KERNLOADADDR=0x80001000 # Don't build any modules yet. -makeoptions MODULES_OVERRIDE="wlan_xauth wlan_wep wlan_tkip wlan_acl wlan_amrr wlan_ccmp wlan_rssadapt random if_bridge bridgestp msdosfs md ipfw dummynet libalias geom/geom_label ufs usb/uplcom usb/u3g usb/umodem usb/umass usb/ucom cam zlib" +makeoptions MODULES_OVERRIDE="wlan_xauth wlan_wep wlan_tkip wlan_acl wlan_amrr wlan_ccmp wlan_rssadapt random yarrow_rng if_bridge bridgestp msdosfs md ipfw dummynet libalias geom/geom_label ufs usb/uplcom usb/u3g usb/umodem usb/umass usb/ucom cam zlib" makeoptions RT3052F include "../rt305x/std.rt305x" @@ -90,6 +90,7 @@ options MROUTING # Multicast routing options IPFIREWALL_DEFAULT_TO_ACCEPT device random +options YARROW_RNG # Yarrow software RNG device loop # RT3050F, RT3052F have only pseudo PHYs, so mii not required device rt diff --git a/sys/mips/conf/XLR64 b/sys/mips/conf/XLR64 index 1db8d85..486ce77 100644 --- a/sys/mips/conf/XLR64 +++ b/sys/mips/conf/XLR64 @@ -84,6 +84,7 @@ device uart # Pseudo device loop device random +options YARROW_RNG # Yarrow software RNG device md device bpf diff --git a/sys/mips/conf/XLRN32 b/sys/mips/conf/XLRN32 index d81eaf9..5ad65bd 100644 --- a/sys/mips/conf/XLRN32 +++ b/sys/mips/conf/XLRN32 @@ -85,6 +85,7 @@ device uart # Pseudo device loop device random +options YARROW_RNG # Yarrow software RNG device md device bpf diff --git a/sys/mips/conf/std.SWARM b/sys/mips/conf/std.SWARM index 0405b0a..5edd5a2 100644 --- a/sys/mips/conf/std.SWARM +++ b/sys/mips/conf/std.SWARM @@ -42,6 +42,7 @@ device loop device ether device md device random +options YARROW_RNG # Yarrow software RNG options USB_DEBUG device usb diff --git a/sys/mips/conf/std.XLP b/sys/mips/conf/std.XLP index bf5fbe8..aa1042d 100644 --- a/sys/mips/conf/std.XLP +++ b/sys/mips/conf/std.XLP @@ -65,6 +65,7 @@ makeoptions FDT_DTS_FILE=xlp-basic.dts # Pseudo device loop device random +options YARROW_RNG # Yarrow software RNG device md device bpf diff --git a/sys/modules/Makefile b/sys/modules/Makefile index d26dacc..063aa04 100644 --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -254,6 +254,7 @@ SUBDIR= \ ${_opensolaris} \ oce \ ${_padlock} \ + ${_padlock_rng} \ patm \ ${_pccard} \ ${_pcfclock} \ @@ -280,6 +281,7 @@ SUBDIR= \ ${_random} \ rc4 \ ${_rdma} \ + ${_rdrand_rng} \ re \ reiserfs \ rl \ @@ -364,11 +366,14 @@ SUBDIR= \ ${_x86bios} \ ${_xe} \ xl \ + yarrow_rng \ ${_zfs} \ zlib \ .if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64" _filemon= filemon +_padlock_rng= padlock_rng +_rdrand_rng= rdrand_rng .endif .if ${MACHINE_CPUARCH} != "powerpc" && ${MACHINE_CPUARCH} != "arm" && \ diff --git a/sys/modules/random/Makefile b/sys/modules/random/Makefile index ad14899..a4882ba 100644 --- a/sys/modules/random/Makefile +++ b/sys/modules/random/Makefile @@ -1,19 +1,9 @@ # $FreeBSD$ .PATH: ${.CURDIR}/../../dev/random -.PATH: ${.CURDIR}/../../crypto/rijndael -.PATH: ${.CURDIR}/../../crypto/sha2 KMOD= random SRCS= randomdev.c probe.c -.if ${MACHINE} == "amd64" || ${MACHINE} == "i386" -SRCS+= nehemiah.c -SRCS+= ivy.c -.endif -SRCS+= randomdev_soft.c yarrow.c hash.c -SRCS+= rijndael-alg-fst.c rijndael-api-fst.c sha2.c -SRCS+= bus_if.h device_if.h vnode_if.h opt_cpu.h - -CFLAGS+= -I${.CURDIR}/../.. +SRCS+= bus_if.h device_if.h opt_cpu.h .include diff --git a/sys/pc98/conf/GENERIC b/sys/pc98/conf/GENERIC index 7386c1f..b291946 100644 --- a/sys/pc98/conf/GENERIC +++ b/sys/pc98/conf/GENERIC @@ -217,6 +217,7 @@ options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/sys/powerpc/conf/GENERIC b/sys/powerpc/conf/GENERIC index d91e00d..8049e40 100644 --- a/sys/powerpc/conf/GENERIC +++ b/sys/powerpc/conf/GENERIC @@ -144,6 +144,7 @@ device fxp # Intel EtherExpress PRO/100B (82557, 82558) # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/sys/powerpc/conf/GENERIC64 b/sys/powerpc/conf/GENERIC64 index 1cdf195..888b3c0 100644 --- a/sys/powerpc/conf/GENERIC64 +++ b/sys/powerpc/conf/GENERIC64 @@ -141,6 +141,7 @@ device fxp # Intel EtherExpress PRO/100B (82557, 82558) # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/sys/powerpc/conf/MPC85XX b/sys/powerpc/conf/MPC85XX index e222ddb..ccf5297 100644 --- a/sys/powerpc/conf/MPC85XX +++ b/sys/powerpc/conf/MPC85XX @@ -76,6 +76,7 @@ device pass device pci device quicc device random +options YARROW_RNG # Yarrow software RNG #device rl device scbus device scc diff --git a/sys/powerpc/conf/WII b/sys/powerpc/conf/WII index e4d61b2..2777cf5 100644 --- a/sys/powerpc/conf/WII +++ b/sys/powerpc/conf/WII @@ -72,6 +72,7 @@ makeoptions SC_DFLT_FONT=cp437 # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/sys/sparc64/conf/GENERIC b/sys/sparc64/conf/GENERIC index ad8f429..5959dbb 100644 --- a/sys/sparc64/conf/GENERIC +++ b/sys/sparc64/conf/GENERIC @@ -215,6 +215,7 @@ device ath_rate_sample # SampleRate tx rate control for ath # Pseudo devices. device loop # Network loopback device random # Entropy device +options YARROW_RNG # Yarrow software RNG device ether # Ethernet support device vlan # 802.1Q VLAN support device tun # Packet tunnel. diff --git a/tools/tools/sysdoc/sysdoc.sh b/tools/tools/sysdoc/sysdoc.sh index c428174..b07c53d 100644 --- a/tools/tools/sysdoc/sysdoc.sh +++ b/tools/tools/sysdoc/sysdoc.sh @@ -88,7 +88,7 @@ EOF # tunables in our tunables.mdoc file and generate # the final 'inner circle' of our manual page. markup_create() { - sort < _names | \ + sort -u < _names | \ xargs -n 1 /bin/sh ./sysctl.sh \ > markup.file \ 2> tunables.TODO @@ -238,9 +238,13 @@ if [ -z "$LOCATION" ] ; && for x in `find $LOCATION -name '*.kld'` \ $LOCATION/kernel; \ do nm $x | \ - grep ' sysctl___' | uniq | \ - sed 's/sysctl___//g' | sed 's/_/./g' | \ - awk {'print $3'} > _names; + sed -n '/sysctl___/ { + 's/[\.a-z_]*sysctl___//g' + 's/_/./g' + p + }' | \ + awk {'print $3'} | \ + sort -u > _names; done; markup_create page_create diff --git a/tools/tools/sysdoc/tunables.mdoc b/tools/tools/sysdoc/tunables.mdoc index 8b426e6..4702ea3 100644 --- a/tools/tools/sysdoc/tunables.mdoc +++ b/tools/tools/sysdoc/tunables.mdoc @@ -1093,6 +1093,13 @@ line programs. kern.quantum --- +kern.random.adaptors +str + +Displays registered PRNG adaptors (sources). +This is a read-only variable. + +--- kern.random.sys.burst --- -- cgit v1.1