From owner-svn-src-head@FreeBSD.ORG Fri Oct 31 21:05:00 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 04DE2306; Fri, 31 Oct 2014 21:05:00 +0000 (UTC) Received: from mail-pd0-x22d.google.com (mail-pd0-x22d.google.com [IPv6:2607:f8b0:400e:c02::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B78DF17D; Fri, 31 Oct 2014 21:04:59 +0000 (UTC) Received: by mail-pd0-f173.google.com with SMTP id v10so7946164pde.18 for ; Fri, 31 Oct 2014 14:04:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=syo7zTDGrExCqopBxWbuq9HnJi1zRyVZ5m+uXq0WjM4=; b=uboQ4oe8SG9ZQIA2IZHJ42N2jNrxozx5nW9mTVFA69F1P+JyI1kBEXNbMIH+98wtvx v9wuMj2UBlgpI7bMu5qV70ucMLJgWAURVyuEmH/Nf86RCWSImDOo0TdN7wiitnrSBwqG HKgK+fHm6kXdtTmqfaTbkfk5OdoIpjQ0w9sUd1tJTvtJibnBlrjQYFLzHzekSul1jbUu tTlHA7LkvlYrFZLZtK8gc31bfK8t8BpQciK3+Tec31f6qsr9dq5+aBMl8knLC2oKLNqi jLyrCkiVZgfi3zJFmcGf7IbBQN2rYNNkviV4rjy036ap0+x5DEW5et/oqdTy/HofTCTk r9zg== X-Received: by 10.68.135.33 with SMTP id pp1mr26851133pbb.120.1414789499340; Fri, 31 Oct 2014 14:04:59 -0700 (PDT) Received: from [192.168.20.5] (c-98-247-240-204.hsd1.wa.comcast.net. [98.247.240.204]) by mx.google.com with ESMTPSA id ny9sm10782581pab.25.2014.10.31.14.04.58 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 31 Oct 2014 14:04:58 -0700 (PDT) Content-Type: multipart/signed; boundary="Apple-Mail=_784D8CF4-A843-45CA-8987-B30DD87FD416"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: svn commit: r273872 - in head: etc/defaults etc/rc.d libexec/save-entropy share/examples/kld/random_adaptor sys/conf sys/dev/glxsb sys/dev/random sys/kern sys/modules sys/modules/padlock_rng sys/mo... From: Garrett Cooper In-Reply-To: <201410302121.s9ULLsEw055630@svn.freebsd.org> Date: Fri, 31 Oct 2014 14:04:57 -0700 Message-Id: <9D38CD22-6BFC-4D55-8E8F-622EC2997723@gmail.com> References: <201410302121.s9ULLsEw055630@svn.freebsd.org> To: Mark Murray X-Mailer: Apple Mail (2.1878.6) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Oct 2014 21:05:00 -0000 --Apple-Mail=_784D8CF4-A843-45CA-8987-B30DD87FD416 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Oct 30, 2014, at 14:21, Mark Murray wrote: > Author: markm > Date: Thu Oct 30 21:21:53 2014 > New Revision: 273872 > URL: https://svnweb.freebsd.org/changeset/base/273872 >=20 > Log: > This is the much-discussed major upgrade to the random(4) device, = known to you all as /dev/random. >=20 > This code has had an extensive rewrite and a good series of reviews, = both by the author and other parties. This means a lot of code has been = simplified. Pluggable structures for high-rate entropy generators are = available, and it is most definitely not the case that /dev/random can = be driven by only a hardware souce any more. This has been designed out = of the device. Hardware sources are stirred into the CSPRNG (Yarrow, = Fortuna) like any other entropy source. Pluggable modules may be written = by third parties for additional sources. >=20 > The harvesting structures and consequently the locking have been = simplified. Entropy harvesting is done in a more general way (the = documentation for this will follow). There is some GREAT entropy to be = had in the UMA allocator, but it is disabled for now as messing with = that is likely to annoy many people. >=20 > The venerable (but effective) Yarrow algorithm, which is no longer = supported by its authors now has an alternative, Fortuna. For now, = Yarrow is retained as the default algorithm, but this may be changed = using a kernel option. It is intended to make Fortuna the default = algorithm for 11.0. Interested parties are encouraged to read ISBN = 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and = Kohno for Fortuna's gory details. Heck, read it anyway. >=20 > Many thanks to Arthur Mesh who did early grunt work, and who got = caught in the crossfire rather more than he deserved to. >=20 > My thanks also to folks who helped me thresh this out on whiteboards = and in the odd "Hallway track", or otherwise. >=20 > My Nomex pants are on. Let the feedback commence! >=20 > Reviewed by: trasz,des(partial),imp(partial?),rwatson(partial?) > Approved by: so(des) Hi Mark, Could you please add an UPDATING entry for this? Some users (like me) = who do make installworld from old kernels are experiencing issues (some = dealing with filesystem corruption). Please see this thread on -current@ = for more details: = https://lists.freebsd.org/pipermail/freebsd-current/2014-October/053039.ht= ml This also should have had =93Relnotes: yes=94 in the commit message = because this deserves to be put in the release notes for 11.0 Thanks! --Apple-Mail=_784D8CF4-A843-45CA-8987-B30DD87FD416 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUU/l5AAoJEMZr5QU6S73eUAAH/iIxf9FQWxQJF0aAhyoq62eV kax0hHoHARYNtgGQBfifv6y7sjjHx8p3EgfNoW0W5IIuYftoE33WWzmMnp9HPMQE Owepj7sNxTKLvIJNSxJXzDOLH71fqRSliqEdI9n3SfuQTholg9dsqus9k+28zj2X Y+hNOav9M8xR6YdccGG7K4FyJTnafxadWxqjMifvwCbEjDPQkvcd4xoMRLjiaiD9 R/xbkzyz5iLQXPH4o7+vbOe6fXn55sj1/ApTmwLoVrH2iUZZXQVDV8ybFQkQEzLl uDDG40mmBePQun2+u0rEunNs+KikHaXOysi8zZoy6eZ8KNvtM/ytrGzyFzc8dkU= =eYUg -----END PGP SIGNATURE----- --Apple-Mail=_784D8CF4-A843-45CA-8987-B30DD87FD416--